Flowers Cheam Privacy Policy

Introduction

This Privacy Policy explains how Flowers Cheam ('we', 'us', or 'our') collects, uses, and safeguards personal data concerning customers placing orders from Cheam and the surrounding districts. This policy ensures compliance with the UK General Data Protection Regulation (GDPR). Please read this policy carefully to understand your rights and how we handle your personal data.

Scope of this Policy

This policy applies to all customers who place orders with Flowers Cheam, whether in person, by telephone, or via any online platform we operate, from Cheam or the surrounding districts. It covers personal data collected, processed, and retained by Flowers Cheam as part of providing our floral services.

What Personal Data We Collect

We collect the following categories of personal data for customer orders and related communications:

  • Identity Data: Name, surname, and possibly title.
  • Contact Data: Address, delivery address (if different), contact telephone number, and (if required) email address.
  • Order Data: Order details (such as chosen products, messages for cards, special delivery instructions), payment status (not bank details), order history with us, and preferences.
  • Payment Data: Method of payment. We do not store your full payment card or banking details in any permanent form.
  • Technical Data: For online orders, technical data including IP address, browser type and version, time zone setting, and device identifiers.
  • Communications: Records of communications with you, including any feedback, requests, or complaints.

Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases as defined under GDPR:

  • Contractual necessity: Processing is necessary for us to fulfil your order and deliver products and services you have purchased from us.
  • Legitimate interests: We may use your data to improve our customer service, ensure proper administration of our business, or notify you of issues affecting your order, provided our interests are not overridden by your rights.
  • Legal obligation: We may process certain personal data to comply with laws or regulatory requirements (for example, tax or accounting regulations).
  • Consent: Where required by law (such as sending direct marketing communications if you are not an existing customer), we will obtain your explicit consent before processing your data for that purpose.

How We Use Your Data

Flowers Cheam uses your personal data for the primary purposes of processing and fulfilling your floral orders, providing customer service, handling payments, resolving complaints or queries, and managing your preferences. Where you have provided consent, we may also use your details to communicate updates or promotional offers relevant to Flowers Cheam, though you can opt out at any time.

Data Sharing and Processors

We only share your data where necessary for the delivery and administration of your order. Data may be shared securely with trusted third-party suppliers, such as:

  • Payment processing providers (to securely process your payment).
  • IT service providers (who host and support our order management systems).
  • Delivery services or couriers (where required for delivery).

All third-party service providers are required to process your data in accordance with our instructions and applicable data protection laws. We do not sell or rent your personal information to third parties for marketing purposes.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes it was collected for, including satisfying any legal, accounting, or reporting requirements. Typically, personal order data is retained for up to six years from the date of your last order, except where legal requirements oblige us to retain certain data for longer. After this period, your data is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, use, alteration, or disclosure. These measures include secure data storage, encrypted communications (where applicable), restricted data access within our team, and regular reviews of our security practices.

Your Rights as a Data Subject

As a customer of Flowers Cheam, you have rights under GDPR in relation to your personal data, including:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct or update inaccurate or incomplete data.
  • Right to erasure: You can request the deletion of your personal data in certain circumstances.
  • Right to restrict processing: You may ask us to suspend the processing of your personal data in specific cases.
  • Right to object: You have the right to object to certain types of processing, including direct marketing.
  • Right to data portability: Where applicable, you can request that your data be provided to you or transferred to another provider.

To exercise your rights, you may contact us at any time. We will respond to your request within the timeframes required by law. Please note that we may need to verify your identity before fulfilling certain requests.

International Data Transfers

Flowers Cheam generally stores and processes your personal data within the United Kingdom. Should it be necessary to transfer data outside the UK or European Economic Area, we will ensure adequate safeguards and data protection standards are in place in accordance with GDPR requirements.

Changes to This Policy

We may update this policy from time to time to reflect legal, regulatory, or operational changes. The most recent version will always be available upon request and clearly dated so that you know which version applies. We encourage customers to review this policy regularly.

Contact and Complaints

If you have any questions about this privacy policy or how we handle your personal data, please contact us directly. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

This policy was last updated in June 2024.