Crouch End Flowers Privacy Policy

Introduction

This Privacy Policy details how Crouch End Flowers collects, uses, retains, and safeguards your personal data. We are committed to the protection of your privacy and to ensuring full compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Crouch End Flowers in Crouch End and the surrounding districts.

What Data We Collect

When you place an order or interact with Crouch End Flowers, we may collect and process the following types of information:

  • Contact Information: Your name, delivery address, billing address, and contact details.
  • Order Details: Information about the flowers, gifts, or services you have ordered, including any personalised messages you provide.
  • Payment Information: Data necessary to process your payment, such as payment card details. Payment processing is carried out by secure third-party payment processors, and we do not store full payment card details.
  • Communication Records: Any correspondence or communications, including feedback and customer service inquiries.
  • Technical Data: Limited technical information, such as cookies or device identifiers, may be collected when you visit our website to improve user experience and website functionality.

Lawful Basis for Processing Data

We process your personal data only where we have a valid legal basis under GDPR:

  • Contractual Necessity: Most data we collect is necessary to fulfil your order and provide our services, such as delivering your flowers and processing your payment.
  • Legal Obligations: Certain data may be processed to comply with financial, tax, or other regulatory requirements.
  • Legitimate Interests: We may use your information to improve our products or services, respond to your queries, or for administrative purposes, provided that these interests do not override your rights.
  • Consent: In cases where your explicit consent is required (for example, for marketing communications), we will obtain your consent before processing.

How We Use Your Data

We use your personal data for the following purposes:

  • To process and deliver your order, including managing payment and arranging delivery.
  • To communicate order status updates and answer your questions.
  • To comply with legal, tax, and accounting requirements.
  • To improve and personalise our services for you.
  • To address feedback or resolve issues raised by you about our products or services.
  • For security and fraud prevention.

Retention of Personal Data

We retain your personal information only for as long as necessary to achieve the purposes outlined above, or as required by law. Typically, order-related data is kept for a period consistent with financial reporting and tax requirements (usually up to 7 years). Communication records and consent records are stored for as long as is reasonable to resolve queries or as required by applicable law. When data is no longer required, it is securely deleted or anonymised.

Processors and Data Sharing

To fulfil your order and maintain our services, certain data processors may handle your personal information on our behalf. Examples include payment processors, delivery partners, IT service providers, and website analytics providers. We only engage processors who commit to GDPR-compliant data protection standards and only share data necessary for the fulfilment of their specific function. We do not sell or rent your personal information to third parties for marketing purposes.

International Data Transfers

Your data is primarily processed within the United Kingdom and the European Economic Area (EEA). If we ever need to transfer your personal data outside these regions, we will ensure adequate safeguards are in place to protect your data in compliance with GDPR.

Your Rights Under GDPR

As a data subject, you have various rights with respect to your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct incorrect or incomplete information.
  • Right to Erasure: In certain cases, you may request that we delete your personal data ("right to be forgotten").
  • Right to Restriction: You can ask us to restrict the processing of your data under certain circumstances.
  • Right to Portability: You can request a copy of your personal data in a structured, commonly-used format to transfer to another provider.
  • Right to Object: You may object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: Where you have given consent, you may withdraw it at any time.
  • Right to Lodge a Complaint: You have the right to complain to a supervisory authority if you believe your data has been processed unlawfully.

Data Security

We implement a range of technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures are reviewed regularly and updated in line with technological developments and regulatory requirements.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Contacting Us

If you have any questions about your personal data or wish to exercise any of your GDPR rights in relation to data we hold, please reach out to us using the contact details provided on our website or where you placed your order. Our team is committed to responding promptly and addressing your concerns.