Privacy Policy for Florist Hillingdon Customers

Introduction

This Privacy Policy outlines how Florist Hillingdon collects, uses, stores, and protects personal information provided by customers placing flower orders from Hillingdon and the surrounding districts. Your privacy is important to us, and we are fully committed to complying with the General Data Protection Regulation (GDPR) and all relevant UK data protection laws.

Scope of This Policy

This Policy applies to all individuals who use our services, including those who place orders through our website, by phone, or in person within Hillingdon and the surrounding regions. By using our services, you acknowledge and accept the practices described in this policy.

What Data We Collect

To fulfill your order and provide our services, we may collect the following types of personal data:

  • Identity Data: Name, surname
  • Contact Data: Address, delivery address, town, postcode, phone number (if provided), and any additional instructions provided for order completion or delivery.
  • Order Details: Types and quantities of items ordered, delivery preferences, special messages to recipients.
  • Payment Data: Confirmation that payment has been made (full transaction details are processed by our payment provider and not stored by us).
  • Communication Data: Records of correspondence with you including customer service queries, feedback, or complaints.
  • Technical Data: IP address, device type, browser type, access times, and navigation data, where collected by our website for security and analytics purposes.

Lawful Basis for Processing

Florist Hillingdon processes personal data under the following legal grounds as defined by the GDPR:

  • Contractual Necessity: Processing your personal data is necessary to fulfill your order, deliver products, and provide customer service.
  • Legal Obligation: We may process and retain your data to comply with legal or regulatory requirements (such as tax laws or accounting records).
  • Legitimate Interests: We may process data for legitimate business purposes such as improving our services, performing analytics, and preventing fraud, provided these interests are not outweighed by your rights and interests.
  • Consent: Where required (for example, for marketing communications), we may process your data based on your explicit consent. You have the right to withdraw consent at any time.

How We Use Your Data

Your personal information is used for the following purposes:

  • Processing and fulfilling your flower orders.
  • Arranging and managing delivery to your specified address or recipient.
  • Communicating with you about your order, including sending order confirmations, updates, and answering queries.
  • Handling customer service requests, feedback, and complaints.
  • Fulfilling accounting, tax, and legal obligations.
  • Improving our services and website experience, ensuring security, and conducting analytics (where applicable).

Data Processors and Sharing Information

We may share your personal data with trusted third parties ("data processors") only where necessary for delivering our services and fulfilling your order. Typical examples include:

  • Payment Providers: Secure payment processing is managed by authorised payment providers. We do not store full payment card information.
  • Delivery Partners: Information shared with couriers and delivery services strictly for delivering your order.
  • IT Service Providers: Companies who provide website hosting, maintenance, email services, or secure system backups.

All data processors act only on our instructions, are bound by contract not to use your data for other purposes, and are required to take appropriate measures to protect your information.

Data Retention

We retain your personal data only for as long as is necessary to provide our services, fulfil legal obligations, resolve disputes, and enforce our agreements. Typically:

  • Order and transaction data (including delivery details) are retained for up to 7 years for legal and accounting purposes.
  • Contact details and communication records are retained for up to 2 years after the last interaction, unless you request deletion or the law requires a longer period.
  • Technical and website analytics data may be retained in aggregate form for service improvement and security monitoring.

Data Security

Florist Hillingdon takes your privacy seriously and implements technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. This includes encrypted communications (where possible), regular system reviews, and staff training on data protection.

Your Rights Under the GDPR

As a customer, you have a number of rights with respect to your personal data. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your personal data where we have no lawful basis to retain it.
  • Right to Restrict Processing: Request limits on how we use your data under certain circumstances.
  • Right to Data Portability: Request the transfer of your personal data in a commonly used format to another party.
  • Right to Object: Object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: Lodge a complaint with a supervisory authority if you believe your data has been processed unlawfully.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our business processes, legal requirements, or best practices. The most current version will always be available on our website. Continued use of our services after a policy update signifies your acceptance of the changes.

Contact and Further Information

If you have any concerns or questions about how Florist Hillingdon handles your personal data, or if you wish to exercise any of your GDPR rights, please contact us using the details provided on our website or by speaking with a member of our team at our premises. We are committed to addressing your requests promptly and transparently.