Privacy Policy for Flower Delivery Harpenden Customers

Introduction

This Privacy Policy outlines how Flower Delivery Harpenden ("the Company", "we", "us", "our") collects, uses, processes, and protects your personal data. It applies to all customers ordering flower delivery services within Harpenden and the surrounding districts, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Personal Data Collected

We collect only the data necessary to process and complete your flower delivery orders, as well as to provide you with customer support and improve our services. Depending on how you interact with us, we may collect the following types of personal data:

  • Identification Data: Your full name and, if applicable, the name of the recipient of the flowers.
  • Contact Details: Delivery address, billing address, and telephone number(s).
  • Order and Transaction Information: Details of your order (items, preferences, messages, delivery date), payment confirmation status, and transaction history.
  • Communication Data: Correspondence you send to us (e.g., queries or complaints) via contact forms or customer service platforms.
  • Technical Data: IP address, browser type and version, device type, operating system, and information about how you use our website (collected via cookies as described in our Cookie Policy).

Lawful Basis for Processing

We process your personal data only where a legal basis applies under the GDPR. The following bases may apply:

  • Contractual Necessity: To fulfil our obligations to you as a customer, including processing your order, arranging payment, and delivering flowers.
  • Legal Obligation: To comply with legal requirements, such as accounting, tax filings, and fraud prevention.
  • Legitimate Interests: For operational purposes, such as improving our services, handling customer queries, and conducting necessary record keeping, provided these interests do not override your rights.
  • Consent: Where we rely on your explicit consent to process certain data, such as for marketing messages (for which you will have the opportunity to provide or withhold consent at any time).

Use of Personal Data

The personal data collected is used for the following purposes:

  • Processing and fulfilling orders, including arranging for the delivery of flowers and personal messages.
  • Managing payment for services rendered.
  • Contacting you regarding your order, or with important announcements concerning your delivery.
  • Responding to any customer service enquiries or complaints.
  • Improving website performance and customer experience through analysis of technical and usage data.
  • Fulfilling statutory or regulatory obligations.

Data Retention

Your personal data is retained only for as long as is necessary to fulfil the purpose for which it was collected, and to comply with relevant legal, accounting, or reporting obligations. Generally, we adhere to the following principles:

  • Order and Transaction Records: Retained for up to seven years to comply with accounting and legal requirements.
  • Customer Service Communications: Retained for up to two years for query resolution and service quality improvement, unless required longer for legal reasons.
  • Technical Data: Retained according to our Cookie Policy, typically no longer than two years, unless part of a required record for security or troubleshooting.

When your information is no longer required, it is securely deleted or anonymised.

Data Processors and Third Parties

We may engage trusted third-party service providers ("data processors") to perform specific business functions or services on our behalf, such as payment processing, delivery logistics, IT hosting, and customer service platforms. All such processors are contractually bound to protect your information and to process it only in accordance with our instructions, never for their own purposes.

In particular, your data may be shared with:

  • Payment processing providers for handling orders.
  • Delivery partners to fulfil your flower delivery requirements.
  • IT hosting, website, or database management providers for the security and integrity of our digital systems.
  • Professional advisors (such as accountants) when required by law.

No data is transferred outside the UK or European Economic Area (EEA) unless adequate safeguards, such as Standard Contractual Clauses, are in place as per GDPR requirements.

Your Rights

Under the GDPR, as a data subject, you are entitled to exercise several important rights with respect to your personal data. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your data when it is no longer necessary, or where you have withdrawn consent.
  • Right to Restriction: Request restriction of the use of your data under certain circumstances.
  • Right to Data Portability: Obtain a copy of your data in a commonly used format and transfer it to another provider.
  • Right to Object: Object to processing conducted on the basis of legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You can raise concerns or lodge a complaint with your national data protection authority if you believe your data rights are not being upheld.

Security Measures

We have implemented appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include encrypted data transmission, secure IT systems, regular staff training, and strict access controls. While we strive to maintain the security of your information, please note that no transmission over the internet is ever completely secure.

Policy Updates

This Privacy Policy may be updated or amended from time to time to reflect changes in our practices, legal requirements, or technology. Any significant changes will be highlighted on our website, and continued use of our services will constitute acceptance of such changes.

Contacting Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the details provided on our website or via our published contact form.

This policy was last updated in June 2024.