Chadwell Heath Florist Privacy Policy

Introduction

This Privacy Policy explains how Chadwell Heath Florist collects, uses, stores, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR) and related UK data protection laws. This policy applies to all customers who place orders with Chadwell Heath Florist from Chadwell Heath and the surrounding districts. We are committed to safeguarding your privacy and ensuring your personal information is handled transparently, securely, and lawfully.

What Data We Collect

When you place an order with Chadwell Heath Florist, we may collect the following categories of personal data:

  • Contact Information: Including your full name, delivery address, billing address, and telephone number.
  • Order Information: Details of the flowers or products you purchase, delivery instructions, card messages, and recipient details (e.g., their name, address, contact number).
  • Payment Information: Payment card details and transaction records. Please note that some payment processing is handled securely by third-party processors; we do not store your full card details.
  • Communication Data: Records of communications with us, including order confirmations, feedback, or queries.
  • Technical Information: Limited website usage details, such as your IP address, browser type, and cookies as necessary for functionality and analytics.

Lawful Basis for Processing

We only collect and process your data where there is a legitimate and legal basis to do so under GDPR. The lawful bases applicable to Chadwell Heath Florist include:

  • Contractual Necessity: We require certain information to fulfil and deliver your order or to take steps at your request before entering into a contract.
  • Legal Obligations: We may need to retain certain records to comply with applicable accounting, tax, or other legal requirements.
  • Legitimate Interests: We may use your information for our legitimate business operations, such as improving customer service, conducting direct marketing related to our own products and services (if you have not opted out), and analyzing trends to enhance our offerings. We always balance these interests against your fundamental rights and freedoms.
  • Consent: Where required (such as for certain marketing communications), we seek your prior and explicit consent. You can withdraw your consent at any time.

How We Use Your Data

Your personal data may be used for the following purposes:

  • Processing and delivering your floral orders, including passing necessary information to couriers or staff.
  • Communicating with you about your order, including confirmations, delivery updates, or responding to queries.
  • Fulfilling legal and regulatory requirements.
  • Improving the functionality and effectiveness of our website and services.
  • Sending you information on products or special offers (where permitted and subject to your preferences).

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Typically, order-related information is kept for a period aligned with UK statutory requirements for business records (usually up to 6 years). After this period, data is securely deleted or anonymized. We regularly review our retention periods to ensure compliance and necessity.

Processors and Sharing of Data

Chadwell Heath Florist will never sell your data. We may share your information with trusted third parties only if it is essential for providing our services or complying with legal duties. Such parties may include:

  • Payment Processors: Securely handling your payment transactions. These processors have their own obligations under GDPR.
  • Delivery Partners or Couriers: To enable accurate and timely delivery of your order.
  • IT and Web Service Providers: Assisting in maintaining our website, keeping data safe, and ensuring uninterrupted service.
  • Legal or Regulatory Authorities: Where legally required to do so or to protect our business from fraud or other criminal activity.

We ensure all third-party service providers have policies and procedures in place to protect your personal data and act strictly on our instructions. Data may be processed within the UK and occasionally the wider European Economic Area, with appropriate safeguards in place.

Your Rights as a Customer

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of your personal data we hold.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: Also known as the "right to be forgotten." You can ask for your data to be deleted in certain circumstances, unless we are required by law to keep it.
  • Right to Restrict Processing: You may request that we restrict how we use your data under certain circumstances.
  • Right to Data Portability: Where applicable, you can request a copy of your personal data in a machine-readable format for transfer to another provider.
  • Right to Object: You can object to processing where we rely on legitimate interests, including direct marketing. We honor all opt-out requests promptly.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

Security Measures

We use a combination of physical, technical, and procedural measures to protect your data from unauthorized access, disclosure, alteration, or destruction. Access to your personal data is strictly controlled, and only personnel with a legitimate need will have access.

Changes to This Policy

We review our privacy policy regularly and may update it as necessary to reflect changes in law, technology, or our data handling practices. Updated versions will include the latest revision date and will take immediate effect upon publication.

How to Contact Us

If you have questions, complaints, or requests regarding this Privacy Policy or your data protection rights, please contact us using the details provided on our website. We are committed to working with you to resolve any concerns and uphold your data protection rights.