Florist Bickley Privacy Policy Statement

Introduction

This Privacy Policy explains how Florist Bickley collects, uses, stores, and protects the personal data of customers placing orders from Bickley and surrounding districts. We are committed to safeguarding your privacy and complying fully with the UK General Data Protection Regulation (GDPR). Please review this Policy carefully to understand your rights and our data protection practices.

Scope of This Policy

This Policy applies to all personal data collected from customers who place orders with Florist Bickley for delivery within Bickley and neighbouring areas. It covers data collection through our website, by telephone, and in-person at our premises, as well as any third-party ordering services we utilise.

What Data We Collect

Depending on how you interact with Florist Bickley, we may collect the following information:

  • Identity Data: Name, title, and any other identifying details you provide when placing an order.
  • Contact Data: Delivery address, email address, and phone number necessary for order delivery and communication.
  • Order Data: Details of your purchases, order history, delivery instructions, and any special requests provided.
  • Payment Data: Payment card details, billing address, and relevant transaction information (note: we do not store full payment card numbers after processing).
  • Correspondence: Any communications you have with our staff, via email, phone, or in-person.
  • Technical Data: Where you use our website, IP address, browser type, and device identifiers may be collected to ensure its proper functioning and security.

Lawful Basis for Processing

Under GDPR, we are required to identify a lawful basis for each activity involving your personal data. The primary bases upon which Florist Bickley relies are:

  • Contractual Necessity: Most personal data is processed to fulfil your order or take steps at your request prior to entering into a contract with us (e.g., when placing or amending orders).
  • Legal Obligation: We process certain data as required by law (e.g., for accounting and tax purposes).
  • Legitimate Interests: We process some data (such as using order history to improve our services) where it is necessary for our legitimate business interests and does not override your rights.
  • Consent: We may seek your consent to send you marketing or promotional material. Where consent is given, you may withdraw it at any time.

How We Use Your Data

Your data is used for the following purposes:

  • Processing and fulfilling your flower orders
  • Contacting you regarding your order, or to resolve issues
  • Delivering products to specified addresses
  • Responding to your queries or requests
  • Improving our products, services, and customer experience
  • Accounting, record-keeping, and compliance with legal requirements
  • Sending marketing communications, if you have provided consent

Retention of Your Data

We only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. Generally, customer data related to transactions will be kept for a minimum of six years to comply with legal obligations and for our legitimate business needs. After this period, data will be securely deleted or anonymised unless further retention is required by law.

Data Processors and Sharing of Data

Florist Bickley may share your personal data with third-party service providers ("processors") in order to operate our business efficiently and fulfil your orders. These may include:

  • Payment processing companies for order payments
  • Courier and delivery service providers for order delivery
  • IT service providers hosting our website and customer management systems
  • Accounting and compliance service providers

We ensure that our processors are GDPR-compliant, are contractually obligated to protect your data, and only use it for purposes specified by Florist Bickley. Unless required by law, we do not sell or rent your personal data to third parties.

International Data Transfers

Our services and data processors are based in the UK and the European Economic Area (EEA). Should it become necessary to transfer your data outside the EEA, we will ensure an adequate level of protection is in place, consistent with GDPR requirements.

Your Rights Under GDPR

As a data subject, you have the following rights, subject to conditions and applicable law:

  • Right of Access: Request a copy of personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your data where there is no legitimate need for us to retain it.
  • Right to Restriction: Request we restrict processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format or have it transmitted to another provider.
  • Right to Object: Object to our processing of your data, in particular for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to Lodge a Complaint: You can complain to the supervisory authority if you believe our data processing does not comply with data protection law.

Security of Your Data

We have implemented suitable technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include restricted access controls, secure data storage, and staff training. Payment details are encrypted and handled securely by our payment processors.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices, regulatory requirements, or for other operational reasons. The latest version will always be made available at our premises and on our website. We encourage you to review this policy periodically.

Contact and Further Information

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us using the details provided at our store or on our website. We take all privacy concerns seriously and aim to respond to requests promptly in accordance with applicable data protection law.