Privacy Policy for Flower Delivery Shadwell Customers

Introduction

This Privacy Policy outlines how Flower Delivery Shadwell collects, uses, stores, and protects your personal data when you place an order with us. This policy applies to all customers placing orders from Shadwell and the surrounding districts. We are committed to handling your data responsibly and in accordance with the General Data Protection Regulation (GDPR) and applicable local laws.

What Data We Collect

When you interact with Flower Delivery Shadwell and place an order, we may collect the following types of personal data:

  • Contact information: such as your name, delivery address, billing address, and phone number.
  • Order details: including product selections, delivery preferences, special messages, and instructions.
  • Payment information: details required to process your payment, such as partial card data or transaction references (note: we do not store full payment card details).
  • Account information: if you register an account, your username and encrypted password.
  • Communications: any queries, feedback, or correspondence you may send to us.
  • Technical data: including IP addresses, browser type/version, device identifiers, and cookie data collected via our website for system administration and analytics.

Lawful Basis for Processing Your Data

Under the GDPR, we are required to have a lawful basis for processing your personal data. Flower Delivery Shadwell processes your data under one or more of the following bases:

  • Contract performance: Most of the data we collect is necessary to fulfil your order and deliver our service to you.
  • Legal obligations: Certain records must be kept to comply with statutory or regulatory requirements.
  • Legitimate interests: We may use your data to enhance our service, prevent fraud, and improve your user experience, provided such use does not override your fundamental rights.
  • Consent: We may seek your explicit consent for specific uses, such as sending you marketing communications, which you can withdraw at any time.

How We Use Your Data

Your data is processed exclusively for purposes related to the florist services offered, including:

  • Processing and delivering orders, including contacting you or the recipient if necessary.
  • Handling payment transactions and addressing any payment issues.
  • Responding to customer enquiries, complaints, or requests.
  • Enhancing our website and services through usage analytics and system diagnostics.
  • Maintaining security and preventing misuse or fraud.
  • Complying with applicable laws and regulations.

Retention of Your Data

Your personal data is retained only for as long as is necessary for the purposes described in this policy, and to meet legal, accounting, or reporting obligations. Generally:

  • Order and payment data are retained for a minimum of six years to comply with tax and accounting regulations.
  • Basic customer contact details are kept for up to two years for customer support, unless you request deletion earlier (unless retention is legally required).
  • Account information remains active until you request deactivation; upon deactivation, data is deleted within 30 days unless retention is required for legal reasons.
  • Website analytics and technical logs are anonymised and aggregated wherever possible for long-term analysis.

Data Processors

We work with trusted third-party service providers (data processors) who assist in fulfilling your orders and providing our services. These processors may include:

  • Payment processing providers for handling card and bank payments.
  • Delivery and courier services to ensure orders reach the intended recipient.
  • IT and hosting providers who supply secure website and cloud infrastructure.
  • Communication software providers for handling emails, SMS, and other customer communication.
  • Website analytics tools for improving user experience.

All processors are contractually required to handle your data securely, only according to our instructions, and in compliance with GDPR requirements. We do not sell or share your personal data with third-party advertisers.

Your Data Protection Rights

Under the GDPR, you have the following data protection rights:

  • Right to access: You may request a copy of personal data we hold about you at any time.
  • Right to rectification: You can ask us to update or correct any inaccurate or incomplete data.
  • Right to erasure: You may request the deletion of your personal data, subject to any legal obligations we have to retain information.
  • Right to restriction: You may request us to suspend processing of your data in certain circumstances.
  • Right to data portability: You can obtain and reuse your personal data across different services, subject to technical feasibility.
  • Right to object: Where processing is based on legitimate interests or for direct marketing, you may object to such processing.
  • Rights in relation to automated decision-making: We do not make decisions based solely on automated processing that produce legal effects for you.
  • Right to withdraw consent: If processing is based on consent, you have the right to withdraw it at any time.

Data Transfers Outside the UK/EEA

If we need to transfer your data outside the UK or European Economic Area (EEA), we ensure such transfers are subject to appropriate safeguards, such as standard contractual clauses or adequacy decisions, as required by the GDPR.

Security of Your Personal Data

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, misuse, or disclosure. This includes encrypted transactions, secure user authentication, access controls, and regular data protection training for our staff.

Policy Updates

This Privacy Policy may be updated periodically to reflect changes in legislation, our data processing practices, or our services. Any substantial changes will be notified to customers through our website or other appropriate channels. You are encouraged to review this policy regularly.

Contact and Concerns

If you have any questions about this Privacy Policy or how we process your data, or if you wish to exercise any of your rights as outlined above, please contact us using our website contact form or by post to our registered address. If you believe your data has not been handled correctly, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or the relevant data protection authority in your jurisdiction.