Privacy Policy: How We Protect Your Personal Data at Flower Delivery Peckham

Introduction

This Privacy Policy outlines how Flower Delivery Peckham ('we', 'our', or 'us') collects, uses, stores, and protects your personal data. It also explains your rights regarding your information under the General Data Protection Regulation (GDPR). This policy applies to all customers placing Flower Delivery Peckham orders in Peckham and the surrounding districts.

What Data We Collect

When you place an order with Flower Delivery Peckham, or interact with our services, we may collect the following categories of personal data:

  • Identity Information: Your name, the recipient's name, and relevant titles.
  • Contact Information: Your address, recipient's delivery address, telephone number, and any other contact details you provide.
  • Order Details: Product preferences, order notes, messages to be sent with bouquets, and delivery instructions.
  • Payment Data: Billing address and payment transaction details (note: all payment processing is handled by third-party processors; we do not store your card numbers).
  • Technical Data: IP address, device type, browser information, and usage data gathered during website visits (where applicable, through cookies and analytics tools).

Lawful Basis for Processing Your Data

We process your data based on the following lawful grounds under the GDPR:

  • Contractual Necessity: To process and deliver your order, including managing payment, and communicating with you regarding your order.
  • Legal Obligations: To comply with applicable laws and regulations (for accounting, tax, or fraud prevention purposes).
  • Legitimate Interests: To improve our services, maintain security, respond to your inquiries, and understand customer preferences, balanced with your rights and fundamental freedoms.
  • Consent: In circumstances where your agreement is required, such as sending marketing communications, we will seek your explicit consent, which can be withdrawn at any time.

How We Use Your Data

Your data is used for the following purposes:

  • Processing, confirming, and delivering your flower orders
  • Handling payments, refunds, and order queries
  • Providing customer support and answering your inquiries
  • Improving and optimizing our website and services
  • Ensuring security and preventing fraudulent activity
  • Fulfilling our legal and accounting obligations
  • Sending limited marketing communications, with your consent where required

Retention of Your Data

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, including the satisfaction of any legal, accounting, or reporting requirements. This generally means:

  • Order and Transaction Data: Kept for a period of up to seven years to comply with tax and accounting rules.
  • Marketing Data: Retained until you withdraw consent or unsubscribe.
  • General Queries: Kept for up to two years from the last contact, unless required longer by legal obligations.

At the end of retention periods, your data will be securely deleted or anonymized so it is no longer associated with you.

Processors and Third Parties

To provide our services, we may share or disclose your personal information with trusted third parties acting as data processors, including but not limited to:

  • Payment processors for handling transactions
  • Courier and delivery partners to ensure timely order delivery
  • IT service providers for hosting and website maintenance
  • Accounting and legal professionals as required by law

All third-party processors are contractually required to protect your data and process it exclusively for the specified purposes and in compliance with GDPR requirements.

International Transfers

Your data is generally processed within the United Kingdom or European Economic Area (EEA). If any transfer of your personal data outside of the UK or EEA is necessary, such as to an IT service provider, appropriate safeguards (such as Standard Contractual Clauses) will be in place to ensure its security and compliance with GDPR.

Security Measures

We are committed to safeguarding your data. Appropriate technical and organisational measures are implemented to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include secure servers, encryption protocols, and regular staff training.

Your Data Protection Rights

Under the GDPR, you have the following rights concerning your personal data:

  • Right to Access: You may request access to the personal data we hold about you.
  • Right to Rectification: You may ask to have incorrect or incomplete information updated.
  • Right to Erasure: You may request that your data be deleted, subject to statutory exceptions.
  • Right to Restrict Processing: You may request limitation of your data usage in certain circumstances.
  • Right to Data Portability: You have the right to obtain and reuse your personal data across different services.
  • Right to Object: You may object to the processing of your personal data for certain purposes, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.
  • Right to Lodge a Complaint: If you believe your rights have been violated, you can lodge a complaint with the UK Information Commissioner's Office (ICO).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legislation or our data practices. The most current version will always be available via our website. We encourage customers to review this policy periodically.

Contacting Us

If you have any questions, concerns, or wish to exercise your data rights, please use the contact methods provided on our website. We are committed to addressing your inquiry promptly and ensuring your data is handled respectfully and lawfully.