Flower Delivery Wandsworth GDPR Privacy Policy

Introduction

This Privacy Policy explains how Flower Delivery Wandsworth collects, uses, stores and protects your personal data when you place flower delivery orders within Wandsworth and the surrounding districts. We are committed to safeguarding your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws. This policy applies to all customers who engage our flower delivery services within our service areas.

Personal Data We Collect

To provide and improve our services, we collect various types of personal data, which include:

  • Contact Details: Such as your full name, delivery address, billing address, and telephone number when you place an order.
  • Order Information: Details about the flowers, gifts, delivery preferences, message cards, and any special instructions you provide.
  • Payment Information: While we do not store full payment card details, we may collect non-sensitive payment confirmation or transaction data as processed by our chosen payment providers.
  • Communication Records: Any correspondence with us, including queries, feedback or order updates.
  • Technical Data: When you visit our website, we may collect device identifiers, IP address, browser type, and cookies to enhance your user experience and for website analytics.

Lawful Basis for Processing

Our processing of your personal data relies on specific lawful bases as required by the GDPR. The main purposes and corresponding legal grounds are as follows:

  • Contractual Necessity: We process your data to fulfil our contract with you; this includes processing your order, arranging delivery, and managing your payment.
  • Legitimate Interests: We may process your data for internal administration, service improvement, and to communicate relevant updates about your order. Our legitimate interests do not override your data protection rights.
  • Legal Obligations: Certain data may be processed to comply with our legal and regulatory obligations, such as maintaining financial records for tax purposes.
  • Consent: Where legally required, we may seek your explicit consent, for example for optional marketing communications. You have the right to withdraw your consent at any time.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. Typically, core order details and transaction records are retained for up to 6 years to comply with tax and accounting regulations. Communication records and technical data are retained for shorter periods unless needed for dispute resolution or service improvement. Once data is no longer required, it will be securely deleted or anonymised.

Data Processors and Third Parties

Flower Delivery Wandsworth uses trusted third-party processors and service providers to facilitate certain aspects of our operations. This may include:

  • Payment Processors: Securely handling your payment transactions.
  • Delivery Partners: Assisting with the delivery of your order to the specified address.
  • Technical Service Providers: Website hosting, analytics, and IT support providers.

All third-party processors are contractually obliged to handle your data securely, in accordance with GDPR, and only for the purposes specified by Flower Delivery Wandsworth. We do not transfer your data outside the United Kingdom or European Economic Area unless adequate levels of protection are ensured.

User Rights Under GDPR

As a customer, you have specific rights regarding your personal data, including:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request that we correct or update your data if it is inaccurate or incomplete.
  • Right to Erasure: Request deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Ask us to restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: Obtain a digital copy of your data or have it transferred to another service provider, where applicable.
  • Right to Object: Object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where you have provided consent, you can withdraw it at any time.

If you wish to exercise any of your rights, please contact us using the contact details found on our website. You also have the right to lodge a complaint with a data protection authority if you believe your data is being processed in breach of GDPR.

Data Security

We are committed to ensuring the security of your personal information. We implement appropriate organisational, technical, and administrative measures to protect your data against unauthorised access, alteration, disclosure, or destruction. While we strive to use robust security protocols, please note that no method of transmission over the Internet is completely secure. We recommend you take suitable precautions when sharing personal information online.

Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us so that we can take appropriate action.

Policy Updates

We reserve the right to amend this Privacy Policy to reflect changes in our practices, operational requirements, or legal obligations. Any changes will be posted on our website, and we encourage you to review this policy periodically for updates.

Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please reach out to us using the contact section of our website. We are committed to resolving your concerns and protecting your privacy rights.