Flower Delivery Bickley Privacy Policy

Introduction

This Privacy Policy explains how Flower Delivery Bickley collects, processes, and protects the personal data of our customers when placing flower delivery orders in Bickley and the surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring your privacy and data security throughout your experience with us.

Scope of the Policy

This policy applies to all personal data processed by Flower Delivery Bickley from individuals placing orders for flower delivery services within Bickley and its surrounding areas. By placing an order or interacting with our services, you agree to the terms set out in this policy.

What Data We Collect

We collect the minimum necessary personal data to process your order and provide our services efficiently. Depending on your interactions with us, we may collect the following categories of data:

  • Identity Data: Name, title.
  • Contact Data: Delivery address, billing address, phone number (if provided), and details required for order confirmation.
  • Transaction Data: Details of your orders, payment method (note: payment details are processed securely and not stored by us), and purchase history.
  • Recipient Data: Name, delivery address, and any message you wish to include with the flowers, as provided by you for the recipient.
  • Technical Data: IP address, browser type, and device information if you use our online ordering platform (collected via cookies and similar technologies).
  • Communication Data: Correspondence details when you contact customer support or make queries regarding your order.

We do not collect special categories of personal data (such as health or religious information) unless explicitly provided by you in messages or instructions related to your order.

Lawful Basis for Data Processing

Under the GDPR, we must have a lawful basis to process your personal data. We rely on the following bases:

  • Contractual necessity: Processing your data is necessary to enter into and fulfil the contract for flower delivery services. For example, we must use your name and delivery address to provide the service you have requested.
  • Legal obligation: We may need to process and retain certain data to comply with legal and financial requirements, such as record-keeping for tax purposes.
  • Legitimate interests: We have a legitimate business interest in ensuring the effective operation of our services (e.g., using order data to improve our service or prevent fraud), as long as these interests do not override your fundamental rights and freedoms.
  • Consent: In limited cases, where required by law, we will ask for your explicit consent before processing data (for example, for marketing communications). You can withdraw your consent at any time.

Data Retention

Your personal data is retained for no longer than necessary to fulfill the purposes for which it was collected. The specific retention period depends on the nature of the data and our legal obligations:

  • Order and transaction data: Typically kept for 6 years from the date of your last transaction, to comply with tax regulations and resolve potential disputes.
  • Recipient and delivery data: Retained for up to 1 year after order completion, then anonymised or deleted unless required for legal or claim purposes.
  • Communication data: Retained for up to 2 years after your query or complaint is resolved.

After these periods, your data is securely deleted or anonymised so that it can no longer be associated with you.

Data Processors and Sharing

We only share your personal data when necessary to fulfil your orders or comply with the law. Your data may be shared with trusted third parties operating as data processors on our behalf, including:

  • Payment service providers: To securely process and verify your payments. We do not store your payment card information.
  • Delivery couriers and local florists: To deliver your flowers efficiently and ensure accurate fulfilment of your order.
  • IT service providers: For website hosting, maintenance, and security functionalities.

All data processors are subject to strict contractual obligations under GDPR, and are not permitted to process your data for any purposes other than those specified by us. Your data is not sold or shared with third parties for their own marketing purposes.

International Transfers

Your data is generally stored and processed within the United Kingdom or the European Economic Area (EEA). In the rare event that your data is transferred to countries outside the EEA, we take all necessary steps to ensure that appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Security Measures

We take your data security seriously and implement various technical and organizational measures to safeguard personal information, including encryption, secure servers, and regular staff training. While we strive to protect your data, no transmission over the Internet can be guaranteed as 100% secure, so you submit information at your own risk.

Your Rights Under GDPR

You have several rights in relation to your personal data under the GDPR, including:

  • Right to access: You can request confirmation of the data we hold about you and obtain a copy.
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data where there is no further lawful basis for processing.
  • Right to restriction: You can request restriction of processing under certain circumstances.
  • Right to data portability: You may request that we provide your data in a commonly used machine-readable format.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, please contact us using the details provided on our website or via your usual customer service channels. We may need to verify your identity before acting on your request and will respond within the timeframe required by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or legal requirements. We encourage you to review this page regularly to stay informed. The date of the latest revision will always be indicated at the end of the policy.

Contact and Queries

If you have questions about this Privacy Policy or how we protect your personal information, please contact us through the contact form on our website or via your usual customer service point of contact. We are committed to addressing your concerns professionally and promptly.

Policy last updated: June 2024