Privacy Policy for Florist Winchmore Hill Customers

Introduction

This Privacy Policy sets out how Florist Winchmore Hill collects, uses, retains, and protects your personal data in line with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). It applies to all individuals placing flower orders with Florist Winchmore Hill from Winchmore Hill and its surrounding districts. We are committed to ensuring the privacy and security of your information and to upholding your rights as a customer.

What Personal Data We Collect

When you place an order with Florist Winchmore Hill, the following personal data may be collected, depending on your interactions with us:

  • Full name (customer and recipient, if different)
  • Contact details (postal address, delivery address, phone number, if provided)
  • Email address
  • Order details (items purchased, delivery preferences, personalised messages)
  • Payment information (such as card or transaction information, though card details are only processed by approved payment processors and not stored directly by us)
  • Correspondence (any emails, messages, or communications related to your order)
  • Website usage data (such as IP address, browser type, and interaction accessed for analytics and security)

Lawful Basis for Processing Your Data

Under the GDPR, we process your personal data using the following lawful bases:

  • Contractual necessity: We process your data to fulfil your flower order and provide related services, including communication about your order and delivery arrangements.
  • Legitimate interests: We may use your information to improve our services and ensure customer satisfaction, in ways that do not override your fundamental rights and freedoms.
  • Legal obligation: Where required, we process certain data to comply with our legal and regulatory obligations, such as record-keeping and fraud prevention.
  • Consent: For marketing communications, we will only contact you if you have given explicit consent, which you can withdraw at any time.

How We Use Your Personal Data

Florist Winchmore Hill will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible reason. Your data is used primarily to:

  • Process and deliver your flower order, including communicating order updates and fulfilment status
  • Respond to your queries and requests
  • Manage payments and prevent fraudulent transactions
  • Improve our products and services through feedback and analytics
  • Send you marketing communications only with your explicit consent

Retention of Your Personal Data

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period depends on the nature of your interactions and any legal obligations to which we are subject. Generally, customer order data is retained for up to six years for tax and record-keeping purposes, unless a longer retention period is required or permitted by law. After the relevant retention period, your data will be securely deleted or anonymised.

Sharing and Data Processors

Florist Winchmore Hill may share your personal data with trusted third-party service providers (data processors) to ensure the efficient delivery of our services. The types of processors we may use include:

  • Payment processing providers
  • Delivery and courier companies
  • IT and website support services
  • Customer service platforms (for communications and feedback collection)

These third parties are contractually required to process your information only on our instructions and to maintain adequate security of your data. We do not sell, rent, or trade your personal data to third parties for any unrelated purposes.

International Transfers

We primarily process your data within the UK and the European Economic Area (EEA). Where it is necessary to transfer your data outside the EEA (for example, if a third-party processor is based outside the EEA), we will ensure an adequate level of protection and safeguard your rights through approved mechanisms, such as the use of Standard Contractual Clauses.

Your Rights

Under GDPR, you have several important rights regarding your personal data. You can:

  • Access: Request a copy of your personal data held by us.
  • Rectification: Ask for correction of any inaccurate or incomplete data.
  • Erasure: Request deletion of your data in certain circumstances (the "right to be forgotten").
  • Restrict Processing: Ask us to restrict or suppress processing of your data in certain cases.
  • Portability: Receive your data in a structured, commonly used, and machine-readable format, and/or ask us to transfer it to another service provider.
  • Object: Object to processing based on legitimate interests, or for direct marketing purposes.
  • Withdraw Consent: Withdraw your consent to any processing where consent has been provided.

To exercise any of your rights, please contact us using the forms or contact options provided via our website or in writing. We will respond within one month of receiving your request, and may need to verify your identity to protect your privacy.

Data Security

We take reasonable and proportionate security measures to protect your information from unauthorised access, alteration, disclosure, or destruction. These include technical measures (such as encryption and secure servers) and organisational policies (such as staff training and confidentiality agreements). While we make every effort to safeguard your data, please note that transmitting information over the internet is never completely secure.

Children’s Privacy

Our services are not intended for use by children under the age of 16. We do not knowingly collect or process data from individuals under this age. If you are a parent or guardian and believe that we may have collected information about a child, please contact us so that we can take appropriate steps to remove such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically so you remain informed about how we are protecting your information. Your continued use of our services constitutes your acceptance of any revised policy.

Contact and Complaints

If you have any questions, concerns, or complaints about how we use your personal data or wish to exercise your rights, you can reach out to us using the contact options provided on our website. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection authority.