Flowers Richmond upon Thames GDPR Privacy Policy

Introduction

At Flowers Richmond upon Thames, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, process, and safeguard your information in compliance with the General Data Protection Regulation (GDPR). The policy applies to all customers placing orders with Flowers Richmond upon Thames from Richmond upon Thames and the surrounding districts.

What Data We Collect

We collect the minimum personal data necessary to fulfil your orders, provide excellent customer service, and meet our legal obligations. Depending on your interaction with us, we may collect:

  • Contact Information: Full name, delivery address, contact phone number, and billing address.
  • Order Information: Details and contents of your flower orders, any specific delivery instructions, messages for recipients, and date/time of orders.
  • Payment Information: Card payment details or payment transaction references (please note that card details are processed securely by our payment service providers and not stored by us).
  • Communication Data: Records of correspondence, including queries, feedback, and complaint resolutions.
  • Usage Data: Website browsing patterns, IP address, and device information (when using our website for placing orders).

Lawful Basis for Processing

Flowers Richmond upon Thames ensures that all personal data is processed lawfully, fairly, and transparently. Our lawful bases under GDPR include:

  • Contractual Necessity: To process and deliver your orders, including communicating about your purchase.
  • Legal Obligation: To comply with applicable tax, accounting, and business regulations.
  • Legitimate Interests: To enhance our service, prevent fraud, and improve customer experience unless overridden by your interests or fundamental rights.
  • Consent: In rare cases, for example, where you agree to receive marketing updates—consent will always be clearly obtained and can be withdrawn at any time.

How We Use Your Personal Data

We use your information only for the intended and relevant business purposes, such as:

  • Processing and fulfilling flower orders and payments
  • Delivering flowers to specified addresses
  • Communicating important updates or clarifications regarding your orders
  • Handling and resolving complaints or inquiries
  • Complying with legal requirements

We do not sell or rent your data to third parties. Any marketing activity is conducted only where appropriate consent has been given.

Data Retention

Personal data is retained only as long as necessary to serve the purposes for which it was collected, or as required to comply with our legal, regulatory, or contractual obligations. Typically:

  • Order and Transaction Records: Retained for up to seven years for tax and accounting compliance.
  • Enquiries and Complaints: Retained for up to three years from the date of resolution.
  • Marketing Consent Data: Retained until you withdraw your consent or request deletion.

Once data is no longer needed, it is securely deleted or anonymised.

Data Processors and Third Parties

To deliver our services, we may share your personal data with trusted third-party service providers (data processors) solely for the purposes outlined in this policy. These may include:

  • Payment Service Providers: To securely process your payment transactions.
  • Delivery Partners: For order fulfilment to your chosen address.
  • IT and Hosting Services: For secure storage and management of customer information.

All external partners are vetted for GDPR compliance and act only on our instructions, with appropriate security measures in place. Your data is not transferred outside the European Economic Area (EEA) unless adequate protection is ensured.

Your Rights Under GDPR

As a customer, you have the following rights in relation to your personal data:

  • Right of Access: Obtain a copy of your personal data held by us.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Ask for your data to be deleted in certain circumstances (‘right to be forgotten’), unless legal obligations prevent us.
  • Right to Restrict Processing: Request the restriction of processing in particular scenarios.
  • Right to Data Portability: Receive your data in a structured, commonly used format, and transfer it to another controller where feasible.
  • Right to Object: Object to processing in specific cases, particularly regarding direct marketing.
  • Right to Withdraw Consent: Where processing relies on your consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to Complain: You may lodge a complaint with a supervisory authority should you believe your rights have been infringed.

You may exercise these rights by contacting us with details of your request. We will respond within one month, as required by law. Proof of identity may be requested for certain actions. Please note that some rights may be restricted or subject to exceptions where permitted by GDPR or UK law.

Security of Your Data

We are committed to keeping your personal data secure. We implement appropriate physical, technical, and organisational security measures to protect information against unauthorised access, loss, alteration, or destruction. Access to your information is limited strictly to staff and partners who require it for the purposes outlined above.

Changes to This Privacy Policy

This Privacy Policy is reviewed regularly and may be updated from time to time to reflect changes in legal requirements or our business practices. When changes are made, the updated version will be made available where you can access it before placing your next order.

Contact and Further Information

If you have any questions regarding this Privacy Policy, the use of your personal data, or wish to exercise your data rights, please contact us using our standard communication channels. We are committed to addressing your concerns promptly and respectfully.