Flowers Leytonstone Privacy Policy

Introduction

This Privacy Policy sets out how Flowers Leytonstone ('we', 'us', 'our') collects, uses, stores, and protects personal data provided by our customers when placing an order for floral products or related services. Flowers Leytonstone is committed to complying with the General Data Protection Regulation (GDPR) and safeguarding the privacy of its customers in Leytonstone and the surrounding districts.

Scope of the Policy

This Privacy Policy applies to all personal data collected from individuals ordering products or services from Flowers Leytonstone, whether via our website, in person, or through other customer service channels. The policy covers customers based in Leytonstone and surrounding locations to ensure all local clients understand how their personal data is handled.

What Data We Collect

When you place an order with Flowers Leytonstone, we may collect the following types of personal data:

  • Identity Data: Includes your first and last name.
  • Contact Data: Such as delivery address, billing address, and telephone number.
  • Email Address: For order confirmation and updates.
  • Order Details: Information about the products you order, delivery details, messages to be included, and other preferences.
  • Payment Information: Transaction and payment details (processed securely by our payment processors; we do not store full card numbers).
  • Communications: Any correspondence, complaint, or feedback you send us regarding your order or our services.
  • Technical Data: Such as browser type, device type, IP address, and data collected via cookies when using our website.

Lawful Basis for Processing

Flowers Leytonstone only processes your data where there is a lawful basis under GDPR, which may include one or more of the following:

  • Contractual Necessity: To fulfil your orders and provide services you request, including managing payments and delivering products.
  • Legal Obligation: To comply with applicable laws, such as financial or tax regulations.
  • Legitimate Interests: To improve our products and customer service, prevent fraud, and ensure website security. We always balance our interests against your rights and interests.
  • Consent: Where required, we seek your explicit consent, for example, for direct marketing. You have the right to withdraw consent at any time.

How We Use Your Data

We use your personal data to:

  • Process and deliver your flower orders and related services.
  • Send you administrative updates such as order confirmations, invoices, or notifications about your order status.
  • Respond to your queries or complaints.
  • Improve our services and website experience.
  • Comply with legal and financial record-keeping obligations.

Retention of Your Data

Your personal data will not be kept longer than necessary for the purposes for which it was collected. Typically, we retain order information for up to 7 years to comply with HMRC accounting requirements and other relevant legislation. Where data is no longer required, it will be securely deleted or anonymised.

If you have opted in to receive marketing communications, your contact details will be retained until you opt out or withdraw your consent.

Data Processors and Third Parties

We may share parts of your personal data with selected third-party processors, solely to help us provide our services:

  • Payment Service Providers: For secure transaction processing. We do not retain your full payment card details.
  • Delivery Partners: To ensure your flowers and gifts are delivered to the correct address.
  • IT and Website Hosting Providers: For hosting, technical support, and maintenance.
  • Accountants and Auditors: For statutory financial processing.

All third-party processors are contractually bound to follow GDPR-compliant data handling and security standards. Your data is not sold or disclosed to advertisers or outside parties for marketing purposes.

Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of any inaccurate or incomplete data.
  • Erasure: Request deletion of your data when legally permissible.
  • Restriction: Ask us to restrict data processing where applicable.
  • Portability: Obtain and reuse your data across different services.
  • Objection: Object to processing where we rely on legitimate interests or direct marketing.
  • Withdraw Consent: Where consent is our lawful basis, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our data protection representative. We may need to verify your identity before responding to your request.

Data Security

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, alteration, disclosure, or destruction. Our partners and processors are required to use similar protections. Nevertheless, no method of transmission over the internet or electronic storage is completely secure; therefore, absolute security cannot be guaranteed.

International Transfers

Your personal data is generally stored and processed within the United Kingdom and the European Economic Area (EEA). If we ever transfer your data outside the EEA, we ensure that equivalent levels of data protection are maintained, in accordance with GDPR requirements.

Changes to This Privacy Policy

We may occasionally update this Privacy Policy to reflect changes in our practices or applicable law. When updates are made, we will provide notice on our website. The version date will be indicated at the end of the policy.

Contact Information

For further information about this Privacy Policy or to exercise your data rights, please contact our customer service team. We are committed to addressing your questions and concerns in a timely manner.

Last updated: June 2024