Flowers Haggerston Data Privacy Policy

Introduction

This Privacy Policy explains how Flowers Haggerston collects, uses, stores, and safeguards your personal data in accordance with the General Data Protection Regulation (GDPR) and UK data protection law. It applies to all customers placing orders with Flowers Haggerston in Haggerston and neighboring districts. Your privacy is important to us, and we are committed to ensuring that your data is protected and processed transparently.

What Data We Collect

When you place an order or interact with Flowers Haggerston, we may collect and process the following categories of personal data:

  • Contact Information: Name, delivery address, billing address, postal code, and telephone number (if provided).
  • Order Details: Information about the items ordered, delivery instructions, preferred delivery date, and recipient information (if you are purchasing flowers for another person).
  • Payment Information: Payment amount, payment method, and transaction details. The actual payment card or bank account details are processed securely by our payment processor and are not stored by Flowers Haggerston.
  • Communications: Any correspondence or messages you send to us, such as feedback, inquiries, or special requests related to your order.
  • Technical Information: When you use our online ordering system, we may collect technical data, such as IP address, browser type, and browsing patterns, to ensure site security and functionality.

We do not knowingly collect data from children under the age of 16.

Lawful Basis for Processing Your Data

Flowers Haggerston processes your personal data only when there is a lawful basis to do so under Article 6 of the GDPR. These may include:

  • Contractual Necessity: Processing your data to fulfill your order, including payment processing, preparing, and delivering your flowers.
  • Legal Obligations: Compliance with legal obligations, such as maintaining transaction records for tax or regulatory purposes.
  • Legitimate Interests: Ensuring the efficient operation and security of our services, improving our customer service, and handling your inquiries or complaints.
  • Consent: Where required, we may seek your explicit consent to process certain categories of data, which you have the right to withdraw at any time.

How We Use Your Data

Your personal information is used exclusively for the following purposes:

  • Processing and fulfilling your flower orders
  • Communicating with you regarding your order or customer service inquiries
  • Handling payment transactions (via our secure payment processor)
  • Meeting regulatory and legal obligations
  • Improving our services and ensuring website security

Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this policy:

  • Order and transaction data will be retained for up to 7 years to comply with statutory and accounting requirements.
  • Customer correspondence will be retained for no longer than 2 years after the resolution of your inquiry or complaint.
  • Technical data (such as server logs) is typically kept for up to 12 months to ensure the security and functionality of our website.

After these retention periods, your data will be securely deleted or anonymized, unless there are overriding legal or regulatory requirements to retain it for longer.

Processors and Third Parties

Flowers Haggerston may engage trusted third-party service providers (data processors) to help deliver our services, including:

  • Payment processing companies who handle secure financial transactions
  • Delivery partners who assist with bouquet delivery to recipients
  • IT and website service providers, who help maintain and host our systems

All processors are required to act only on our instructions and must comply with the security and privacy obligations set out in this policy and in accordance with UK and EU data protection laws. Your data will not be sold, shared, or transferred to any other third parties for marketing purposes.

Your Rights

As a Flowers Haggerston customer, you have several rights concerning your personal data under the GDPR:

  • Right to Access: You can request information about the personal data we hold about you, including how it is used and with whom it is shared.
  • Right to Rectification: You can request that any inaccurate or incomplete data be corrected.
  • Right to Erasure: Also known as the 'right to be forgotten,' you may request deletion of your personal data, provided there is no overriding legal basis for its continued retention.
  • Right to Restrict Processing: In certain circumstances, you can request that we limit how your personal data is used.
  • Right to Data Portability: You have the right to request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your personal data in specific situations, such as direct marketing (which Flowers Haggerston does not conduct unless you have given explicit consent).

If you wish to exercise any of these rights, you can contact us through your typical customer service channel. We will respond to all requests within the timeframes set out in data protection law.

Security of Your Data

Flowers Haggerston takes data security seriously. We have implemented appropriate technical and organizational measures to prevent unauthorized access, accidental loss, alteration, or disclosure of your personal information. Only authorized staff and processors with a business need to know will have access to your data.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. We encourage customers to review it periodically for the latest information about our privacy practices. All changes will become effective upon publication of the revised Privacy Policy.

Contact & Complaints

If you have questions, concerns, or wish to exercise your rights in relation to your personal data, please contact us via your regular customer service method or in writing at our business address. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office or your local data protection authority.