GDPR Privacy Policy for Florist Herne Hill Customers

Introduction

This Privacy Policy describes how Florist Herne Hill collects, uses, stores, and protects your personal data in line with the General Data Protection Regulation (GDPR). It applies to all customers placing orders with Florist Herne Hill in Herne Hill and surrounding districts. Please review this policy to understand your rights and how we safeguard your information.

What Data We Collect

When you place an order or interact with Florist Herne Hill, we may collect the following types of personal data:

  • Identification Data: Name, surname, and title.
  • Contact Data: Delivery address, billing address, postcode, and other location data, as well as contact telephone number(s).
  • Email Information: Email address for order confirmation and updates.
  • Transaction Data: Purchase history, payment method, and transaction details (please note all payment data is processed through regulated third-party providers and not stored by Florist Herne Hill).
  • Order Details: Specifics about the products you order, recipient names, and any personalised messages.
  • Correspondence: Any communications you send to us, such as feedback, queries, or complaints, may be recorded.
  • Technical Data: Device type, IP address, browser type, and operating system information when using our website or digital platforms.

Lawful Basis for Processing Your Data

We use your personal data only when permitted by law. The main lawful bases under the GDPR that justify our data processing are:

  • Contractual Necessity: Processing your data to fulfill your order, including delivery, order updates, and payment handling.
  • Legal Obligation: Securing data to meet our obligations under tax, accounting, or consumer protection law.
  • Legitimate Interest: Improving our services, handling customer inquiries, and preventing fraud, balanced against your privacy interests.
  • Consent: Where you opt-in to receive marketing communications or newsletters, consent is explicitly obtained. You may withdraw your consent at any time.

How We Use Your Data

Florist Herne Hill uses your data for the following purposes:

  • Processing orders and arranging delivery.
  • Communicating updates related to your order.
  • Handling payments securely via third-party payment processors.
  • Managing customer service interactions and addressing enquiries.
  • Sending marketing or promotional information (only with your explicit consent).
  • Compliance with legal, accounting, and regulatory requirements.
  • Improvement of the website and services through analysis of aggregated technical data.

Data Retention

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Florist Herne Hill applies the following data retention criteria:

  • Basic order and transaction information is held for a minimum of six years to comply with financial and tax regulations.
  • Account or customer profiles are retained while your account is active and deleted within a reasonable period after closure or inactivity.
  • Data provided for marketing purposes is kept until you opt-out or withdraw consent.
  • Technical and log data is stored for up to 12 months for security and analytical purposes.

Data may be anonymised beyond these periods for statistical analysis, in which case you cannot be identified.

Data Processors and Third Parties

To deliver our services, we rely on selected third-party service providers (“processors”) who support Florist Herne Hill in the following areas:

  • Payment Processing: Secure payment gateways to process card transactions.
  • Courier and Delivery Partners: Trusted local couriers for fulfilling flower deliveries.
  • IT and Cloud Services: Providers who host our website, manage technical infrastructure, and store data securely.
  • Communication Tools: Platforms for sending order confirmations and service communications.

All processors are vetted for GDPR compliance and are required to process data only as instructed, using appropriate security measures. We do not sell or share your data with other third parties for their own marketing purposes.

International Data Transfers

Your personal data is processed primarily within the United Kingdom. If data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are applied in compliance with GDPR to guarantee an equivalent level of data protection.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data processed by Florist Herne Hill:

  • Right to Access: Request a copy of your personal information we hold.
  • Right to Rectification: Request correction of any inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data when the legal basis for processing no longer applies.
  • Right to Restrict Processing: Ask us to restrict the processing of your data under certain circumstances.
  • Right to Data Portability: Obtain your data in a structured, commonly used, and machine-readable format for transfer to another provider.
  • Right to Object: Object to our processing of your data where we rely on legitimate interests or direct marketing (including profiling).
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on it for data processing.

To exercise your rights, a written request with sufficient identification is usually required. We will respond in line with legal timeframes, typically within one month. Please note, certain rights may be limited by legal obligations or legitimate business interests.

Data Security

We maintain appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. This includes encryption, access controls, regular security reviews, and staff training. While we strive to safeguard your information, no system can guarantee absolute security.

Policy Review and Updates

This Privacy Policy is kept under regular review and may be updated to reflect changes in regulation or our data practices. The updated version will be made available to all customers placing orders with Florist Herne Hill in Herne Hill and surrounding districts. We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

Contact and Further Information

If you have any questions regarding this Privacy Policy or how your personal data is used, please contact us through our published channels. If you have concerns about our data handling practices, you may also raise a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.