Privacy Policy for Flowers St Albans Customers

Introduction

This Privacy Policy outlines how Flowers St Albans collects, processes, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Flowers St Albans, whether for delivery or collection, within St Albans and surrounding districts.

What Data We Collect

When you place an order with Flowers St Albans, we collect the following categories of personal information, as applicable:

  • Identity Data: Name, surname, and, if provided, company name.
  • Contact Data: Delivery address, billing address, phone number, and relevant delivery information.
  • Order Data: Details of the products you have ordered, purchase history, and delivery instructions.
  • Payment Data: Partial payment information. (Note: Full payment card details are never stored by us but may be processed securely by third-party payment processors.)
  • Communication Data: Correspondence via forms, notes with your order, and feedback you provide.
  • Technical Data: Your IP address, browser type, time zone, and cookie data collected through our website to improve performance and user experience.

Lawful Basis for Processing Your Data

Flowers St Albans only processes your personal data when allowed under the GDPR. The legal bases upon which we rely include:

  • Contract Performance: Processing necessary for the performance of a contract (fulfilling your flower order).
  • Legal Obligation: Compliance with applicable law, such as tax or record-keeping requirements.
  • Legitimate Interests: For the purpose of business operations, such as data analytics to improve our service, fraud prevention, and marketing our products (where you have not opted out).
  • Consent: In circumstances where we need your specific consent, such as subscribing to a newsletter, we will ask for your consent and you may withdraw it at any time.

How We Use Your Personal Data

Your personal data is used for the following purposes:

  • Processing, confirming, and delivering your orders.
  • Communicating with you regarding your order or queries.
  • Personalising your user experience on our website.
  • Managing payments and refunds.
  • Complying with legal obligations.
  • Conducting analytics to improve our products and services.
  • Sending you marketing messages, if you have opted in.

Data Retention

We retain your personal data only for as long as is necessary for the purposes stated in this policy. The specific retention periods are as follows:

  • Order and contact data: Kept for up to 6 years after your last transaction to comply with tax, accounting, and regulatory obligations.
  • Marketing preferences: Retained only as long as you wish to continue receiving marketing from us.
  • Technical and analytics data: Typically retained for no longer than 2 years from the date of collection.
  • Payment data: We do not retain your full card details; payment data processed by our partners is retained according to their own policies.

When personal data is no longer required, it will be securely deleted or anonymised.

Data Processors and Sharing Your Data

We use certain trusted third-party service providers (data processors) who process data on our behalf, including:

  • Payment processing services who handle your payment securely.
  • Delivery and courier partners who receive your delivery details.
  • IT support and website hosting services.
  • Analytics and marketing services that help us improve our service and tailor communications.

All data processors are thoroughly vetted for GDPR compliance and are only allowed to process your data for specified purposes in accordance with our instructions.

We will never sell your information or share it with third parties for their own marketing purposes. We may disclose your personal data where required by law or to protect our legal rights.

Your Rights under GDPR

Under the GDPR, you have several key rights in relation to your personal data. These include:

  • The right to access – Request a copy of the personal data we hold about you.
  • The right to rectification – Ask us to correct inaccurate or incomplete data.
  • The right to erasure (‘right to be forgotten’) – Request deletion of your personal information where there is no overriding legal reason for its retention.
  • The right to restrict processing – Ask us to temporarily suspend processing your data.
  • The right to data portability – Request that we transfer your data to another service where technically feasible.
  • The right to object – Object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, you may contact us using the details available on our website or in your order confirmation. We may require proof of identity before fulfilling certain requests.

Data Security

We take data security seriously and have implemented appropriate technical and organisational measures to protect your information from unauthorised access, alteration, disclosure, or destruction. This includes secure website encryption (HTTPS), staff training on data handling, and regular review of our procedures.

Cookies and Website Analytics

Our website uses cookies and similar tracking technologies to enable site functionality, monitor website usage, and support marketing activities. You can control cookie preferences in your browser settings. For more detailed information on cookies, please consult our separate Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the UK and/or the European Economic Area (EEA). In rare cases where data may be processed outside these areas by our processors, we ensure equivalent levels of protection as mandated by GDPR, such as Standard Contractual Clauses.

Policy Updates

We may update this Privacy Policy to reflect changes to our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy regularly to stay informed. The date of the last update is indicated at the bottom of this policy.

Contact and Complaints

If you have any questions about this Privacy Policy, your data, or wish to submit a complaint, please get in touch through our website’s contact options or by writing to us at our registered business address. Should you be unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Last updated: June 2024