Stockwell Florist Privacy Policy for Customers

Introduction: Our Commitment to Your Privacy

At Stockwell Florist, safeguarding your personal data and privacy is of the utmost importance. This Privacy Policy explains how we collect, use, store, and protect your personal information whenever you place an order with Stockwell Florist from Stockwell or the surrounding districts. The policy has been designed in compliance with the General Data Protection Regulation (GDPR) and outlines your data rights, our lawful basis for processing information, the data retention schedules we follow, and third-party processors we work with. Please read this policy carefully to understand how your data is handled.

Scope of This Policy

This Privacy Policy applies to all customers who order floral products and services from Stockwell Florist, whether you are based in Stockwell or neighboring districts served by our business. By placing an order with us, you acknowledge the terms described here.

What Personal Data We Collect

We collect only the information necessary to process your order, provide excellent customer experience, and comply with legal obligations. The following categories of data may be collected:

  • Contact Information: Name, billing and delivery address, and phone number (for communication regarding orders).
  • Order Details: Specifics of your floral purchase, delivery instructions, recipient name and address (if different), and any gift message you request.
  • Payment Information: Payment method details such as card type (note: full card details are processed by third-party payment processors and not stored by Stockwell Florist).
  • Communication Records: Records of any correspondence you have with us regarding your order (such as order confirmations, inquiries, or complaints).
  • Technical Information: Usage data such as IP address, browser type, and device information when you place an order using our website. This data helps us maintain website security and improve user experience.

Lawful Basis for Processing Your Data

Under the GDPR, we rely on several lawful bases for processing your personal data, depending on the circumstances:

  • Contractual Necessity: We process your information to fulfil our contract with you, including taking, processing, and delivering your order.
  • Legal Obligations: Some data processing is necessary to comply with applicable legal requirements, such as accounting and taxation laws.
  • Legitimate Interests: We may process your data for purposes relating to improving our services, preventing fraud, and maintaining security, provided our interests are not overridden by your fundamental rights.
  • Consent: Where required (such as for marketing communications), we will obtain your consent before using your data. You can withdraw this consent at any time.

How We Use Your Personal Data

Your personal information is used solely for purposes connected with providing and enhancing our services, including:

  • Processing and managing your orders.
  • Delivering floral arrangements as specified.
  • Communicating with you regarding your order, delivery updates, or any related issues.
  • Handling returns, refunds, customer service requests, and resolving complaints.
  • Fulfilling legal, regulatory, or accounting obligations.
  • Improving our services and website security.

Data Retention: How Long We Keep Your Information

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including fulfilling any legal, accounting, or reporting requirements:

  • Order and Transaction Records: These may be retained for up to 7 years as required by tax and accounting laws.
  • Customer Correspondence: Customer queries and complaint records are generally stored for up to 3 years to help resolve disputes and improve our services.
  • Technical Data: Technical logs may be retained for up to 2 years for system security and service improvement purposes.

Once no longer required, your data will be securely deleted or anonymised.

Data Sharing and Processors

We may share your data with trusted third-party service providers who act solely on our instructions. These providers enable us to process payments, deliver your flowers, manage orders, and maintain our IT infrastructure. Our main data processors include:

  • Payment Service Providers: For secure processing of your payment transactions. These providers do not share your complete payment details with us.
  • Delivery Partners: For ensuring that your orders reach the right recipient at the specified time.
  • IT and Website Support Providers: For hosting our website, managing data storage, and providing cybersecurity services.

All third-party processors are contractually obligated to comply with data protection laws, maintain confidentiality, and use your data only for the purpose of their services.

Your Rights Under GDPR

Under GDPR, you are entitled to exercise the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask for any incorrect or incomplete data to be corrected.
  • Right to Erasure: You have the right to request your data be deleted when no longer necessary, except where we are required to retain it for legal reasons.
  • Right to Restrict Processing: You can request restricted processing of your data in certain circumstances.
  • Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing.
  • Right to Data Portability: You are entitled to request a digital copy of your data in a commonly used format.
  • Right to Withdraw Consent: If you have given consent for any specific data processing, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details provided on our website or via the communication method through which you placed your order. We strive to address all requests in accordance with GDPR timelines.

Data Security Measures

We implement robust security measures to protect your personal data from unauthorised access, loss, or misuse. These include both technical and organisational safeguards, such as encrypted data storage, access controls, and regular security audits. Where third-party processors are involved, we ensure data is transferred and stored securely.

Updates to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect legal requirements or changes in our business practices. We encourage you to review this policy regularly to stay informed of how we protect your personal information.

Contact and Complaints

If you have questions about this Privacy Policy, your data rights, or how we handle your personal information, please use the contact details provided on our website or via your order communication channel. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data has been processed in violation of the GDPR.