Florist Denmark Hill Privacy Policy

Introduction

This Privacy Policy outlines how Florist Denmark Hill collects, uses, stores, and protects personal data in compliance with the General Data Protection Regulation (GDPR). It applies to all customers placing Florist Denmark Hill orders from Denmark Hill and the surrounding districts. We are committed to ensuring that your privacy is protected and that your personal data is handled with care and transparency.

What Data We Collect

To provide and improve our floral delivery services, we collect specific personal data from customers. The types of data we collect may include:

  • Identity Information: Name, title
  • Contact Details: Delivery address, contact telephone number, billing address
  • Order Information: Details about flower orders, recipient information, special instructions (such as preferred delivery times)
  • Payment Information: Payment card details (processed securely through our payment service providers and not stored by Florist Denmark Hill), payment method, transaction references
  • Communication Record: Records of correspondence, including customer service inquiries and feedback
  • Website Use Data: IP address, browser type, time zone setting, cookies and usage data (where agreed to via a cookie banner)

We do not knowingly collect special categories of personal data (such as health or biometric data) unless explicitly required and consented to in the specific context of your order.

Lawful Basis for Processing

Under GDPR, we are required to have a lawful basis for all personal data processing activities. Florist Denmark Hill relies on the following bases:

  • Performance of a Contract: Most information we collect is necessary to fulfill our contract with you, such as processing and delivering your order.
  • Legitimate Interests: We may process your data to improve our website, prevent fraud, and ensure security, provided this does not override your fundamental rights and freedoms.
  • Consent: In some cases, such as direct marketing, we may seek your explicit consent. You always have the right to withdraw consent at any time.
  • Legal Obligation: Certain data may be retained as required by applicable laws (e.g., tax regulations).

How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • Processing and fulfilling your flower orders
  • Contacting you with important updates about your order
  • Improving our services and understanding customer preferences
  • Managing customer accounts and loyalty programs, if applicable
  • Responding to inquiries, feedback, or complaints
  • Complying with legal and regulatory obligations
  • Sending you marketing information only if you have provided consent

Retention of Your Data

We keep your personal data only as long as necessary for the purposes described in this policy or as required by law. Specific retention periods depend on the context in which the data was provided:

  • Order and Delivery Records: Kept for a maximum of six years to comply with accounting and legal requirements
  • Marketing Preferences: Retained until you withdraw consent or request erasure
  • Customer Communications: Retained for up to three years to resolve inquiries and ensure service quality

Once retention periods expire, your data is securely deleted or anonymized.

Processors and Data Sharing

Florist Denmark Hill may share your personal data with trusted third-party processors who assist us in providing our services. These include:

  • Payment Processors: For secure handling of your payment transactions
  • Delivery Partners: To deliver your flower orders to you or your recipients
  • IT Service Providers: Who maintain our website and support our business operations
  • Professional Advisors: Such as auditors, accountants, or lawyers where necessary

All third-party processors are required to process your data in accordance with our instructions, the GDPR, and to maintain appropriate safeguards. We do not sell or rent your personal data to third parties for marketing purposes.

International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where we use processors located in countries outside the UK or European Economic Area (EEA), we ensure adequate safeguards are in place to protect your rights and data, such as the use of standard contractual clauses approved by the European Commission or the UK Government.

Your Rights as a Data Subject

Under GDPR, you have a number of rights regarding your personal information:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete information.
  • Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data where there is no valid reason for us to keep it.
  • Right to Restrict Processing: You can ask us to suspend processing your data under certain circumstances.
  • Right to Data Portability: You can request that we transfer your data to you or another service provider.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw it at any time.
  • Right to Complain: You may lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

To exercise any of the above rights, you may contact us using the communication method provided when ordering. We may need to verify your identity before fulfilling your request.

Children's Privacy

Our services are not intended for individuals under the age of 16 years. We do not knowingly collect personal data from children. If we become aware of such a collection, we will take steps to remove the data promptly.

Data Security Measures

We implement appropriate technical and organizational measures to safeguard your personal data against accidental loss, unauthorized access, alteration, disclosure, or destruction. Examples include encryption, secure access controls, and regular security assessments. Only authorized personnel are permitted to access customer data for legitimate purposes.

Changes to This Privacy Policy

This privacy policy may be updated periodically to reflect changes in our practices or legal requirements. When updates occur, we will indicate the date of the latest revision at the top of this policy. We encourage customers to review this policy regularly.

Contact and Further Information

If you have any questions about this Privacy Policy or how your personal data is handled, please refer to the communication details provided on your order confirmation or through our official communication channels. We are committed to responding to requests and complaints promptly and transparently.