Privacy Policy for Flower Delivery Seven Sisters

Introduction

This Privacy Policy details how Flower Delivery Seven Sisters ("we", "us", or "our") collects, uses, stores, and safeguards your personal data when you place orders with us in Seven Sisters and the surrounding districts. Protecting your privacy is of utmost importance to us, and we are fully committed to complying with the General Data Protection Regulation (GDPR) and all applicable UK data protection laws. This Privacy Policy applies to all customers and website visitors who engage with our flower delivery services.

What Data We Collect

When you place an order or interact with Flower Delivery Seven Sisters, we may collect the following types of personal information:

  • Identity Data: Your full name, and if you are sending flowers as a gift, the recipient's name.
  • Contact Data: Delivery address, billing address, telephone number(s), and any contact details you provide.
  • Order Details: Information on the products you have ordered, delivery messages, and preferences.
  • Payment Data: Payment method details, transaction ID, but no card data is stored by us directly, as all transactions are processed by secure third-party payment processors.
  • Technical Data: IP address, browser type, device data, and access times when using our website.
  • Communication Data: Records of your communications with us, including queries and complaints, and feedback.

Lawful Basis for Processing

We process personal data only where we have a legal basis under GDPR:

  • Contractual Necessity: To process and fulfill your flower delivery orders and provide customer service.
  • Legal Obligation: For compliance with applicable laws and tax obligations.
  • Legitimate Interest: To improve our services, prevent fraud, maintain security, and send notifications about your order status.
  • Consent: We may rely on consent for specific marketing activities, should you opt in. You may withdraw consent at any time.

How We Use Your Data

Your personal information is used for the following purposes:

  • Processing and delivering your flower order accurately and on time.
  • Contacting you regarding your order, including confirmations and delivery updates.
  • Responding to your questions, requests, or complaints.
  • Maintaining accurate financial and business records in compliance with legal obligations.
  • Improving our website and services based on trends and feedback.
  • Marketing (with your explicit consent), such as sending special offers or updates about our services.

Data Retention

We retain your personal data only for as long as needed to fulfill the purposes outlined in this Privacy Policy and to meet legal, accounting, or reporting requirements. Specifically:

  • Order and transaction data is stored for a minimum of six years to comply with statutory financial obligations.
  • Communication and feedback records may be kept for up to two years for quality improvement and dispute resolution.
  • Technical data collected by cookies and analytics tools is kept for a period necessary to analyze trends and performance, typically for one to two years.
  • Marketing consents are reviewed regularly, and preferences can be easily updated by customers.

After applicable retention periods, we securely delete or anonymise your personal data.

Data Processors and Third Parties

To operate efficiently, we sometimes share data with trusted third-party service providers ("processors") under strict contractual terms. These include:

  • Payment Processors: Secure third parties to process customer payments (e.g., card payment gateways). We do not retain payment card details.
  • Delivery Partners: Reliable couriers and drivers providing flower delivery services within Seven Sisters and nearby districts, who need address and contact details to complete deliveries.
  • IT and Hosting Providers: Companies providing website hosting, email delivery, and backup services.
  • Professional Advisors: Accountants, insurers, or legal advisors, as necessary for compliance and legal requirements.

All third-party processors act strictly under our instructions and are legally bound to comply with UK and EU data protection laws. They may not use your data for their own purposes.

International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure such transfers are protected by suitable safeguards, such as approved contractual clauses or data protection adequacy decisions.

How We Protect Your Data

We use appropriate organisational and technical security measures to protect all personal data from loss, misuse, unauthorised access, disclosure, or alteration. These include encrypted transmissions, restricted database access, and secure storage protocols. Only authorised staff and partners have access to your data as necessary to fulfill your order and maintain our services.

User Rights under GDPR

As a customer or user, you are entitled to clear information about how your personal data is handled, and you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete information.
  • Right to Erasure: Ask us to delete your personal data where there is no legal basis for its continued processing.
  • Right to Restrict Processing: Request that we limit the way we use your data.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to the use of your data for marketing or our legitimate interests.
  • Right to Withdraw Consent: You may withdraw consent for processing at any time, when processing is based on consent.
  • Right to Lodge a Complaint: You may lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

Changes to This Privacy Policy

We may review and update this Privacy Policy as required to reflect changes in law, regulation, or our business practices. Any significant changes will be noted clearly in our communications and on our website.

Contact and Further Information

If you have questions regarding how we use your personal data, exercise your rights, or about this Privacy Policy, please contact us through the methods available on our website. We value your privacy and will respond as promptly as possible to any request or concern.