Flowers North Ockendon GDPR Privacy Policy

Introduction

This Privacy Policy explains how Flowers North Ockendon collects, uses, and protects your personal information in accordance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Flowers North Ockendon in North Ockendon and surrounding districts. We are committed to ensuring that your privacy is protected and to providing transparency concerning your personal data.

What Personal Data We Collect

Flowers North Ockendon collects only the information necessary for providing our products and services. This may include:

  • Identity Data: Name, title.
  • Contact Data: Delivery address, billing address, telephone number, and, when required for order confirmation and updates, your email address.
  • Order Data: Details about the flowers or gifts ordered, instructions, messages, dates and times of orders, and payment status (note: actual payment card data is handled securely by our payment processors and is not stored by us).
  • Transactional Data: Records of your orders, their fulfilment, and communication concerning orders.
  • Technical Data: IP address, browser type, device, and usage data captured via cookies and website analytics tools, to improve our website performance and customer experience. Only non-essential cookies are used with your consent.

Lawful Basis for Data Processing

We process your personal data under the following lawful bases as defined by the GDPR:

  • Contractual necessity: Data is processed to complete orders placed by you, including delivery and payment handling.
  • Legal obligation: To comply with applicable laws, such as retaining transaction records for tax or accounting requirements.
  • Legitimate interests: To enhance our products and services, maintain security, or respond to customer enquiries. For example, contacting you to request feedback or to notify you of delivery arrangements.
  • Consent: Where we use non-essential cookies or plan to send you marketing communications, we request your explicit consent which you may withdraw at any time.

How We Use and Share Personal Data

Personal data we collect is used solely for the purpose of fulfilling your order, delivering the correct products to the specified address, responding to queries, maintaining our records, and complying with legal requirements. Flowers North Ockendon does not sell or otherwise distribute your personal data to third parties for marketing or unrelated purposes.

Your data may be shared with trusted partners and service providers (data processors) where necessary. This includes:

  • Payment processors who securely handle transaction payments on our behalf, ensuring compliance with data protection standards.
  • Delivery couriers or fulfilment agents responsible for getting your flowers and gifts safely to your chosen recipient.
  • Website analytics and hosting providers, solely for operating and maintaining our website and ensuring its security.

Each third party with whom we share information acts in accordance with a contract that ensures your data is handled with appropriate security and is not used for any purpose other than providing the relevant service to us.

Data Retention

Flowers North Ockendon retains your personal data only for as long as is necessary for the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Typically, we retain order and transactional data for a period of up to seven years following the completion of your order, to fulfil regulatory and financial obligations. After this period, your personal data is securely deleted or anonymised, unless we are required by law to retain it for a longer period.

Data collected for consent-based activities, such as marketing, will be retained only until you withdraw your consent or request erasure, unless another lawful basis for retention exists.

Your Rights Under GDPR

As a customer, you have specific rights regarding your personal data under the GDPR. These include:

  • Right to access: You can request details of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete information.
  • Right to erasure: You can request the deletion of your personal data in certain circumstances, subject to legal retention requirements.
  • Right to restrict processing: You may request that we temporarily or permanently stop processing your data under prescribed conditions.
  • Right to data portability: You can request a copy of your personal data in a commonly used format for transfer to another provider.
  • Right to object: You may object to the processing of your data for direct marketing or where our legitimate interests are involved.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw this at any time without affecting previous processing activities.

To exercise any of these rights, please contact us using the details provided on our website. We may need to verify your identity to protect your privacy and security before fulfilling your request.

How We Protect Your Data

We are committed to ensuring that your personal information is safe and secure. We implement appropriate technical and organisational measures to prevent unauthorised access, accidental loss, or disclosure of your data. This includes secure servers, encryption, restricted access, and regular staff training on data protection principles.

Policy Updates

We may amend this privacy policy from time to time to reflect changes in our data processing practices or legal obligations. The latest version will always be available on our website. We encourage you to review this policy regularly to stay informed of your rights and how we protect your information.

Contact and Complaints

If you have any questions about this privacy policy, how your information is handled, or if you wish to make a complaint, please refer to the contact details provided on our website. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated.