Privacy Policy for Flowers Highgate Customers

Introduction

This Privacy Policy describes how Flowers Highgate collects, uses, stores, and protects personal data for customers placing orders from Highgate and the surrounding districts. We are committed to upholding the principles of the General Data Protection Regulation (GDPR) and ensuring your privacy is protected whenever you engage our services.

Scope of This Policy

This policy applies to all customers who place orders with Flowers Highgate for delivery in Highgate and adjacent districts. It covers both online and phone orders as well as in-person purchases where personal information is provided for order processing and delivery.

What Data We Collect

We collect and process the following types of personal data:

• Identity Data: Your name and, if you are ordering on someone else’s behalf, the recipient’s name.
• Contact Data: Delivery address, billing address (if different), and occasionally user-provided instructions for delivery.
• Communication Data: Details of correspondence with us regarding your current or past orders, feedback, or queries.
• Order Data: Information about the flowers and products you purchase, dates and times of orders, and order history.
• Payment Data: Limited payment and transaction information (processed via our chosen payment processors; we do not store full card details).
• Technical Data: IP address, browser details, and device type when you use our website for order placement.

Lawful Basis for Processing Your Data

We collect and process your data based on one or more of the following lawful grounds:

• Contractual Necessity: To process and deliver your order and to communicate with you about it.
• Legal Obligation: To comply with any applicable legal requirements, such as keeping financial records for accounting or tax purposes.
• Legitimate Interests: To improve our products and services, prevent fraud, ensure security, and enhance the customer experience.
• Consent: Where you have given clear consent (for example, subscribing to a promotional mailing list). Consent can be withdrawn at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including the requirements to satisfy accounting, legal, or reporting obligations. Typically, core order data is retained for up to six years to comply with UK tax law. Data related to marketing preferences is retained until you unsubscribe or otherwise withdraw your consent. After the relevant period, we securely delete or anonymise your personal information.

Processors and Third-Party Service Providers

To operate efficiently and fulfil your orders, we may use selected third-party processors. These may include:

• Payment Processors: Facilitating secure card and online payments (we do not store your full card details).
• Delivery Partners: Trusted couriers or local delivery services fulfilling delivery requirements.
• IT Service Providers: Hosting our website, managing emails, and providing order management tools.

Each third-party processor is required to handle your data in compliance with the GDPR, with written agreements in place to ensure its protection. We do not sell or rent your data to external parties.

How We Protect Your Data

Flowers Highgate implements appropriate security measures to guard your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include secure servers, encrypted transmissions where appropriate, data access controls, and regular review of our data handling practices.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: To request a copy of the personal data we hold about you.
• Right to Rectification: To have inaccurate or incomplete data corrected or updated.
• Right to Erasure: To request deletion of your personal data, subject to any overriding legitimate or legal requirements.
• Right to Restriction: To request us to suspend processing of your data in certain circumstances.
• Right to Data Portability: To obtain and reuse your personal data for your own purposes across different services, where technically feasible.
• Right to Object: To object to the processing of your data where we rely on a legitimate interest as the lawful basis.
• Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

If you wish to exercise any of your rights, please contact us using the details available on our website or in person at our store. We may need to verify your identity to fulfil certain requests.

International Data Transfers

We aim to keep your data within the United Kingdom and European Economic Area whenever possible. If we must transfer your data outside these areas, we ensure it is protected to the same standard as required under GDPR through appropriate safeguards such as contractual clauses or certification schemes.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Revised versions will be dated and made available at our place of business or on our website. We encourage you to review the policy periodically.

Questions and Contact

If you have questions regarding this Privacy Policy or your data rights, our team will be happy to assist. Please reach out to us at our business premises or via the contact form on our website.

This policy is effective as of 1 June 2024.