Privacy Policy for Florist Greenwich

Scope of this Privacy Policy

This Privacy Policy describes how Florist Greenwich collects, processes, stores, and protects your personal data when you place orders with us within Greenwich and the surrounding districts. We are dedicated to ensuring your privacy and upholding your rights under the General Data Protection Regulation (GDPR) and relevant UK data protection laws. This policy applies to all customers who order flowers and related services from Florist Greenwich.

What Data We Collect

When you place an order with Florist Greenwich, we may collect the following types of personal data:

• Contact Information: Name, delivery address, billing address, and postcode.
• Communication Details: Telephone number (if provided) and preferences for contact.
• Email Address: Used for sending order confirmations and updates.
• Recipient Details: Name and delivery address of the person receiving flowers, if different from the customer.
• Order Details: Product selections, custom messages (such as those included with flower deliveries), delivery date and instructions.
• Transaction Information: Payment method and transaction reference (note: actual card details are not stored, only processed securely via payment processors).
• Technical Information: IP address, browser type, and device information collected via cookies when using our website.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. Florist Greenwich relies on the following lawful bases:

• Contractual Necessity: We process your data to fulfill your flower order and provide our services. Without this data, we would not be able to process your orders or deliver flowers.
• Legal Obligations: We may process and retain data to comply with applicable legal and regulatory requirements, such as accounting and tax laws.
• Legitimate Interests: We may use your data to improve our services, respond to queries, and prevent fraud, provided these interests are not overridden by your rights and interests.
• Consent: Where we send direct marketing communications, we will only do so if you have explicitly consented. You may withdraw your consent at any time.

How We Use Your Data

The personal data collected by Florist Greenwich is used for the following purposes:

• Processing and managing your orders.
• Communicating order confirmation, delivery updates, and customer support information.
• Personalising your experience and responding to your specific requests.
• Improving our services based on customer feedback and website usage analysis.
• Meeting legal, regulatory, and financial requirements.

Retention of Personal Data

Your personal data will be retained only for as long as necessary to fulfil the purposes it was collected for, including any legal, accounting, or reporting requirements. The retention periods are as follows:

• Customer Order Records: Retained for up to 6 years from the date of order to comply with UK tax regulations and possible warranty claims.
• Contact and Communication Data: Retained for the duration of our relationship with you, and archived or deleted after 2 years of inactivity.
• Marketing Consent Data: Retained until you withdraw your consent or request deletion.

After the applicable retention period, your personal data will be securely deleted or anonymised.

Processors and Third Parties

Florist Greenwich may engage trusted third-party service providers to facilitate elements of our service, including:

• Payment Processors: Securely handle payments on our behalf. We do not store your credit or debit card details.
• Delivery Partners: Assist with flower deliveries to your specified address.
• IT Service Providers: Maintain and host our website and support our order management systems.

All third-party processors are vetted to ensure they adhere to GDPR requirements and only process your data on our documented instructions. Data is never sold or passed to third parties for marketing purposes outside Florist Greenwich.

International Data Transfers

Your personal data is primarily processed within the UK and the European Economic Area (EEA). If any data transfer outside the EEA is required (for example, by our technology partners), it is done only where adequate safeguards are in place, such as the use of standard contractual clauses or an adequacy decision by the UK government.

Security of Your Data

Florist Greenwich takes security seriously. We implement a range of measures to protect your data from loss, misuse, unauthorised access, alteration, or disclosure. These include secure servers, encryption of payment information, restricted access to data, and regular staff training in data privacy. However, no system can guarantee complete security, so we encourage you to protect your login credentials and contact us immediately if you suspect any breach of your data.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Rectification: You can request correction of inaccurate or incomplete data.
• Erasure: You can request deletion of your data where there is no legitimate reason for continued processing.
• Restriction: You can request the restriction of how your data is processed in certain circumstances.
• Object: You can object to processing based on legitimate interests or direct marketing.
• Data Portability: You can request a copy of your data in a structured, commonly used electronic format.
• Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

If you wish to exercise any of these rights, please contact us via the customer support channels provided on our website. We respond to all requests in accordance with legal requirements and aim to do so within one month.

Policy Updates

Florist Greenwich reviews this Privacy Policy regularly and may update it to reflect changes in our practices or relevant laws. Any significant changes will be communicated via our website. We encourage you to review the Privacy Policy regularly to stay informed of how we are protecting your data.

Contact and Complaints

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact us using the details on our website. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

This Privacy Policy is effective from June 2024 and applies to all orders placed by customers from Greenwich and the surrounding districts.