Privacy Policy – GDPR Compliance for Flowers Kensal Green

Privacy Policy for Customers of Flowers Kensal Green

This Privacy Policy explains how Flowers Kensal Green processes and protects your personal data when you order from us in Kensal Green and the surrounding districts. We value your privacy and are committed to complying with the General Data Protection Regulation (GDPR) and all applicable laws on personal data protection.

Scope of This Policy

This policy applies to all customers who place orders with Flowers Kensal Green for delivery or collection in Kensal Green and its surrounding districts. By placing an order with us, you agree to the collection, use, and sharing of your information as described in this Privacy Policy.

What Data We Collect

We collect only the personal data relevant for delivering our services and fulfilling your orders. The types of data we collect include:

  • Contact Information: Name, delivery address, telephone number, and other contact details.
  • Order Details: Items ordered, special instructions, delivery requirements, and order history.
  • Payment Information: Payment card details, or confirmation of payment from third-party processors (we do not retain full card information).
  • Communication Data: Correspondence sent to us (such as queries, feedback, or complaints).
  • Technical Data (where applicable): IP address, device type, and usage data when you interact with our website or digital services.

Purposes and Lawful Basis for Processing

Your personal data will be processed only for legitimate purposes. For each purpose, we have identified the appropriate lawful basis under GDPR:

  • Fulfilling Your Order: We process your data to prepare and deliver your flower order. The lawful basis is the performance of a contract.
  • Customer Service: To resolve queries, manage requests, and handle feedback. The lawful basis is legitimate interests and, where required, the performance of a contract.
  • Payment Processing: To process payments securely. The lawful basis is the performance of a contract and, in some cases, compliance with a legal obligation.
  • Legal Compliance: To meet requirements such as accounting or record-keeping required by law. The lawful basis is compliance with legal obligations.
  • Marketing (if applicable): If you give your explicit consent, we may use your data to send you marketing communications. You can withdraw your consent at any time.

Data Retention

We will hold your personal data only as long as necessary for the purposes described above. Retention periods vary according to the type of data and the purpose for which it is processed, but typically:

  • Order information and transaction records are retained for up to seven years for accounting and legal purposes.
  • Contact details for customer service are kept for up to two years after your last communication with us.
  • Marketing preferences are retained until you withdraw consent or opt out.
  • Technical data may be retained for up to one year to monitor and improve website functionality.

After these periods, your data will be securely erased or anonymised unless further retention is required by law.

Data Processors and Sharing

To provide our services, we may share necessary elements of your data with trusted third parties (data processors), which may include:

  • Payment processing providers for handling card payments securely.
  • Delivery partners or couriers to fulfill and deliver your order.
  • IT service providers offering secure data storage and management.

All data processors are contractually bound to protect your information, use it only for the specified purposes, and operate in full compliance with GDPR. We do not sell or rent your personal data to third parties for marketing purposes.

International Transfers

Your data is primarily processed and stored in the UK or European Economic Area (EEA). In rare cases where data may be transferred outside the UK or EEA, we will ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your rights.

Your Data Protection Rights

Under GDPR, you have a number of important rights regarding your personal data:

  • Right of Access: You may request confirmation of whether we process your data and a copy of your data.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: In certain situations, you can request your data is deleted or removed.
  • Right to Restriction: You can ask us to restrict processing of your data in specific circumstances.
  • Right to Data Portability: Where applicable, you may request transfer of your personal data to you or another provider in a commonly used format.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us using the details provided on our website, specifying your request. We will respond within the timelines required by law.

Security and Data Protection

We take appropriate technical and organisational measures to safeguard your data from unauthorised access, disclosure, alteration, or destruction. Measures include secure storage, access controls, and encryption of sensitive data where applicable.

Children’s Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect data relating to children. If we become aware we have collected such data inadvertently, we will take prompt steps to delete it.

Updates to This Policy

This Privacy Policy may be updated occasionally to reflect changes in legal requirements, technologies, or our practices. The current version will always be available on our website, with the effective date displayed at the top of the page. We encourage you to review it periodically.

Questions and Complaints

If you have questions about this Privacy Policy or how we process your personal data, please refer to the contact section on our website. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), or your local supervisory authority if you are based outside the UK.