Bexleyheath Florist Customer Privacy Policy

Introduction

This Privacy Policy explains how Bexleyheath Florist collects, uses, shares, and protects your personal information when you place an order with us by any means. This policy applies to all customers placing orders within Bexleyheath and the surrounding districts. We are committed to ensuring your privacy is protected and that we process your data in accordance with the General Data Protection Regulation (GDPR) and all applicable data protection legislation in the United Kingdom.

What Data We Collect

When you engage with Bexleyheath Florist to place an order or make an enquiry, we may collect and process the following types of personal information:

  • Identity Data: Name, salutation and, where applicable, the name of the intended recipient of your order.
  • Contact Data: Address, telephone number, and any other relevant contact information for both sender and recipient as required to fulfill the order.
  • Order Data: Details of your order(s), such as product choices, delivery instructions, and card messages.
  • Transaction Data: Details of payments made (note that payment card details are processed securely through our payment processor and are not stored or accessible to us).
  • Communication Data: Records of communications with us (such as order confirmations, enquiries, feedback or complaints).

We do not knowingly collect or process special category data (sensitive information such as health, race, or religious beliefs) unless specifically provided by you and required for the fulfillment of your order (for example, messages in cards). If such information is provided, it will be handled with the utmost confidentiality and only for the purposes specified.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis to process your personal data. We process your data under the following lawful bases:

  • Performance of a Contract: Processing is necessary for the performance of our contract with you, such as when you place an order for flowers or gifts, or request delivery services.
  • Legitimate Interests: We may use your information for our legitimate business interests, such as to deliver quality customer service, manage our relationship with you, or administer our website.
  • Legal Obligations: In some cases, we may have to process data to comply with legal or regulatory requirements.
  • Consent: Where required by law, or if we wish to use your contact details for marketing purposes, we will seek your explicit consent. You will always have the option to withdraw consent at any time.

How We Use Your Personal Data

Your personal data is used to:

  • Process and fulfill your order, including arranging delivery to the specified address;
  • Contact you regarding your order or to respond to your enquiries;
  • Process payments and provide receipts or invoices as necessary;
  • Maintain internal records for accounting, business analysis, and service improvement;
  • Comply with legal and regulatory obligations;
  • With your consent, inform you about our products, promotions, or customer service updates.

Data Retention

We will only retain your personal data for as long as is necessary for the purposes for which it was collected, or as required by law. Typically, we retain order data and related information for up to six years to satisfy tax, accounting, and legal requirements. After this period, we will securely delete or anonymize your data so that it can no longer be associated with you.

Data Processors and Third Parties

Bexleyheath Florist may engage trusted third-party service providers (data processors) to assist in processing your orders, delivering products, and managing payments. For example, we may use reputable payment processing services, IT and cloud storage providers, or delivery partners. We ensure all third parties comply with data protection laws and act only on our instructions. These partners are not authorized to use your information for their own purposes and are contractually obligated to keep your data secure and confidential.

We do not sell or share your personal data with third parties for marketing purposes. Data may be shared with public authorities if required by law or to protect our legal interests.

Your Rights Under GDPR

Under the GDPR, you have a number of important rights with respect to your personal data. These include:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure: In certain circumstances, you can ask us to erase your personal data.
  • Right to Restrict Processing: You may request that we restrict the processing of your data if you contest its accuracy, the processing is unlawful, or you need us to retain it for legal claims.
  • Right to Data Portability: You may request a copy of your data in a commonly used format and have the right to transmit it to another controller.
  • Right to Object: You have the right to object to our processing of your data where we rely on legitimate interests as a basis.
  • Right to Withdraw Consent: Where we process your data based on your consent, you can withdraw consent at any time.

To exercise any of these rights, please contact us detailing your request. We may require proof of identity to deal with certain requests and will respond within one month as required by law.

Data Security

We are committed to ensuring that your information is secure. We have put in place suitable physical, electronic, and managerial procedures to safeguard and secure information we collect to prevent unauthorized access, disclosure, or loss. If you have any concerns about the security of your data, please contact us for further information.

Changes to This Privacy Policy

Bexleyheath Florist may review and update this Privacy Policy periodically to ensure it remains accurate and compliant with relevant laws. Any significant changes will be communicated through our website or by other means. Please review this policy regularly to stay informed about how we protect your privacy.

Contact and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or how your personal data is processed, please contact us using the methods provided on our website or in-store. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.