Flowers New Addington Privacy Policy

About This Privacy Policy

This privacy policy explains how Flowers New Addington collects, uses, stores, and protects your personal data. It applies to all customers placing orders for flowers in New Addington and the surrounding districts. We are committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and all relevant UK data protection legislation.

What Personal Data We Collect

To fulfil your orders and provide excellent customer service, we collect the following types of personal data:

  • Contact Information: Name, delivery address, billing address, and contact details such as phone number.
  • Order Details: Purchase history, recipient name and address (if different from yours), delivery instructions.
  • Payment Details: Payment method, amount paid, and associated transaction information. Note that we do not store full payment card details.
  • Communication: Any email correspondence, queries, or feedback you send us, including through our website.
  • Technical Data: IP address, browser type, and browsing patterns on our website (collected via cookies or similar technologies, where applicable).

Lawful Basis for Processing Your Data

We only collect and process your personal data where we have a valid legal basis for doing so. These may include:

  • Contractual Necessity: To process your order, arrange delivery, and provide customer support services.
  • Legal Obligation: To comply with accounting, tax, and other legal requirements.
  • Legitimate Interest: To improve our services, address feedback, and ensure the security of our website and business operations. We always balance our interests against your rights and freedoms.
  • Consent: Where you agree to receive marketing communications or where consent is required for optional functions, we rely on your freely given consent, which you may withdraw at any time.

How We Use Your Personal Data

We use your personal data exclusively for the following purposes:

  • To process and deliver your flower orders efficiently.
  • To communicate with you about your order status, delivery confirmations, and customer service queries.
  • To maintain accurate records for our accounting and legal obligations.
  • To improve our website, services, and customer experience.
  • With your consent, to send occasional updates, promotions, or information about our services.

Personal Data Retention

We store your personal data only for as long as necessary to meet the purposes for which it was collected, including legal, accounting, and reporting requirements. Typically:

  • Order and transaction data are kept securely for up to seven years for tax and accounting compliance.
  • Customer communications are kept for up to two years from the date of last contact.
  • Data used for marketing purposes are kept until you opt out or withdraw consent.

Once the retention period expires and your data is no longer needed, we securely delete or anonymise it.

Processors and Sharing of Data

Your personal data may be processed by trusted third-party service providers ("processors") that help us run our business, such as:

  • Payment service providers handling secure financial transactions.
  • Delivery partners arranging for timely delivery of your flowers.
  • IT and website support companies ensuring our operations run smoothly.

All processors are bound by contracts to process your data securely and only according to our instructions, in full compliance with GDPR. We never sell or rent your personal information to any third party. We only disclose information if required by law or for the purposes outlined above.

Your Rights

Under GDPR, you have several important rights regarding your personal data. You can:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data (“right to be forgotten”) in certain circumstances.
  • Restrict processing of your data in specific situations.
  • Object to data processing based on legitimate interest or direct marketing.
  • Port your data to another service provider (“data portability”).
  • Withdraw consent where processing is based on your consent. This does not affect any processing carried out before withdrawal.

If you wish to exercise any of these rights, please contact us using the methods provided on our website. We will respond as promptly as possible and always within one month, unless the request is unusually complex.

Children’s Privacy

Our services are not aimed at children under the age of 16. We do not knowingly collect personal information from anyone under this age. If we become aware that a child has provided us with personal data without parental consent, we will take steps to delete such information promptly.

Security of Your Data

We take data security seriously and use appropriate technical and organisational measures to safeguard your information against loss, theft, or misuse. These include restricted access, up-to-date security software, and regular staff training on privacy and data protection.

International Transfers

Your data is primarily processed within the UK. Where our processors are located outside the UK or European Economic Area, we ensure that adequate safeguards, such as standard contractual clauses, are in place to protect your personal data.

Changes to This Policy

We reserve the right to update or change this privacy policy at our discretion. Any updates will be published on our website and, where appropriate, notified to you directly. We encourage you to review this policy periodically.

Contact and Further Assistance

If you have questions or concerns about this privacy policy, your data, or wish to exercise your rights, please contact us through the methods provided on our website. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO), if you believe your data has been handled unlawfully.