Privacy Policy for Flower Delivery Nothing Hill Customers

Introduction

This Privacy Policy explains how Flower Delivery Nothing Hill (referred to here as "we," "us," or "our") collects, uses, stores, and protects your personal data when you place an order with us. This policy covers customers ordering from Nothing Hill and surrounding districts. We take your privacy seriously and are committed to handling your data in compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

What Data We Collect

When you place an order with Flower Delivery Nothing Hill, we may collect the following categories of personal data:

  • Identity Data: Name and, if applicable, the name of the recipient.
  • Contact Data: Address, delivery address, telephone number, and (if provided) alternate contact details.
  • Order Data: Details of the products and services you order, delivery instructions, and gift card messages.
  • Payment Data: Limited payment information required to process your transaction (such as the last four digits of your card; full payment data is processed via third-party payment processors).
  • Communication Data: Records of your correspondence with us, such as customer service enquiries, feedback, and complaints.
  • Technical Data: IP address, browser type, operating system, and other technical identifiers collected via our website for security and analytics.

Lawful Basis for Processing Your Data

We collect and process your personal data only when we have a valid legal basis to do so. These bases include:

  • Contractual Necessity: Processing your data is necessary to fulfil your order and provide our services, including delivery, customer support, and notifications regarding your purchase.
  • Legal Obligation: We may process your data to comply with legal requirements, such as accounting or tax regulations.
  • Legitimate Interests: We may use some data to improve our services, enhance your experience, and protect against fraudulent transactions, as long as these interests are not overridden by your data protection rights.
  • Consent: When you opt-in to marketing communications or non-essential data processing, we rely on your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data may be used for the following purposes:

  • Processing and delivering your flower order, including managing payment and arranging delivery.
  • Communicating with you regarding your order status, delivery updates, or customer service follow-up.
  • Personalizing your customer experience and improving our website and service offerings.
  • Handling customer support requests, compliments, or complaints.
  • Sending you marketing communications, only if you have chosen to receive them.
  • Complying with legal, regulatory, and tax obligations.

Data Retention

We retain your personal data only as long as is necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typically, customer and transaction data will be retained for up to seven years to comply with accounting and legal obligations. After this period, your personal data will be securely deleted or anonymized so it can no longer be associated with you.

Data Processors and Third Parties

To efficiently provide our services, we may share your personal data with trusted third party service providers ("processors") that operate in compliance with GDPR. These include:

  • Payment Processors: To securely process payments and refunds.
  • Delivery Partners: Couriers and drivers to deliver your order.
  • IT and Data Management Providers: For web hosting, database storage, and customer relationship management.
  • Professional Advisors: Accountants, legal professionals, and other consultants as necessary.

We require all third-party processors to respect the security and confidentiality of your data and only permit them to process your data for specified purposes, in accordance with our instructions. We do not sell or rent your personal data to third parties for marketing purposes.

International Data Transfers

While we primarily store and process your data within the UK and European Economic Area (EEA), if data transfer outside these areas is necessary (for example, for certain IT services), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

User Rights under GDPR

Under the GDPR, you have specific rights in relation to your personal data:

  • Right to Access: You can request a copy of the data we hold about you.
  • Right to Rectification: If your data is incorrect or incomplete, you can ask for it to be corrected.
  • Right to Erasure: In certain circumstances, you can request your personal data be deleted.
  • Right to Restrict Processing: You may ask us to limit the processing of your information.
  • Right to Data Portability: You can request a copy of your data in a usable electronic format.
  • Right to Object: You can object to certain processing activities, such as marketing.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using our contact form or the relevant method indicated on our website. We will respond in accordance with GDPR requirements.

Security of Your Data

We have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the personal data we collect. Access to your information is restricted to employees and processors who need it to perform their job functions, and all are bound by duty of confidentiality.

Children’s Privacy

Our services are not intended for use by children under the age of 16. We do not knowingly collect data from children and, if we discover we have inadvertently collected such data, we will promptly delete it.

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in laws, our business operations, or our data handling practices. Whenever we update this policy, the latest version will be made available on our website and the revision date will be indicated.

Contact and Complaints

If you have questions or concerns about how we process your personal data, or if you wish to make a complaint, please reach out via our website contact methods. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK data protection authority, if you believe your data has not been handled lawfully.