Privacy Policy for Florist Surrey Quays Customers

Introduction

This Privacy Policy sets out how Florist Surrey Quays collects, uses, stores, and protects your personal information when you place orders with us. This policy is intended to fulfil our legal obligations under the General Data Protection Regulation (“GDPR”) and applies to all customers placing orders with Florist Surrey Quays from Surrey Quays and the surrounding districts.

What Personal Data We Collect

When you order flowers or related products from Florist Surrey Quays, we may collect the following categories of personal data:

  • Contact Information: This includes your full name, delivery address, billing address, and telephone number.
  • Order Details: Information about your order, including purchase history, delivery instructions, and any messages attached to your order (e.g. gift notes).
  • Payment Information: Limited payment details such as card type (the actual card numbers are processed securely by our payment processor and are not stored by us).
  • Communication Data: Records of correspondence between you and Florist Surrey Quays, such as emails, letters, or feedback forms.
  • Delivery Recipient Data: Name, address, and telephone number, if you are arranging delivery for another person.
  • Technical Data: Information automatically collected when you visit our website, such as IP address, browser type, and information from cookies necessary for order processing and website functionality.

Lawful Basis for Processing

Florist Surrey Quays processes your personal data under the following lawful bases as set out in the GDPR:

  • Contractual Necessity: Most of the data we collect is necessary to enter into and perform a contract with you for the sale and delivery of goods and services.
  • Legitimate Interests: We may use your data to improve our products and services, respond to your inquiries, and prevent fraudulent transactions, provided these interests do not override your fundamental rights.
  • Legal Compliance: We may retain transaction records to fulfil legal obligations, such as accounting and tax requirements.
  • Consent: In cases where the law requires, for example sending marketing communications, we will obtain your explicit consent before processing your data. You may withdraw this consent at any time.

How We Use Your Personal Data

Your information is used only as necessary to:

  • Process, confirm, and deliver orders to you or your chosen recipient;
  • Contact you about your order, or respond to pre-sales and aftersales inquiries;
  • Fulfil legal record-keeping and financial obligations;
  • Monitor and improve our website and customer service, using aggregated and anonymised data where possible;
  • Send you relevant information about our services, if you have opted in to receive marketing communications.

Third Party Processors

Florist Surrey Quays only shares your data with trusted third-party service providers (“processors”) who assist in delivering our services. These include:

  • Payment Providers: Secure processing of credit/debit card transactions;
  • Delivery Partners: Couriers or florists assisting with delivery outside our core area;
  • IT and Technical Service Providers: Hosting, website, and data storage providers;
  • Accountants and Legal Advisors: For business compliance and legal duties only.

All processors are contractually obliged to protect your personal data and adhere to the instructions of Florist Surrey Quays, and may not use it for their own purposes.

Data Retention

We keep your personal data for no longer than is necessary for our legitimate business needs and legal obligations. Personal data related to orders is typically retained for up to seven years from the date of your last transaction to comply with tax and legal requirements. Communication records and marketing consent records are also held as required to meet our legal and operational needs. After these periods, records will be securely deleted or anonymised.

Your Data Protection Rights

Under the GDPR, you have the following rights with regard to your personal information:

  • Right of Access: You can request access to your personal data held by us.
  • Right to Rectification: You have the right to correct information that is inaccurate or incomplete.
  • Right to Erasure: You have the right to request deletion of your personal data where there is no lawful reason for its continued processing.
  • Right to Restrict Processing: You may restrict the use of your personal data in certain circumstances.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used and machine-readable format for transfer to another provider, when technically feasible.
  • Right to Object: You may object to the processing of your data where processing is based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where our use of your data is based on consent, you may withdraw this at any time.

Security of Your Data

Florist Surrey Quays takes all appropriate technical and organisational measures to safeguard your personal data, including encryption, secure storage, and routine audits of our data handling processes. Our staff are trained in data protection and access to your data is limited to those who need it for business or legal reasons.

Children’s Privacy

Our products and services are not directed to individuals under the age of 18. We do not knowingly collect data from children. If you believe personal data has been provided to us by a child, please contact us promptly so that we can delete the data.

Updates to This Privacy Policy

This policy may be updated from time to time to comply with changes in the law or our operations. The latest version will always be available on our website, and where appropriate, we will notify customers of significant changes.

Contact and Complaints

If you have any questions about this Privacy Policy, how your personal data is handled, or wish to exercise your rights, please contact us using the details displayed on our website or at our premises. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.