Flowers Tottenham Privacy Notice

Introduction

This Privacy Policy explains how Flowers Tottenham ("we", "us", "our") collects, uses, shares, and protects personal data relating to customers who place orders from Tottenham and surrounding districts. Our commitment is to safeguard your privacy and comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR). Please review this policy to understand your rights and our obligations.

Scope of this Policy

This policy applies to all customers placing orders for flowers or related products and services with Flowers Tottenham, whether online, by phone, or in person, from Tottenham and neighboring districts. It covers the personal data we collect, the reasons for its collection, and how we process, store, and protect your information.

Personal Data We Collect

We collect only the minimum personal information necessary to process, fulfill, and deliver your order, and to provide customer service. Depending on how you interact with us, the data we collect may include:

  • Identity Data: Name, title, and in some cases identification information to confirm your order.
  • Contact Data: Billing and delivery address, postcode, telephone number, and recipient details (name, address, and phone number) if different from the customer.
  • Order Details: Items ordered, payment method (excluding full payment information), date, time, and delivery preferences.
  • Payment Data: Payment confirmation, transaction reference numbers, and in some cases, partial card details. All payment processing is handled by third-party payment processors and no full card or bank details are stored by us.
  • Communications: Correspondence via web forms, customer support enquiries, and any feedback you provide.
  • Technical Data: IP address, device type, and, where applicable, website usage data, collected via cookies or similar technologies for operational and security purposes.

We do not knowingly collect or process special categories of personal data (such as health or biometric data) unless specifically relevant to your order and with your explicit consent.

Lawful Basis for Data Processing

Our processing of your personal data is justified under the following lawful bases as specified by the GDPR:

  • Contractual Necessity: Processing your personal data is necessary to enter into and perform our contract with you, e.g., to process, deliver, and manage your orders.
  • Legal Obligations: We process certain personal data to comply with legal requirements, such as record-keeping.
  • Legitimate Interests: We may process your data for our legitimate interests, such as improving services, fraud prevention, and customer support. In all such cases, we balance our interests with your rights.
  • Consent: Where required, we obtain your consent for processing specific types of data, for example, for marketing communications.

How We Use Your Data

We use your personal information for the following purposes:

  • To process, fulfill, and deliver your flower orders and services.
  • To communicate order updates, confirmations, and resolve any issues.
  • To improve our products and services through customer feedback.
  • To comply with legal, tax, and accounting obligations.
  • To prevent fraudulent transactions and ensure the security of our operations.

Data Processors and Sharing of Information

We limit access to your personal data to employees and trusted third-party service providers (data processors) who require access to carry out the activities outlined above. These include:

  • Payment Processors: Secure payment gateways managing card or bank transactions.
  • Delivery Partners: Couriers or logistics companies necessary for the delivery of your order.
  • IT and System Providers: Companies providing website hosting, data storage, and customer management systems.

Wherever data processors act on our behalf, they are required to comply with our written instructions and are bound by confidentiality and data protection obligations. We do not sell or rent your personal data to third parties.

International Transfers

We aim to store all personal data within the United Kingdom or European Economic Area (EEA). If, for operational purposes, it is necessary to transfer your information outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Data Retention Policy

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including for compliance with legal, accounting, or reporting requirements. In general:

  • Order Records: Maintained for up to 6 years from the date of order completion for legal and customer service purposes.
  • Customer Communications: Retained for up to 2 years after last contact, unless required for ongoing dispute resolution or legal claims.
  • Technical and Website Data: Retained for up to 26 months for security, analysis, and improvements.

After these periods, your information is securely deleted or anonymized.

Your Rights under GDPR

As a customer, you have the following rights regarding your personal data:

  • The Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of that data.
  • The Right to Rectification: You can request correction of inaccurate or incomplete personal information.
  • The Right to Erasure: Also known as the ‘right to be forgotten’. You may request deletion of your data, subject to legal limitations.
  • The Right to Restrict Processing: You may limit how we use your data under certain circumstances.
  • The Right to Data Portability: Request transfer of your data to another service provider where technically feasible.
  • The Right to Object: You may object to certain types of processing, such as direct marketing.
  • The Right to Withdraw Consent: Where we process your data based on consent, you can withdraw this consent at any time.

To exercise these rights, please use our standard enquiry form or contact us using the details provided on our website. We will respond to all requests in accordance with legal timeframes and requirements.

Data Security

We are committed to protecting your information. We use a combination of organizational, technical, and physical safeguards, including secure servers, data encryption, regular staff training, and strict access controls. Regular security reviews are conducted to keep your data safe from unauthorized access, alteration, disclosure, or destruction.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our data handling practices, or new services. Updates will be posted on our website, and, where appropriate, you may be notified directly.

Contact and Complaints

If you have any questions or concerns regarding this Privacy Policy or your personal data, you can reach out to us using the appropriate section of our website. If you remain dissatisfied, you may raise your concerns with the relevant data protection supervisory authority in the United Kingdom.

Effective Date

This policy is effective from 1st June 2024 and applies to all customers placing orders from Tottenham and surrounding districts.