Privacy Policy for Flowers Totteridge Customers

Introduction

This Privacy Policy explains how Flowers Totteridge collects, processes, stores, and protects personal data of customers placing orders from Totteridge and the surrounding districts. Protecting the privacy and security of your information is of the utmost importance to us. This Policy ensures our compliance with the General Data Protection Regulation (GDPR) and informs you of your rights regarding your personal information.

Scope of the Policy

This Policy applies to all individuals who place orders for flowers or related products and services with Flowers Totteridge, whether through our website, by telephone, or in person, if the delivery address or point of contact is located within Totteridge or any of the surrounding districts serviced by Flowers Totteridge. By placing an order, you acknowledge that your data will be processed according to the terms set out below.

The Data We Collect

Flowers Totteridge may collect and process the following categories of personal data:

  • Identity Data: Your name, title, and, if applicable, recipient's name for flower deliveries.
  • Contact Data: Delivery address, billing address, contact telephone number, and (if provided) email address.
  • Order Details: Information about the products purchased, order instructions, gifts or messages to accompany your order.
  • Payment Data: Partial card details or transaction references (note: full payment card details are never stored on our servers).
  • Correspondence: Any data you provide if you correspond with us, submit enquiries or reviews, or engage with customer service.
  • Technical Data: Your IP address, browser type and version, time zone setting, device identifiers, and usage data relating to interactions with our website, for those placing orders online.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your data. Flowers Totteridge relies on the following lawful bases:

  • Contractual Necessity: We process your personal data to fulfill the contract for goods and services you place with us, such as managing orders, processing payments, and delivering flowers.
  • Legal Obligations: Where necessary, we may process your data to comply with legal requirements, for example, keeping accounting records.
  • Legitimate Interests: Some processing is required for our legitimate business interests, such as improving our service, communicating important information regarding your order, and preventing fraud.
  • Consent: For certain communications (such as promotional emails), we seek your explicit consent. You may withdraw consent at any time.

Data Retention

Flowers Totteridge retains your personal data only as long as is necessary for the purposes set out in this Policy, including fulfilling orders, maintaining our records in line with legal and regulatory obligations, resolving disputes, and enforcing our agreements.

Our typical retention periods are as follows:

  • Order and delivery data: retained for up to six years from the date of purchase, in line with accounting and tax regulations.
  • Marketing preferences: retained until you update your preferences or request deletion.
  • Technical and usage data: retained up to two years for analytics purposes, but not linked directly to identifiable individuals after order completion.

Upon expiry of retention periods, data is securely deleted or anonymized.

Data Processors and Third Parties

In order to process your orders and deliver a reliable service, we may share your data with trusted third-party service providers who act as Data Processors on our behalf. These include:

  • Payment service providers (to facilitate transaction processing).
  • Delivery and courier companies (to fulfill flower deliveries).
  • IT service providers (for hosting, IT support, and secure data storage).
  • Professional advisers (such as accountants and legal advisors, as required).

We require all third-party processors to respect the security of your personal data and to process it in accordance with GDPR. Your data is not sold or transferred for third-party marketing purposes.

Data Security

Flowers Totteridge employs appropriate technical and organizational security measures to protect your personal data. These include secure storage solutions, access limitations, regular staff training, and, where relevant, data encryption. While no system can be completely secure, we continually review our practices to ensure ongoing data protection.

Your GDPR Rights

As a data subject within the UK or EU, you have the following rights regarding your personal data processed by Flowers Totteridge:

  • The right to access – You may request confirmation of what personal data we hold about you, as well as access to that data.
  • The right to rectification – You have the right to have incorrect or incomplete data updated.
  • The right to erasure – You may request deletion of your personal data in certain circumstances, subject to statutory retention requirements.
  • The right to restrict processing – You may ask us to restrict the processing of your data under certain conditions.
  • The right to data portability – We will provide your personal data in a machine-readable format on request, where applicable.
  • The right to object – You can object to certain processing, including direct marketing.
  • Rights in relation to automated decision making – Flowers Totteridge does not use personal data for automated decision making or profiling.

To exercise any of these rights, please contact us through our designated communication channels. We may require verification to ensure your identity before processing such requests. You are also entitled to lodge a complaint with the relevant data protection authority if you believe your rights have been violated.

Policy Updates

This Privacy Policy may be amended from time to time to reflect changes to our practices or for legal, regulatory, or operational reasons. The latest version will always be displayed on our website. We encourage customers to review this Policy periodically to stay informed about our data practices.

Contact Us

If you have questions about the way your personal data is processed by Flowers Totteridge, or if you wish to exercise your rights, please contact us using the details provided on our official website or through the customer service channels displayed at the point of sale.