Flowers Romford Privacy Policy

Privacy Policy for Flowers Romford Customers

This Privacy Policy explains how Flowers Romford gathers, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. It applies to all customers placing orders with Flowers Romford from Romford and surrounding districts.

1. Who This Policy Applies To

This policy applies to all customers who order goods or services from Flowers Romford, either directly or through our online platforms, telephone, or in-person, within Romford and its neighbouring areas.

2. What Personal Data We Collect

To fulfil orders and provide our services, we may collect the following types of personal data:

• Contact Information: Name, delivery address, billing address, and telephone number
• Order Details: Purchase history, messages or notes included with orders, and specific product requests
• Payment Information: Transaction data such as payment method and amount (please note we do not store full card details; these are handled by our payment processors)
• Communication Records: Records of communications you have with us via email, telephone, or other platforms
• Marketing Preferences: Your preferences relating to marketing communications, where you have provided this information
• Technical Data: Information from cookies and analytics, such as IP address, browser type, and usage data if you visit our website

3. Lawful Basis for Processing Your Data

We only process your personal data when we have a lawful basis to do so under GDPR. These bases include:

• Contractual Necessity: To process your order, deliver products, and handle payments
• Legal Obligation: To comply with applicable laws, such as maintaining transaction records for tax and accounting
• Legitimate Interests: To improve our services and customer experience, prevent fraud, and ensure network and information security
• Consent: For marketing communications, where you have provided consent (which you may withdraw at any time)

4. How We Use Your Data

The data you provide is used for the following purposes:

• Fulfilling and delivering your flower orders
• Processing payments and refunds
• Responding to your queries and providing customer support
• Sending service-related notifications or updates about your order
• Sending optional marketing information if you have given consent
• Improving our products, services, and customer experience
• Complying with our legal and accounting obligations

5. Data Retention Periods

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying legal, accounting, or reporting requirements. Typically, order and transaction data is held for up to 6 years, in line with UK tax and financial regulation. Data used for marketing is retained until you withdraw your consent or unsubscribe from marketing communications. After these periods, data will be securely deleted or anonymised.

6. Data Processors and Third Parties

We may use selected third-party service providers (data processors) to help us deliver our services, including:

• Payment processors for handling your payment securely
• Delivery partners for delivering orders on our behalf
• IT service providers for website hosting, maintenance, and technical support
• Marketing platforms (where relevant and consented) for sending newsletters or promotional messages

All third-party providers are carefully selected and required to keep your data secure and use it only for the specific purposes for which we engage them. We do not sell your data or transfer it outside the UK or European Economic Area except where adequate protection measures are in place.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
• Right to Erasure: Also known as ‘the right to be forgotten’ – you can request the deletion of your data in certain circumstances.
• Right to Restrict Processing: You can ask us to temporarily stop processing your data if you object to its accuracy or purpose.
• Right to Object: You have the right to object to processing for direct marketing or other legitimate interests.
• Right to Data Portability: You may request a transferable copy of your data for use with another service provider.
• Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing), you have the right to withdraw it at any time.

If you wish to exercise any of these rights, please contact us with your request. Please note that some legal obligations may prevent immediate deletion of certain data.

8. Data Security

We take your privacy and data security seriously. Appropriate technical and organisational security measures are applied to protect your information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. While we do our best to safeguard your data, no system can be 100% secure, so we encourage you to take your own precautions, such as keeping passwords confidential if using our website.

9. Changes to This Privacy Policy

We may update this Privacy Policy occasionally to reflect service changes, legal requirements, or privacy best practices. Any updates will be published on our website with an updated effective date. Please review this policy regularly to stay informed about how we protect your information.

10. Contact and Complaints

If you have questions regarding this Privacy Policy, or if you wish to exercise your rights or lodge a complaint, please contact us through the usual methods displayed on our website or order forms. If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner's Office (ICO).

This Privacy Policy is effective from 01 June 2024.