Florist Abbey Wood GDPR Privacy Policy

Introduction

This Privacy Policy describes how Florist Abbey Wood collects, uses, stores, and protects your personal data. It also outlines your privacy rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Florist Abbey Wood from Abbey Wood and the surrounding districts.

What Personal Data We Collect

In order to provide you with our flower and gift order services, Florist Abbey Wood collects and processes the following categories of personal data:

  • Contact Details: Name, address, and telephone number of the purchaser and recipient.
  • Order Information: Details of floral products and gifts ordered, delivery dates, occasion notes or attached messages.
  • Payment Information: Card or payment transaction details, billing address (collected and processed securely by our payment processor; we do not store your card number).
  • Communication Records: Correspondence or feedback you provide about your order or services.
  • Technical Data: Information such as IP address, browser type, and device identifiers when you use our website (used for security and analytics purposes).

Lawful Basis for Processing Your Data

Florist Abbey Wood processes your personal data based on the following legal grounds under GDPR:

  • Contractual Necessity: To fulfill your order and deliver flowers or gifts as requested.
  • Legal Obligation: To comply with accounting, tax, anti-fraud, and other legal requirements.
  • Legitimate Interests: To improve our services, manage customer relationships, and address customer queries or complaints. Where we rely on legitimate interests, we always consider your rights and interests.
  • Consent: In certain cases, such as if you opt in to marketing communications, we process data based on your explicit consent, which you can withdraw at any time.

How We Use Your Personal Data

Your information is used strictly for purposes necessary to:

  • Process and deliver your order.
  • Contact you about your booking, should there be queries or delivery issues.
  • Provide customer support and handle feedback or complaints.
  • Meet regulatory, tax, and accounting obligations.
  • Improve the quality of our website and services through analysis of technical data.
  • With your explicit consent, send updates about new products, services, or special offers.

Data Processors and Third Parties

We share your data only when necessary, and always in compliance with GDPR. The key third-party data processors involved include:

  • Payment Processors: Securely handle card payments and process transactions; payment data is not stored by us.
  • IT and Website Providers: Maintain secure hosting, perform website analytics, and assist with technical support.
  • Delivery Couriers: Receive recipient details and delivery addresses to complete your order.
  • Professional Advisors: Accountants or legal consultants may access data where required by law.

All third-party processors are selected with care, bound by contractual commitments, and must adhere to strict data protection standards. We do not sell your data to any third party for marketing or other commercial purposes.

Data Storage and Retention

Your personal data is stored securely using appropriate technical and organisational measures. It is retained only as long as necessary to fulfil our contractual and legal obligations. Specifically:

  • Contact and Order Details: Retained for up to 7 years for accounting and tax compliance. Data not required for these purposes is regularly deleted or anonymised.
  • Marketing Data: Retained until you withdraw consent or opt out of communications.
  • Technical Data: Retained for a maximum of 36 months for analysis and website security, after which it is anonymised or erased.

Upon expiration of required retention periods, your information will be securely erased or anonymised so that it can no longer identify you.

International Data Transfers

We store your data within the United Kingdom and European Economic Area (EEA) where possible. If data is transferred outside these regions, we ensure equivalent protections under GDPR through data processing agreements and appropriate safeguards.

Your Rights Under GDPR

As a data subject, you are entitled to exercise the following rights:

  • Access: Request access to your personal data and receive a copy of the information we hold about you.
  • Rectification: Request correction of inaccurate information or completion of missing details.
  • Erasure (“Right to be Forgotten”): Ask us to delete your personal information where there is no legal reason for us to retain it.
  • Restriction: Request limiting the processing of your information in certain circumstances.
  • Data Portability: Receive your personal data in a common, machine-readable format and forward it to another data controller.
  • Objection: Object to the processing of your data in certain circumstances, including direct marketing.
  • Withdrawal of Consent: If processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the methods provided on our website or via your preferred means of written communication. We will respond to requests within one month, in accordance with GDPR guidelines.

Security of Your Data

We take the security of your personal data seriously. Access to personal information is restricted to authorised staff and third-party processors only as necessary to fulfil your order or our obligations. Physical, electronic, and organisational security measures are maintained to prevent loss, misuse, or unauthorised access of your information.

Changes to This Policy

We may update our Privacy Policy as legal, technical, or business needs evolve. The most current version will always be available on our website. Significant changes will be communicated in accordance with legal requirements.

Contact and Complaints

If you have questions about this Privacy Policy or wish to make a complaint regarding your data privacy, we encourage you to first contact us so we can address your concern. You also have the right to lodge a complaint with your local data protection authority.

Last updated: June 2024