Privacy Policy for Flowers Chalfont St Giles Customers

Introduction

This Privacy Policy sets out how Flowers Chalfont St Giles ("we", "our", "us") collects, uses, stores, and protects your personal data when you place an order with us. It applies to all customers in Chalfont St Giles and neighbouring districts. We are committed to ensuring your privacy is protected and that we comply with the UK General Data Protection Regulation (UK GDPR) and related data protection laws.

What Data We Collect

When you place an order with Flowers Chalfont St Giles, we may collect the following categories of personal data:

  • Identification Data: Your name, and in some cases, the recipient's name.
  • Contact Information: Your address, email address, and phone number, as well as the recipient's delivery address.
  • Order Details: Details of your flower or gift order, preferences, delivery instructions, and any custom messages.
  • Payment Information: Transaction details. Please note: payment card details are processed securely by our payment processor and are not stored by us.
  • Correspondence: Any communication you send to us, such as inquiries, feedback, or complaints.

Lawful Basis for Processing Your Data

We process your personal data under one or more lawful bases defined by the UK GDPR, specifically:

  • Contract: Processing your data is necessary to fulfil your order and provide the requested service.
  • Legal Obligation: We may process data to comply with our legal obligations, for example, for accounting or tax purposes.
  • Legitimate Interests: We may process your data for our legitimate business interests, where this does not override your fundamental rights (e.g., fraud prevention, ensuring network and information security, or improving our services).
  • Consent: For certain uses, such as direct marketing by email (if applicable), we will ask for your explicit consent, which you can withdraw at any time.

How We Use Your Data

We collect and use your personal data for the following purposes:

  • To process and complete your order, including arranging delivery.
  • To communicate with you about your order or answer your questions.
  • To manage payments and prevent fraud.
  • To comply with our legal and regulatory obligations.
  • For internal analysis and service improvement.
  • If you consent, to send you information about our products, seasonal offers, or promotions.

How Long We Keep Your Data

We only retain your personal data for as long as necessary for the purposes set out in this policy:

  • Order and transaction information is generally kept for six years to comply with legal, accounting, or reporting requirements.
  • Contact information retained for marketing purposes will be stored until you withdraw your consent or unsubscribe.
  • Correspondence may be retained for up to six years to manage any future queries or complaints.

Once your data is no longer required, it will be securely deleted or anonymised.

Processors and Data Sharing

We may share your personal data with trusted third-party service providers ("processors") who help us run our business. These may include:

  • Payment processors for secure transaction handling.
  • Delivery partners who assist in delivering your flowers or gifts.
  • IT service providers supporting our website and communications.
  • Professional advisors, such as accountants or legal consultants, where necessary.

Each processor is contractually obliged to comply with strict data protection requirements, use your information only as instructed, and protect its confidentiality. We will not sell your personal data or share it for marketing purposes without your explicit consent. Where required, your data may be disclosed to authorities for compliance with legal obligations.

Your Rights

As a customer of Flowers Chalfont St Giles, you have the following rights under the UK GDPR:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any incorrect or incomplete data.
  • Right to Erasure: Ask us to delete your data when it is no longer needed, or you withdraw consent (subject to legal requirements).
  • Right to Restrict Processing: Request limitations on how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format, or request we send it to a third party.
  • Right to Object: Object to how we process your data, including for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw this at any time.

To exercise your rights, please contact us using the method described in the 'Contact' section of our website. We may require proof of your identity for security reasons and aim to respond within one month.

Security

We are committed to safeguarding your personal data. We have put appropriate technical and organisational measures in place to prevent unauthorized access, accidental loss, destruction, or disclosure. Our staff and contractors are trained in data protection obligations, and all data is processed in accordance with best industry practices.

International Transfers

We store all personal data within the United Kingdom. If, in rare circumstances, we need to transfer your information outside the UK, we will ensure that appropriate safeguards are in place as required by law.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in legal requirements or our business operations. The latest version will always be available on our website. If changes are significant, we will notify you appropriately.

Contact

If you have any questions about this policy, your personal data, or wish to make a complaint, please contact us using the details provided in the 'Contact' section of our website. If you are unsatisfied with our response, you have the right to contact the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.