Flowers Thornton Heath GDPR Privacy Notice

Introduction

At Flowers Thornton Heath, respecting your privacy and protecting your personal data is of the utmost importance to us. This Privacy Policy explains how we collect, use, store, and safeguard your information in compliance with the General Data Protection Regulation (GDPR). This policy is relevant to all customers placing orders for Flowers Thornton Heath services within Thornton Heath and surrounding districts.

What Personal Data We Collect

When you place an order or interact with Flowers Thornton Heath, we collect the following categories of personal data:

  • Contact Information: Name, delivery address, billing address, and, if provided, any alternative recipient’s name and address.
  • Order Details: Items purchased, delivery instructions, special requests, and additional notes provided with your order.
  • Payment Information: Payment method details (note: actual payment card details are processed securely by our third-party payment provider and are not retained by us).
  • Communication Data: Records of correspondence, including order confirmations, queries, feedback, and complaints.
  • Technical Information: IP address, browser type, access times, and information about how you interact with our website, collected via cookies and similar technologies.

We do not knowingly collect personal information from children under 16 years of age. If you believe we have collected such data, please contact us so we can delete it.

Lawful Basis for Processing Your Data

Flowers Thornton Heath collects and processes your personal data under the following lawful bases as defined by the GDPR:

  • Contractual Necessity: Most information is gathered to fulfill our contract with you, such as processing and delivering your flower order, and communicating order details.
  • Legitimate Interest: We process certain data to improve our services, maintain security, prevent fraud, and handle customer support. These actions are deemed necessary for our business interests and do not override your rights and freedoms.
  • Legal Obligation: In specific cases, we may process your data to comply with legal requirements such as financial record-keeping and responding to law enforcement requests where required.
  • Consent: With your explicit consent, we may use your contact details to send you marketing communications about occasional promotions, offers, or updates. Consent may be withdrawn at any time.

How We Use Your Data

Your personal data may be used for the following purposes:

  • Processing and fulfilling your flower orders, including contacting you regarding your purchase or delivery instructions;
  • Handling payments and deterring fraud via secure payment processors;
  • Improving our website and customer service through analytics and user feedback;
  • Responding to your inquiries, complaints, or requests efficiently;
  • Complying with legal, accounting, or regulatory requirements;
  • Sending you updates if you have consented to marketing communications (which you can opt out of at any time).

Data Retention Periods

Flowers Thornton Heath will retain your personal data only for as long as necessary to fulfill the purposes described above and in accordance with statutory requirements. The retention timeline is generally as follows:

  • Order and Transaction Data: Retained for up to six years to comply with financial and accounting obligations.
  • Contact and Communication Data: Retained for up to two years after your last interaction with us, unless you request deletion earlier and we have no legal obligations to retain it.
  • Marketing Communication Data: Retained until you withdraw your consent or unsubscribe.
  • Technical Data: Retained for no longer than 12 months from collection.

After these periods, data will be securely deleted or anonymised.

Third-Party Processors

We may share your personal data with trusted third-party processors who perform services on our behalf, strictly for the purposes described above. These include:

  • Payment Processors: To securely process and verify customer payments; we do not retain your card details.
  • Delivery Partners: For delivering your orders to the specified address.
  • IT Service Providers: For hosting, database management, website analytics, and IT support.

All third parties are contractually obligated to safeguard your data, act only on our instructions, and comply with GDPR requirements. We do not sell or rent your personal data to third parties for marketing purposes.

Your Rights Under the GDPR

As a customer, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request corrections to inaccurate or incomplete data.
  • Right to Erasure: You may request your data be deleted when it is no longer needed, provided there are no overriding legal grounds for retention.
  • Right to Restrict Processing: You may ask us to restrict how we use your data in certain circumstances.
  • Right to Data Portability: You can request an electronic copy of your data for your own use.
  • Right to Object: You can object to our processing of your data based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: You have the right to file a complaint with the UK supervisory authority if you believe your rights have been infringed.

To exercise any of these rights, please contact us using the contact details provided on our website. We may require proof of your identity to process your request. We endeavour to respond to all requests within one month.

Security of Your Information

We implement appropriate technical and organisational measures to safeguard your personal data against loss, theft, and unauthorised access. Regular security reviews and staff training ensure your information remains protected at all times.

Policy Updates

We may update this Privacy Policy periodically to reflect changes to our processing practices or for other legal and regulatory reasons. Any significant changes will be communicated through our website. Please review this policy regularly to stay informed of how we protect your confidentiality and rights.

Contact and Further Information

If you have any questions or concerns regarding this Privacy Policy, or require further details on our data handling, please use the contact methods provided on the Flowers Thornton Heath website. We are committed to upholding your privacy rights and ensuring your personal data is managed responsibly.