Privacy Policy – Flowers New Cross

Introduction

This Privacy Policy describes how Flowers New Cross collects, uses, and protects the personal data of customers placing orders in New Cross and the surrounding districts. Our commitment is to respect and safeguard your privacy, ensuring we comply fully with the UK General Data Protection Regulation (GDPR).

Scope of This Policy

This policy applies to all individual customers who place orders with Flowers New Cross for delivery in New Cross and the neighbouring districts. By using our services, you consent to the collection and use of your information as described in this policy.

What Data We Collect

We collect and process personal data to fulfill your orders, provide customer support, and enhance our services. The data we collect may include:

  • Identity Data: Your full name.
  • Contact Data: Delivery address, billing address, and, if provided, a contact telephone number.
  • Transaction Data: Details of products ordered, delivery instructions, and transaction history.
  • Payment Data: Payment card details (processed securely by our payment processor; we do not directly store your card details).
  • Communication Data: Any communications you send us, such as feedback or inquiries.

We do not knowingly collect data from children under 16. If you believe we have done so in error, please contact us for immediate rectification.

Lawful Bases for Processing Your Data

We process your personal data on the following legal grounds as set out in the GDPR:

  • Contractual necessity: To fulfill orders and provide you with our services, such as arranging delivery and processing payments.
  • Legal obligation: To comply with applicable laws, tax, and accounting requirements.
  • Legitimate interests: To operate and improve our services (for example, record keeping, or analysing aggregate order history to improve stock selection), provided these interests do not override your rights and interests.
  • Consent: Where required, for example, to send you marketing communications (always with the option to withdraw consent at any time).

How We Use Your Data

Your data is used to:

  • Process and deliver your orders.
  • Communicate with you regarding your orders or customer service queries.
  • Comply with legal obligations.
  • Improve our products and services.
  • Send marketing communications, only where permission has been given.

Data Retention

We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Typically, customer data related to orders is retained for a maximum of seven years, consistent with financial and tax record-keeping obligations. After this period, your data will be securely deleted or anonymised. Non-essential information, such as enquiries not leading to an order, may be deleted sooner.

Data Sharing and Processors

We respect the confidentiality of your personal data and only share it when strictly necessary:

  • Payment processors: Secure third-party providers handle customer payments. Flowers New Cross does not retain your payment card details.
  • Delivery partners: Limited information (name, address, contact phone if provided, and delivery instructions) may be shared with our own drivers or reputable courier companies solely for delivery purposes.
  • Service providers: IT or system support providers engaged to maintain our ordering or database systems. They process data only as instructed by us and under strict confidentiality and security provisions.

We do not sell, rent, or exchange your personal data with any other businesses or third parties for their marketing purposes.

International Transfers

Your data is primarily stored and processed within the United Kingdom. Should we use third-party processors outside the UK or European Economic Area, we ensure adequate data protection safeguards are in place, such as standard contractual clauses or equivalent mechanisms.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to access: Request a copy of your personal data held by us.
  • Right to rectification: Request corrections to any incomplete or inaccurate data.
  • Right to erasure: Ask us to delete your personal data under certain circumstances, unless we are required to retain it by law.
  • Right to restrict processing: Request limitation on how we process your data in specific situations.
  • Right to data portability: Receive the data you provided in a structured, commonly used format and transfer it to another controller where technically feasible.
  • Right to object: Object to processing of your data under specific grounds (such as for direct marketing).
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: Complain to the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.

Data Security Measures

We have implemented technical and organisational security measures to prevent your personal data from being accidentally lost, accessed, disclosed, altered, or used in an unauthorised way. Only those staff and processors who require access for business purposes will do so under strict confidentiality.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be notified via our website or during the ordering process, so you remain informed about how your data is managed.

Further Information and Contact

If you have any questions about this policy or how we handle your data, or if you wish to exercise your data rights, please contact us in writing at our physical shop address or in person. We will respond to all requests in accordance with GDPR requirements.