Privacy Policy for Flowers Radlett Customers

Introduction

This Privacy Policy explains how Flowers Radlett ("we", "our", or "us") collects, uses, and safeguards your personal information when you place orders with us in Radlett and the surrounding districts. It outlines your rights under the General Data Protection Regulation (GDPR), including what information we collect, how we use it, our legal basis for processing, retention practices, third-party processing, and your data rights. Your privacy is important to us, and we are committed to ensuring transparency and compliance with all relevant data protection regulations.

Scope of Policy

This policy applies to all individuals who place orders with Flowers Radlett, either for themselves or as gift recipients, within Radlett and the surrounding districts. It governs any personal data provided to us directly, as well as data collected from payment and delivery interactions.

What Data We Collect

When you interact with Flowers Radlett to place an order, we may collect the following types of personal data:

  • Identity Data: Full name, title, and, if applicable, recipient's name.
  • Contact Data: Delivery address, billing address, telephone number, and any contact details necessary to process your order.
  • Order Information: Details of your order, messages for recipients, and any delivery instructions.
  • Payment Data: Limited payment transaction information provided by payment processors. We do not store full payment card details.
  • Communications: Correspondence with us relating to your order, special requests, feedback, or complaints.
  • Technical Data: Device type, browser type, and website usage statistics (when placing orders online), collected through cookies and similar technologies.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis for processing your personal data. Flowers Radlett processes personal information under one or more of the following lawful bases:

  • Contractual Necessity: Most of the personal data you provide is necessary for us to fulfil the contract entered by placing an order (processing your order, arranging payment, and delivering your flowers).
  • Legal Obligation: We may need to process and retain certain information to comply with accounting, tax, or fraud prevention legal requirements.
  • Legitimate Interests: We may process your data to improve our services, manage our relationship with you, handle complaints, or send updates about orders, where such interests do not override your fundamental rights and freedoms.
  • Consent: In rare instances, we may ask for your explicit consent to process your information for specific purposes (such as for marketing communications). Where consent is collected, you have the right to withdraw it at any time.

How We Use Your Data

Your data is used exclusively to provide and improve our floral services including processing and delivering your order, communicating with you about your purchase, confirming delivery, and addressing any services inquiries or complaints. We may also use aggregated and anonymised data for business analysis and service improvement; such data cannot identify you as an individual.

Data Retention

Flowers Radlett retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Order-related data is typically retained for up to seven years after fulfilment, to comply with tax and accounting obligations. Non-transactional data or queries are retained only as long as needed to address your inquiry or feedback, except where a longer period is required by law. Upon expiry of the relevant period, your data will be securely deleted or irreversibly anonymised.

Our Data Processors and Third Parties

To process and deliver your order, we may share your data with trusted third parties or data processors. These include payment processing providers (to complete transactions), delivery partners (to deliver flowers), and IT or system support service providers (to maintain secure platforms and data storage). We require all processors to treat your data in accordance with the GDPR and never permit them to use your personal data for their own purposes. Data will not be shared, sold, or rented to third parties for marketing purposes. All data processing agreements are regularly reviewed to ensure ongoing compliance and data security.

Your Rights Under GDPR

Under the GDPR, you have several important rights regarding your personal data, including:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any incomplete or inaccurate data we hold about you.
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Request a restriction on processing your data under certain conditions.
  • Right to Data Portability: Request transfer of your personal data to you or another service provider in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to processing of your data where we rely on a legitimate interest.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time without affecting the lawful processing up to that point.

If you wish to exercise any of these rights, please contact us with your request. We will respond within one month, as required by law, except in cases of complex requests, in which case we will inform you of any delay.

Cookies and Website Tracking

When you use our website to place orders, small data files known as cookies and other similar technologies may be used to collect technical data for website functionality and analytical purposes. You can manage cookie preferences through your browser settings. For further information regarding cookies, please refer to our separate Cookies Policy.

Data Security

We are committed to keeping your data secure. Relevant physical, electronic, and organisational measures are in place to prevent loss, misuse, unauthorised access, alteration, or disclosure of your personal information. Only authorised employees and service providers have access to your data for legitimate business purposes. All staff are trained on the importance of privacy and security.

Policy Updates

We may update this Privacy Policy from time to time to reflect any changes in how we process your data or new legal requirements. The latest version will always be available on our website. Please check back periodically for updates.

Contact and Further Information

If you have questions about our Privacy Policy, how we handle your data, or wish to exercise your rights, please contact us directly using the correspondence channels listed on our website. We are committed to responding to your concerns as efficiently as possible.