Privacy Policy for Flowers New Malden

Introduction

This Privacy Policy outlines how Flowers New Malden collects, uses, stores, and protects your personal data in compliance with the UK General Data Protection Regulation (GDPR). This policy is relevant to all customers placing orders with Flowers New Malden in New Malden and the surrounding districts. We are committed to safeguarding your personal information and ensuring transparency regarding how your data is handled.

What Data We Collect

When you interact with Flowers New Malden, particularly when placing an order, we collect the following types of data:

  • Contact Information: Your name, delivery address, billing address, and telephone number.
  • Order Details: Information about your purchases, recipient’s name and address, personal messages, and any special instructions you provide.
  • Payment Information: Transaction details and payment confirmation, processed securely through payment service providers. We do not store full credit or debit card numbers.
  • Communication Data: Records of communications with our customer service, including queries, feedback, or complaints.
  • Technical Data: Information about how you interact with our website (e.g., IP address, device type, browser information), collected via cookies and similar technologies where applicable.

Lawful Basis for Processing

Under the GDPR, we will only process your personal data where we have a lawful basis for doing so. The lawful bases we rely on include:

  • Contractual Necessity: Processing your data is necessary to fulfil your purchase contract with us, such as processing orders, arranging deliveries, and providing customer service.
  • Legal Obligation: In certain circumstances, we are required by law to retain and use your data (such as for compliance with tax and accounting regulations).
  • Legitimate Interests: It is in our legitimate interest to use your data to improve our products and services, respond to your queries, and prevent fraud.
  • Consent: Where required, we will ask for your explicit consent to process your data (for example, for direct marketing communications). You can withdraw your consent at any time.

Use of Processors and Third Parties

To operate our business and provide you with an efficient service, we may share your personal data with trusted third-party processors. These include:

  • Payment service providers for secure payment processing.
  • Delivery partners for fulfilling flower deliveries to your chosen address.
  • IT and website hosting providers who help maintain our online ordering system.
  • Professional advisers (e.g., accountants) where required for legal compliance.

All processors are contractually obligated to protect your data in accordance with GDPR and may only process your data as instructed by Flowers New Malden. We never sell your data to any third parties for marketing purposes.

Data Retention

Your personal data will only be retained for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Specifically:

  • Order and customer data is retained for up to 6 years to comply with tax and legal obligations.
  • Information used for marketing purposes is retained until you withdraw your consent or unsubscribe from communications.
  • Technical data such as cookies may be stored for shorter periods in accordance with our cookie policy and applicable laws.

Once your data is no longer needed, we ensure its secure deletion or anonymisation.

Your Rights Under GDPR

You have several rights under the GDPR regarding your personal data:

  • Right to Access: You can ask us to confirm if we hold personal data about you and to provide a copy of that data.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you may request that we delete your personal data.
  • Right to Restrict Processing: You can request limitation of how we use your data.
  • Right to Data Portability: You can receive your data in a structured, commonly used format and, if feasible, have it transmitted to another provider.
  • Right to Object: You may object to the processing of your data for direct marketing or where our legal basis is legitimate interest.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of your rights, please contact us in writing, verifying your identity as we may require. We aim to respond to all legitimate requests within one month.

Security and Data Protection Measures

We take data security seriously. Appropriate technical and organisational measures are in place to prevent your data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. Our staff are trained in data protection best practices, and all third-party processors are required to comply with GDPR security standards.

International Data Transfers

Your personal data is stored within the United Kingdom or the European Economic Area (EEA). We do not routinely transfer your data outside of these areas. If a transfer is necessary, we will ensure appropriate safeguards are in place to maintain the required standard of data protection.

Policy Scope and Updates

This privacy policy applies to all customers placing orders with Flowers New Malden from New Malden and surrounding districts. We may update this policy from time to time to reflect changes in the law or our business practices. Any changes will be posted on our website, and where appropriate, notified to you by other means.

Contact and Complaints

If you have any questions about this privacy policy or are concerned about how your data is being processed, please contact us directly. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have not been upheld.