Privacy Policy for Flowers Chesham

Introduction

This Privacy Policy outlines how Flowers Chesham collects, uses, and protects the personal data of customers who place orders with us in Chesham and the surrounding districts. Flowers Chesham is committed to safeguarding your privacy and adhering to the principles set out in the General Data Protection Regulation (GDPR), as well as relevant UK data protection laws. By placing an order with Flowers Chesham, you agree to the collection and use of your personal data as described in this policy.

Scope of the Policy

This Privacy Policy applies to all individuals who place orders with Flowers Chesham, either through our website, over the phone, or in person, where the delivery or service is fulfilled in Chesham and surrounding districts. This policy sets out our approach to your personal data and explains your rights in relation to that data under GDPR.

What Data Do We Collect?

When you place an order with Flowers Chesham, we collect personal data necessary for processing and delivering your order. The types of data we may collect include:

  • Identity Data: Name, surname, and title.
  • Contact Data: Address, delivery address, postcode, and telephone number.
  • Order Information: Details of products ordered, delivery date, and special instructions.
  • Payment Data: Payment method, transaction amount, and, where applicable, limited payment card information (note: full card details are processed securely by our payment processors and not retained by us).
  • Communication Data: Correspondence, messages, and feedback relating to your order or customer service queries.
  • Technical Data: Where you use our website, we may collect technical information such as your IP address, browser type, and device information using cookies and analytics tools (if applicable).

Lawful Basis for Processing

The GDPR requires us to have a valid lawful basis to process your personal data. Flowers Chesham processes your data under the following grounds:

  • Contractual Necessity: We process your identity, contact, and order information as it is necessary to fulfill the contract of sale and delivery you enter into with us when placing an order.
  • Legal Obligation: Certain information may be retained for compliance with applicable tax, accounting, and legal requirements.
  • Legitimate Interests: To improve our service, prevent fraud, and ensure the secure operation of our service, we process limited technical and communication data.
  • Consent: Where we process your data for marketing communications or any purpose not outlined above, we will obtain your explicit consent beforehand.

How We Use Your Personal Data

Your data will be used for the following purposes:

  • Processing and delivering your orders, including communication relating to your purchase and delivery.
  • Processing payments and managing transactions.
  • Responding to your queries, requests, or complaints.
  • Fulfilling our legal obligations regarding records and business administration.
  • With your consent, sending promotional materials or updates about our services.
  • Monitoring and improving our website and customer experience, where applicable.

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. Generally:

  • Order and transaction data is kept for up to six years from the transaction date, to comply with tax and business record-keeping requirements.
  • Data processed for marketing purposes is retained until you withdraw your consent.
  • Technical data is kept for a shorter period, typically no longer than 24 months, unless required for security or troubleshooting reasons.

After these periods, your data is securely deleted or anonymised.

Data Processors and Sharing

We take your privacy seriously and do not sell or rent your personal information to third parties. However, in order to fulfil your order and maintain our business operations, we may share your data with trusted third-party service providers who work as ‘data processors’ on our behalf. These include:

  • Payment processing companies to handle transactions securely.
  • Delivery and courier partners to ensure your flowers reach their destination.
  • IT and website hosting providers to support our online services.
  • Professional advisors (such as accountants and legal consultants) where legally required.

All processors are required to act strictly in accordance with our instructions and to protect your data under appropriate technical and organisational measures. Your data will not be transferred outside the UK or EEA unless adequate safeguards are in place, as required by law.

Your Rights Under GDPR

The GDPR grants you several rights with respect to your personal data, including:

  • Right of Access: You can request access to a copy of your personal data that we hold.
  • Right to Rectification: You may ask us to correct or update inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data, subject to certain legal obligations.
  • Right to Restriction: You may request us to restrict processing in certain circumstances.
  • Right to Object: You can object to processing based on legitimate interests, or to receiving direct marketing.
  • Right to Data Portability: You have the right to request a copy of your data in a machine-readable format for transfer to another service provider.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

If you wish to exercise any of these rights, please contact us using the contact details provided on our website or written correspondence address.

Security Measures

Flowers Chesham takes the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or loss. These include encryption, access restrictions, secure payment processing, and regular system monitoring.

Changes to This Privacy Policy

We may amend or update this privacy policy occasionally to reflect changes in our practices, legal requirements, or the way we operate. The most recent version will always be accessible via our website or by request in store. We recommend checking this policy periodically to stay informed.

Contact and Complaints

If you have questions, concerns, or wish to make a complaint regarding the use of your personal data, please contact us by the means detailed on our website or in-store materials. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority.

This policy is effective as of 30 June 2024.