Florist West Heath Customer Privacy Policy

Introduction

This Privacy Policy outlines how Florist West Heath ('we', 'our', 'us') collects, uses, protects, and manages personal data relating to customers placing orders from West Heath and surrounding districts. We are committed to ensuring that your privacy is safeguarded in accordance with the EU General Data Protection Regulation (GDPR) and applicable UK laws.

Scope of this Policy

This Privacy Policy applies to all customers who place orders with Florist West Heath, whether in-person, via telephone, or digital means, from West Heath and neighboring districts. The policy explains what data we collect, our lawful processing bases, how long we retain your information, who processes it, and your rights as a data subject.

What Data We Collect

We collect and process various personal data to fulfil your orders and improve our services. The types of data we collect may include:

  • Contact Information: Name, delivery address, billing address, and contact numbers.
  • Order Details: Items purchased, delivery preferences, recipient's name and delivery address if different from the customer.
  • Payment Details: We process payment information securely and do not store full card details. Some transaction data and reference identifiers may be retained for record-keeping and refunds.
  • Communication Records: Correspondence history, including order confirmations, queries, delivery instructions, or complaints.
  • Technical Data: For website orders, technical data such as IP address, browser type, and device information may be collected for security and analytics purposes.

Lawful Basis for Data Processing

We process your personal data on several lawful bases as permitted by the GDPR:

  • Contractual Necessity: Most personal data is collected and processed to perform our contract with you, such as accepting orders, processing payments, and delivering products.
  • Legal Obligation: Certain data is processed to comply with accounting, record-keeping, and other legal obligations.
  • Legitimate Interests: We may process some data for our legitimate business interests, such as improving our services or handling customer feedback, provided these interests do not override your rights and freedoms.
  • Consent: In rare cases where none of the above apply, we will request your explicit consent before processing your data, for example in connection with direct marketing communications.

How We Use Your Data

Your personal data is used for the following purposes:

  • Fulfilling and delivering orders as per your instructions.
  • Communicating order status, delays, or issues.
  • Processing payments and refunds securely.
  • Managing customer service enquiries and feedback.
  • Meeting legal and regulatory requirements.
  • Improving our website, services, and customer experience (in aggregated or anonymised form where possible).

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the satisfaction of any legal, accounting, or reporting requirements. Typical retention periods are:

  • Orders and Transactions: Up to 7 years to satisfy legal and tax obligations.
  • General Enquiries: Up to 2 years, unless required longer for legal reasons.
  • Digital Analytics (where collected): Up to 24 months, with data anonymised where possible.

Once data is no longer needed, we securely delete or anonymise it in accordance with our data retention and deletion policies.

Data Processors and Third Parties

We may share your data with trusted third-party service providers (processors) to support the delivery of our services. These may include:

  • Payment processing companies.
  • Delivery partners and courier services.
  • IT and website support providers.
  • Professional advisors (accountants, legal advisors) for compliance purposes.

All third parties are required to respect the security of your data and to process it only in accordance with our instructions and applicable data protection laws. We do not sell or trade customer data.

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal data:

  • Right of Access: You can request access to your personal data and obtain information about how it is processed.
  • Right to Rectification: You can request corrections to any inaccuracies in your personal data.
  • Right to Erasure: In certain circumstances, you can request deletion of your personal data ('the right to be forgotten').
  • Right to Restrict Processing: You can ask us to restrict the processing of your data in some situations.
  • Right to Data Portability: You may request that we transfer your data to another service provider in a structured, commonly used format.
  • Right to Object: You may object to specific types of processing, such as direct marketing, at any time.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw it at any time.

To exercise these rights, you may contact us using the details provided with your order confirmation. We will respond in line with GDPR timelines and requirements.

Data Security

We implement appropriate security measures to prevent your data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. These include physical, electronic, and managerial procedures to safeguard the information we collect. Only authorised staff and service providers have access to your personal data for the fulfilment of their roles.

Transfers Outside the UK/EEA

We primarily process your data within the United Kingdom and European Economic Area (EEA). Should it be necessary to transfer data outside these territories, we will ensure safeguards are in place as required by GDPR to protect your information.

Updates to This Policy

We may update this Privacy Policy from time to time in line with legal requirements or our business processes. If material changes are made, we will take reasonable steps to inform you.

Contact and Complaints

If you have concerns or questions about how we handle your personal data, or wish to exercise your data protection rights, you may contact us via the methods provided on your order documentation. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local data protection authority.