Florist Highams Park Data Protection Statement

Introduction

At Florist Highams Park, we are dedicated to respecting and protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Florist Highams Park from Highams Park and the surrounding districts.

What Personal Data Do We Collect?

To process your orders and provide a high standard of service, we may collect the following types of personal data:

  • Contact Information: Name, address (including delivery address if different), and phone number.
  • Order Details: Information about products or services you order, delivery instructions, and recipient details if ordering on behalf of others.
  • Payment Information: Information needed to process payments (this is typically handled by a secure third-party processor and not stored directly by us).
  • Communication Records: Records of your correspondence or interactions with us, such as enquiries, special requests, or feedback.
  • Technical Data: Website usage data, such as IP address, browser type, and session information, gathered to improve our website and customer experience.

Lawful Basis for Processing Your Data

Under the GDPR, Florist Highams Park must have a lawful basis to collect and use your personal data. The primary lawful grounds on which we rely are:

  • Contractual necessity: To process and deliver your orders, and provide related customer services.
  • Legal compliance: To comply with relevant laws and regulations, such as accounting and tax obligations.
  • Legitimate interests: To enhance our products and services, manage customer relationships, and protect our business (for example, monitoring for fraudulent orders).
  • Consent: Where required, such as for direct marketing communications, we will ask for your explicit consent, which you can withdraw at any time.

How We Use Your Personal Data

Your personal data is processed for the following purposes:

  • Fulfilling and managing your orders
  • Delivering products to you or your chosen recipient
  • Responding to enquiries or complaints
  • Processing payments and refunds (handled securely by our payment processor)
  • Complying with our legal and financial obligations
  • Improving our website, products, and customer experience
  • Sending direct marketing and promotional messages if you have opted in

Data Retention Periods

Florist Highams Park retains your personal data for only as long as necessary to fulfill the purposes described above:

  • Order and transaction details: Kept for up to seven years, as required for legal and accounting purposes.
  • Marketing subscriptions: Retained until you withdraw your consent or unsubscribe from marketing communications.
  • General correspondence and queries: Held for up to three years following the last contact, unless needed for longer due to an ongoing issue.

At the end of these periods, your personal information will be securely deleted or anonymised.

Processors and Third Parties

To deliver our services and run our business efficiently, certain personal data may be shared with trusted third-party providers ("processors"), such as:

  • Payment service providers: To securely process credit/debit card payments. These providers handle sensitive payment information on our behalf and must comply with strict security standards.
  • Delivery or courier companies: To ensure products are delivered to the correct address.
  • IT and website support services: For hosting, managing, and maintaining our website and customer records.
  • Professional advisors: Such as accountants or legal advisors, only if required for business operations or to comply with relevant obligations.

We require all third-party processors to handle your data in accordance with the GDPR and only for the specified purposes. Your information is not sold to third parties for marketing purposes.

Your Data Protection Rights

Under GDPR, you have a number of rights in relation to your personal data:

  • Right to Access: You can request a copy of your personal data we hold.
  • Right to Rectification: You can ask us to correct information you believe is inaccurate or incomplete.
  • Right to Erasure: You may ask us to delete your data where it is no longer needed, unless we are legally required to retain it.
  • Right to Restrict Processing: In certain circumstances, you can request the restriction or suppression of your personal data.
  • Right to Data Portability: You have the right to request that we transfer your data to another organization or directly to you.
  • Right to Object: You can object to certain processing, such as direct marketing.
  • Right to Withdraw Consent: Where our processing relies on your consent, you may withdraw this at any time.

To exercise any of these rights, please contact us using the details provided on our website. We aim to respond within one month of receiving your request.

Security of Your Data

We take the security of your personal data seriously. All data is stored securely, and appropriate organisational and technical measures are in place to safeguard it against unauthorized access, loss, or damage.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website. We encourage you to review this policy periodically.

Contact and Concerns

If you have questions about this policy, your data, or how to exercise your rights, please get in touch using the contact details provided on our website. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).