Privacy Policy: How Flower Delivery Brockley Handles Your Data

Introduction

This Privacy Policy explains how Flower Delivery Brockley ("we", "our", or "us") collects, uses, stores, and safeguards your personal data when you place orders for flower deliveries in Brockley and the surrounding districts. We are committed to protecting your rights and privacy under the UK General Data Protection Regulation (GDPR). Please read this policy carefully to understand how we process your data and your rights related to it.

Who Does This Policy Apply To?

This policy applies to all customers who place flower delivery orders with Flower Delivery Brockley for delivery within Brockley and adjacent areas. By placing an order with us, you acknowledge that you have read and understood this Privacy Policy.

Data We Collect

To provide our flower delivery services, we collect and process the following categories of personal data:

• Contact details: Name, delivery address, contact telephone number, and, if provided, recipient's name and delivery details.
• Order details: Specific order information such as products purchased, messages for card inserts, delivery preferences, and order date/time.
• Payment information: Payment confirmation and necessary transaction details. We do not store or process your full card details ourselves; these are handled by secure third-party payment processors.
• Communication data: Any correspondence between us, such as queries or feedback submitted regarding your order.
• Technical data: IP address, browser type, and device information collected through our website for security and website optimisation. This data is collected via cookies and similar technologies, when necessary and permitted.

Lawful Basis for Processing

We use your personal data in accordance with the UK GDPR, based on these lawful grounds:

• Contractual necessity: Processing your order relies on your provision of necessary contact, recipient, and payment details to fulfil the contract (i.e., the delivery of flowers).
• Legal obligations: We retain some information to comply with tax, accounting, and consumer protection laws.
• Legitimate interests: We may use certain data (such as order details) to improve our services, prevent fraud, and resolve queries or disputes, provided it does not override your rights.
• Consent: Where required (for example, for direct marketing), we seek your explicit consent, which can be withdrawn at any time.

How We Use Your Personal Data

We use your data for the following purposes:

• Processing and delivering your flower order, including confirming your order, communicating updates, and resolving delivery issues.
• Managing payments and refunds through our payment processing partners.
• Providing customer service, which may include responding to queries or feedback.
• Improving our website, offerings, and customer experience, based on de-identified and aggregated information.
• Complying with our legal obligations regarding record-keeping and the prevention of fraud or misuse of our services.
• Sending marketing communications, only where you have given explicit consent to receive such communications from us.

How We Share Your Data

We only share your personal information with trusted third parties necessary to provide and enhance our services:

• Payment processors: We use established, PCI-compliant third party services to securely handle payments and refunds. We do not access or retain your full cardholder information.
• Delivery providers: Your name, address, and order details are shared with our florists and couriers to fulfil your order.
• Service providers: Providers that assist with infrastructure, website hosting, customer relationship management, analytics, and technical support, all bound by confidentiality agreements.
• Legal authorities: If required by law or regulation, we may share data with regulatory bodies, auditors, or law enforcement.

We do not sell or rent your personal information to third parties for their own marketing purposes.

Data Retention

We retain your personal data only for as long as necessary:

• For order fulfilment and customer service: usually for up to 24 months from the date of your purchase.
• For financial and legal compliance: records may be kept for up to six years, as required by tax and accounting laws.
• For marketing communications: until you withdraw your consent or unsubscribe.

After these periods, personal information is securely deleted or anonymised, unless its continued retention is required for legal claims or dispute resolution.

Your Rights Under GDPR

As a data subject, you have several rights under the UK GDPR with respect to your personal data:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct or complete inaccurate or incomplete information.
• Right to erasure: You have the right to request deletion of your data, where legally permitted.
• Right to restriction: You can request limited use of your data in certain circumstances.
• Right to object: You may object to processing based on legitimate interests or direct marketing.
• Right to data portability: Where processing is based on consent or contract and carried out by automated means, you can request to receive your data in a transferable format.
• Right to withdraw consent: Where processing is based on consent, you can withdraw your consent at any time, which will not affect previous processing.

To exercise any of these rights, or if you have questions about your data, please contact us through the methods indicated on our website. We may need to verify your identity before fulfilling your request. You also have the right to lodge a complaint with the UK Information Commissioner's Office if you believe we have not met our data protection obligations.

International Data Transfers

We strive to keep all customer data within the UK or the European Economic Area (EEA). If data needs to be transferred outside the UK/EEA, we ensure that appropriate safeguards are in place in accordance with the UK GDPR, such as using approved contractual clauses with third parties.

How We Protect Your Data

We take the security of your data seriously. Appropriate technical and organisational measures are used to protect your information, including encrypted transmissions, limited staff access, secure storage, and ongoing training for staff handling personal information.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes to our practices or legal requirements. The "last updated" date will be amended accordingly. We advise reviewing this policy regularly to stay informed of any changes that may affect you.

Contact Us

For any questions about this Privacy Policy or your data, please get in touch with us via the contact details provided on our website.