Privacy Policy: Flower Delivery in Kingston and Surrounding Districts

Introduction

This Privacy Policy outlines how Flower Delivery Kingston Upon Thames (“we”, “us”, or “our”) collects, uses, shares, and protects your personal information in compliance with the General Data Protection Regulation (GDPR). It applies to all customers placing orders for flower delivery in Kingston Upon Thames and its surrounding districts. We treat your privacy seriously and are committed to processing your data transparently and securely.

What Personal Data We Collect

To process your flower delivery order and enhance your customer experience, we may collect and process the following types of personal data:

  • Contact Information: Name, delivery address, billing address, contact phone number, and email address.
  • Order Details: Items purchased, special instructions for delivery, recipient’s name and address, and order history.
  • Payment Information: Payment method details (such as the last four digits of your payment card; full card or bank details are handled only by our secure payment processors and not stored by us).
  • Usage Data: Information about how you use our website or interact with our customer service (including cookies, device information, and website analytics).

Lawful Basis for Processing Data

Under GDPR, we must have a lawful basis for handling your personal data. These include:

  • Contract: Processing necessary for performing our contract with you—such as fulfilling your flower delivery order.
  • Legitimate Interests: For improving our services, preventing fraud, and managing our operations, provided these interests are not overridden by your rights.
  • Legal Obligation: To comply with applicable tax, accounting, and other legal requirements.
  • Consent: We may rely on your consent for specific purposes, such as sending you marketing emails. You can withdraw your consent at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and delivering your flower order, including communicating order confirmations and delivery updates.
  • Processing payments securely through trusted payment processors.
  • Providing customer service and responding to queries or complaints.
  • Improving our website and services through analytics and feedback.
  • Meeting our legal obligations and resolving potential disputes.
  • With your consent, informing you about promotions, discounts, or new services.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including for legal, accounting, or reporting requirements. Generally:

  • Order and customer data is retained for up to 7 years to comply with tax and legal requirements.
  • Marketing data is retained until you withdraw consent or opt out of receiving communications.
  • Data from abandoned orders or uncompleted transactions may be kept for up to 12 months for potential customer service follow-up or fraud prevention, after which it is securely deleted.

Once retention periods expire, we securely delete or anonymise your personal information.

Data Processors and Sharing

We only share your data with trusted third parties (data processors) to deliver our services. These include:

  • Payment Service Providers: For processing order payments securely.
  • Delivery Partners: For delivering flowers to specified addresses.
  • IT and Website Hosting Providers: For hosting, maintaining, or supporting our website and services.
  • Professional Advisors: Only where required for legal or accountancy purposes.

Each processor is carefully selected for GDPR compliance, and data is only shared to the extent necessary for fulfilling our services. We do not sell your data to third parties.

International Data Transfers

Your data is stored and processed within the United Kingdom and the European Economic Area (EEA) where possible. If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place as required by GDPR.

Your Rights under GDPR

You have several important rights regarding your personal data under GDPR:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Have inaccuracies corrected or incomplete data completed.
  • Right to Erasure (‘Right to be Forgotten’): Ask for your personal data to be deleted, subject to legal obligations.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a commonly used format or request that it is transferred to another service provider.
  • Right to Object: Object to certain processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw this at any time.

If you wish to exercise any of these rights, please contact us with sufficient information to verify your identity and process your request.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. This includes secure website protocols, restricted access, regular security reviews, and ensuring our processors meet strict security requirements.

Children’s Data

Our services are intended for individuals aged 18 and over or those with parental consent. We do not knowingly collect data from children under 16. If you believe we have inadvertently collected such data, please inform us so we can promptly delete it.

Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in legislation or our processing activities. We encourage you to review this policy regularly to stay informed about how we protect your data. The latest version will always be available on our website.

Contact and Complaints

If you have any questions or complaints about how we collect or process your personal data, please contact us. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local Data Protection Authority if you believe your data rights have been breached.