Flowers Hatch End Privacy Policy for Customers

Introduction

This Privacy Policy outlines how Flowers Hatch End collects, uses, stores, and protects your personal data when you place an order with us within Hatch End and the surrounding districts. We are committed to maintaining the privacy and security of your personal information in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers interacting with our services, whether online, by phone, or in person.

What Data We Collect

When you submit an order or communicate with us, we may collect the following types of personal data:

  • Contact Information: Name, address (for delivery and billing), and telephone number.
  • Order Information: Details about the products you order, delivery instructions, and recipient information.
  • Payment Information: Payment confirmation and transaction details (note: payment card details are processed by secure third-party providers and are not stored by us).
  • Correspondence: Information you provide when you contact us regarding your order or our services.
  • Technical Data: Limited information about your use of our website (such as IP address, device type, and browser) for operational security and analytics purposes.

Lawful Basis for Processing

We process your personal data based on the following GDPR lawful bases:

  • Contractual Necessity: We collect and process data necessary to fulfil your flower order, arrange delivery, and provide related customer service.
  • Legitimate Interests: We may use data to improve our services, manage our business, prevent fraud, and ensure security.
  • Legal Obligations: We may retain certain records to comply with applicable tax, accounting, and other statutory requirements.
  • Consent: If we ever send you marketing communications, we will do so only with your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your data is used for the following purposes:

  • To process and deliver your flower order, including updating you on order status and addressing delivery queries.
  • To contact you about your order if clarification or further information is needed.
  • To improve our customer service, product offerings, and website experience by analysing aggregated, non-identifying data.
  • To comply with our legal and regulatory obligations.
  • If you have given consent, to provide you with updates, promotions, or special offers (which you can opt-out of at any time).

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Order and transaction records are generally retained for up to seven years to comply with accounting and tax regulations. When data is no longer required, it is securely deleted or anonymised.

If you have subscribed to receive promotional messages, your contact data for marketing purposes will be retained until you withdraw your consent or ask us to remove your details from our marketing database.

Data Processors and Third Parties

To deliver our services, we may share certain personal data with trusted third-party processors. The third parties to whom we may disclose your data include:

  • Payment Processors: Secure payment service providers facilitate online transactions. We do not store your payment card details.
  • Delivery Partners: Local couriers or delivery services who require your and/or the recipient's delivery address and contact details.
  • IT and Cloud Service Providers: Entities providing website hosting, data storage, and technology support services.

All third-party processors we use are contractually required to handle your data securely, only process it according to our instructions, and comply with GDPR requirements. We do not sell or share your data with unauthorised third parties, nor do we allow third parties to use your data for their own purposes.

Security Measures

Flowers Hatch End takes data security seriously and has implemented appropriate technical and organisational safeguards to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include regular security reviews, physical and network access controls, staff training, and encrypted communication channels where appropriate.

Your Rights as a Data Subject

You have several rights under GDPR regarding your personal data:

  • Right to Access: You can request a copy of the data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your data, subject to legal obligations that may require us to retain certain records.
  • Right to Restrict Processing: You may ask us to limit how we use your data in certain circumstances.
  • Right to Data Portability: You can ask us to provide your data in a portable format.
  • Right to Object: You can object to our processing of your data on grounds related to your particular situation, including direct marketing.
  • Right to Withdraw Consent: Where you have provided consent, you may withdraw it at any time without affecting prior processing.

To exercise your rights, please contact us via the communication methods provided on our website or in-store. We will respond to your requests in accordance with GDPR timeframes and requirements.

Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in legal requirements or our personal data practices. The most current version will always be available on our website. We encourage customers to review this policy regularly to stay informed of how we protect your information.

Contact and Further Information

If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your data rights, please get in touch using the details provided on our website or visit us at our Hatch End location. We are committed to working with you to resolve any data protection concerns promptly and transparently.