Florist South Wimbledon Privacy Policy

Introduction

This Privacy Policy explains how Florist South Wimbledon ("we", "our", or "us") collects, uses, stores, and safeguards your personal data when you place an order with us. This policy applies to all customers placing orders from South Wimbledon and its surrounding districts. We are dedicated to ensuring your privacy, handling your data transparently, and complying with the General Data Protection Regulation (GDPR).

What Personal Data We Collect

We only collect personal data necessary for the provision of our floral services and to fulfil your expectations. The following types of data may be collected when you interact with Florist South Wimbledon:

  • Identity Data: Name, title, and, if applicable, business details.
  • Contact Data: Delivery address, billing address, contact phone numbers, and, when provided, email address.
  • Order Details: Details of the bouquets, gifts, or floral arrangements you purchase, date and time of delivery, card messages, and recipient information (name and delivery address).
  • Transactional Data: Payment method (we do not store card details), purchase history, and relevant payment confirmations.
  • Technical Data: IP address, browser type and version, and information about how you use our website (when orders are placed online).
  • Correspondence Data: Any communications you send to us regarding your orders or customer service queries.

Lawful Basis for Processing Personal Data

In accordance with Article 6 of the GDPR, we process your personal data on the following lawful bases:

  • Contractual Necessity: Data is processed to enable us to fulfil orders, provide customer services, process payments, and deliver products as agreed with you.
  • Legitimate Interests: We may process your data for our legitimate business interests, such as quality control, fraud prevention, and business analysis, where these interests do not override your fundamental rights.
  • Legal Obligation: In certain cases, we may be required by law to process your data, for example to maintain accounting records for tax purposes.
  • Consent: Where you provide additional details (such as signing up for marketing or feedback), we rely on your explicit consent, which you may withdraw at any time.

How We Use Your Personal Data

Your data is used strictly for the following purposes:

  • Processing and fulfilling your orders and arranging delivery
  • Communicating order confirmations, delivery updates, and customer service responses
  • Maintaining records for administrative purposes
  • Fulfilling our financial and regulatory obligations
  • Improving our products and services through feedback and market analysis (where consent for feedback is given)

Data Processors and Data Sharing

In order to fulfill our services, we may use trusted third parties who process your data on our behalf. These may include:

  • Payment Processing Providers: To securely handle payment transactions (we never store complete payment card numbers or security codes).
  • Delivery Partners: To enable the timely delivery of your flowers or gifts to the intended recipient.
  • IT and System Providers: Supporting website operation, order management systems, and data storage.

All third-party processors are contractually obliged to adhere to the requirements of the GDPR and to treat your data securely and confidentially. We do not sell or trade your personal data to third parties for marketing purposes.

Data Retention

Your data will be retained only for as long as is necessary to fulfill the purposes for which it was collected. Specifically:

  • Order and transaction records will be stored for up to six (6) years to comply with legal and taxation requirements.
  • Customer service correspondence is retained for up to one (1) year after the last communication.
  • Marketing preferences and consent records are kept until you withdraw consent or unsubscribe, after which they are promptly deleted.

Once your data is no longer needed, we will securely delete or anonymize it.

Your Data Protection Rights

Under the GDPR, all individuals within the UK and EU have comprehensive rights regarding their personal data. These include:

  • The right to access – You have the right to request copies of your personal data that we hold.
  • The right to rectification – You have the right to request the correction of any information you believe is inaccurate or incomplete.
  • The right to erasure – You may request the deletion of your personal data, subject to legal and contractual obligations.
  • The right to restrict processing – You may request that we restrict the processing of your data under certain conditions.
  • The right to object – You may object to your data being processed for particular purposes.
  • The right to data portability – You may request the transfer of your personal data to another organisation, where technically feasible.

If you would like to exercise any of these rights, please contact us using the details provided at the bottom of this policy. We may require verification of your identity to process your request.

Data Security

We take data security very seriously. Personal data is processed using secure systems and is protected against unauthorised access, disclosure, alteration, or destruction. This includes technical safeguards (such as encryption and secure servers) and organisational measures (such as staff training and restricted access protocols).

International Transfers

Your personal information is stored and processed in the United Kingdom. Should any data be transferred outside of the UK or European Economic Area, we ensure that adequate safeguards, in line with GDPR, are in place to protect your data.

Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect new legal requirements or changes in our operations. Please review this document periodically to remain informed of how we protect your information.

Contact and Complaints

If you have any concerns about your personal data or wish to make a complaint about our data handling, you may contact us using our advertised contact details. You also have a right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are dissatisfied with our response.

Your trust is important to us. Florist South Wimbledon is committed to respecting your privacy and ensuring your personal data is handled lawfully, fairly, and transparently in accordance with the GDPR.