Flower Delivery Harefield Privacy Policy - GDPR Compliance

Introduction

This Privacy Policy explains how Flower Delivery Harefield ("we", "our", or "us") collects, uses, protects, and stores personal information from customers (“you”, “your”) who place orders for flower delivery in Harefield and surrounding districts. As your trust is essential to us, we are committed to protecting your privacy and handling your data transparently and in compliance with the General Data Protection Regulation (GDPR).

Scope of This Policy

This Privacy Policy applies to all customers placing orders with Flower Delivery Harefield for delivery in Harefield and the surrounding districts. By ordering from us, you acknowledge and agree to the practices described in this policy.

Personal Data We Collect

When you place an order or interact with our services, we may collect the following types of personal data:

  • Identification Data: Name, delivery address, billing address
  • Contact Details: Phone number, contact address
  • Order Details: Products ordered, message for card, special delivery instructions
  • Payment Information: Necessary payment details such as payment confirmation; we do not store full credit or debit card numbers
  • Technical Data: IP address, browser type, device information, and cookies relating to your use of our site
  • Correspondence: Any information you provide to us when contacting us for customer support

Lawful Basis for Processing Your Data

Under GDPR, we process your data only when we have a lawful basis to do so. Our bases for processing include:

  • Contractual Necessity: We process your personal data as it is necessary to fulfill your order and provide our services.
  • Legitimate Interests: To improve our services, protect against fraud, and manage our business efficiently, we may process certain data with minimal impact on your privacy.
  • Legal Compliance: In some cases, we process data to adhere to legal obligations such as tax and accounting requirements, and consumer rights law.
  • Consent: Where required, we obtain your explicit consent for processing (for example, for marketing communications, which you can opt out of at any time).

How We Use Your Personal Data

Your personal data may be used in the following ways:

  • To process, fulfill, and deliver your flower orders, including communicating order confirmations and updates
  • To handle payments and refunds securely
  • To respond to your enquiries, requests, or complaints
  • To maintain records for accounting, legal, and regulatory purposes
  • To improve our services by analysing how customers interact with us
  • To send you service-related communications and, with your permission, marketing offers that may be of interest

Data Retention

We retain your personal data only for as long as is necessary to provide our services and fulfill our contractual, legal, and accounting obligations. Typically:

  • Order and contact details: retained for up to seven years to comply with tax and accounting regulations
  • Marketing preferences: retained until you opt out or withdraw consent
  • Technical data: retained for up to two years for analytics and security purposes

After these periods, personal data is securely erased or anonymised so you can no longer be identified.

Data Processors and Third Parties

We may use carefully selected third-party service providers ("data processors") to assist in fulfilling orders, processing payments, and delivering flowers. These may include:

  • Payment processors (for secure payment authorization and processing)
  • IT and website hosting providers
  • Delivery partners (for delivering your floral gifts)

All processors are contracted to handle your data securely and are prohibited from using your data for any purpose other than providing the relevant service. We do not sell your personal data to any third parties.

Data Security

We take data security seriously. Appropriate physical, electronic, and managerial procedures are in place to safeguard and secure your information. Access to your personal data is restricted to authorised employees, agents, and subcontractors who require it for the purposes set out in this policy.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data held by us
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request your data be deleted when it is no longer necessary
  • Right to Restriction: Restrict processing of your data in certain circumstances
  • Right to Data Portability: Receive your data in a commonly used format for portability to another provider
  • Right to Object: Object to processing carried out under legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time if processing is based on consent

To exercise any of these rights, please contact us. We will respond to all requests in accordance with applicable law and may require verification of your identity.

Children's Privacy

Our services are not targeted at children under the age of 16. We do not knowingly collect or process personal data from children under this age.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our business processes. Any substantial changes will be notified to customers where possible and the most recent version will always be available on request.

Contact and Complaints

If you have any questions about this Privacy Policy, your personal data, or wish to make a complaint, please contact us by the methods provided on our official website or by post. Should you feel that your privacy rights have not been upheld, you also have the right to lodge a complaint with the relevant supervisory authority.