Flowers Old Malden GDPR Privacy Policy

Introduction

This Privacy Policy explains how Flowers Old Malden collects, uses, stores, and protects your personal information in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). Our policy applies to all customers who place orders for Flowers Old Malden in Old Malden and the surrounding districts. We are committed to maintaining the privacy, security, and integrity of your personal data throughout your interactions with us.

What Data We Collect

When you place an order with Flowers Old Malden, we collect and process different types of information, which may include:

  • Identification Information: Your full name, delivery address, billing address, and contact details.
  • Order Details: Information about the products and services you order, your preferred delivery date and any messages to be accompanied with your order.
  • Payment Information: Details required for processing payment such as transaction IDs. Please note, we do not store card details; any payment details are processed securely through vetted payment processors.
  • Communication Data: Correspondence records, including order confirmations, inquiries, or complaints you submit.

We may also collect technical data such as your IP address and browser type for security and analytical purposes when you visit our website.

Lawful Basis for Processing

GDPR requires us to have a legal basis for processing your data. We rely on the following:

  • Contractual Necessity: We need to process your identification, order, and delivery information in order to fulfill your order and deliver our products and services to you.
  • Legal Obligation: We may be required to process and retain certain financial and transactional data to comply with applicable laws, such as tax and accounting regulations.
  • Legitimate Interests: On occasion, we process information to improve our services, prevent fraud, and ensure the security of our operations, provided that these interests are not overridden by your rights and interests.
  • Consent: Where legally required, for instance, to send you marketing communications, we will request your explicit consent. You have the right to withdraw consent at any time.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Typically, order and communication data is retained for up to seven years to comply with tax and contractual obligations. After the retention period expires, your information will be securely deleted or anonymised.

Data Processors

To operate effectively, Flowers Old Malden may engage with carefully selected third parties acting as data processors. These may include:

  • Payment service providers to handle and process card payments securely.
  • Courier or delivery partners to ensure prompt delivery of your orders.
  • IT and technical support services to help us manage our website, databases, and communication systems.
  • Accountants and professional advisors to comply with legal and regulatory obligations.

We require all third-party processors to adhere to GDPR requirements and only process your data according to our instructions. They are not permitted to use your data for their own purposes. Data is never sold or traded to any third parties.

Your Rights Under GDPR

Under GDPR, you have several important rights regarding your personal data. These include:

  • Right of Access: You can request details of the personal data we hold about you and how it is processed.
  • Right to Rectification: If your information is inaccurate or incomplete, you have the right to request correction.
  • Right to Erasure: In certain circumstances, you may request the deletion of your personal data, excluding cases where we are required to retain it by law.
  • Right to Restrict Processing: You can request that we temporarily suspend processing of your personal data under certain conditions.
  • Right to Data Portability: Where processing is carried out by automated means, you may request a copy of the data you provided to us in a machine-readable format.
  • Right to Object: You can object to certain types of processing, such as direct marketing activities at any time.

To exercise any of these rights or if you have concerns regarding your data, you are encouraged to contact us using the methods available on our website or by post.

How We Protect Your Data

Flowers Old Malden is committed to safeguarding your personal data. We implement appropriate technical and organisational measures to prevent unauthorised access, loss, misuse, or disclosure of your information. These include restricted system access, secure servers, encryption during data transmission, and staff training on data protection.

International Transfers

Your personal data is predominantly processed within the UK or European Economic Area (EEA). If, in limited cases, personal data is transferred outside of these regions, we ensure such transfers comply with legal requirements and are protected by appropriate safeguards.

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect or process information from individuals under this age. If you believe personal data has been collected from a child under 16, please notify us promptly.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any modifications will be published on our website with a revised effective date. We encourage you to review this page periodically for the latest information on our privacy practices.

Contact and Further Information

If you have any questions, require further information or wish to exercise your data protection rights, please refer to the contact details provided on our website. We will respond as promptly as possible to your requests and concerns.