Flowers Coulsdon Privacy Policy

Introduction

This Privacy Policy explains how Flowers Coulsdon (hereafter referred to as "we", "our", or "us") collects, processes, stores, and protects personal data when you place orders with us in Coulsdon and surrounding districts. As a data controller, we are committed to safeguarding your privacy rights and complying fully with the General Data Protection Regulation (GDPR) and other applicable UK privacy laws.

Who This Policy Applies To

This Privacy Policy applies to all individual customers who place orders for flowers or related services with us from Coulsdon and the nearby areas. By placing an order, you acknowledge and agree to the terms contained in this policy.

What Personal Data We Collect

When you make a purchase or interact with our business, we may collect the following types of data:

  • Identity Data: Name, title
  • Contact Data: Address, phone number, delivery address, email address
  • Order Data: Details about products ordered, delivery instructions, recipient details (such as name and delivery address)
  • Payment Data: Payment method, payment status (we do not store full card numbers, only reference the payment via secure third-party processors as detailed below)
  • Communication Data: Customer service queries, feedback, and correspondence related to your orders

We do not knowingly collect personal data from children under 16 years of age and ask that such individuals do not provide us with personal information.

Lawful Basis for Processing

Under the GDPR, we must have a legal reason to collect and use your data. The legal bases for processing your data include:

  • Contractual Necessity: We need your data to fulfill our contract with you – for example, to process your order, make deliveries, and handle payments.
  • Legal Obligation: To comply with legal and tax requirements, such as maintaining transaction records.
  • Legitimate Interests: We may process your data to improve our services, prevent fraud, or respond to your enquiries, where these interests are not overridden by your rights.
  • Consent: Where required, we will seek your direct consent, for instance if you ask to receive marketing messages (we do not send such messages without your clear opt-in).

How We Use Your Personal Data

We process and use your data to:

  • Accept and deliver your orders
  • Contact you regarding your order or to resolve issues
  • Maintain records for legal, tax, and accounting requirements
  • Respond to your enquiries or complaints
  • Analyse sales trends and improve our services

Data Retention

We only keep your personal data for as long as necessary for the purpose it was collected, including for satisfying any legal, accounting, or reporting requirements:

  • Order details and related data are retained for up to six years from the date of purchase, to comply with tax and accounting laws.
  • Communication records are held for up to two years for customer service purposes, unless required longer under specific circumstances.
  • If you have only made an enquiry but not placed an order, we retain your correspondence for up to one year from our last interaction.
  • Data used for marketing purposes (with your consent) is kept until you withdraw your consent.

Our Data Processors

To provide our services securely and efficiently, we use several trusted third-party companies (processors):

  • Payment Processors: We use secure, PCI-compliant third-party payment services to process card and electronic payments. They handle your payment data directly – we do not store your payment card details.
  • IT and Delivery Partners: Where necessary, we use IT service providers for secure storage, and trusted local delivery drivers to ensure your order reaches you or your recipient. Only necessary data is shared and such partners are required to keep information secure and confidential.
  • Accounting Services: For our legal obligations, we may use accredited accounting platforms or consultants to process invoices and receipts, with privacy agreements in place.

We only share personal data with processors who have provided sufficient guarantees regarding data security and GDPR compliance. We do not sell or rent your personal data to any third party.

How We Protect Your Data

We employ a combination of organisational and technical measures to protect your data against loss, misuse, unauthorised access, and disclosure. Examples include secure storage systems, encryption for payment processing, and routine data protection training for any team member who handles your data.

Your Rights

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • The right to access – Request a copy of personal data we hold about you.
  • The right to rectification – Have any incorrect or incomplete data corrected.
  • The right to erasure (“right to be forgotten”) – Ask us to delete your data when it is no longer necessary, or if you withdraw consent.
  • The right to restrict or object to processing – In certain situations, you can restrict or object to how we use your data.
  • The right to data portability – Where applicable, request your data in a structured, commonly used format to transfer elsewhere.
  • The right to withdraw consent – If we process your data based on consent, you may withdraw it at any time.
  • The right to complain – You can raise concerns with the UK’s Information Commissioner’s Office or your local data protection authority.

Updates to This Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in the law or our practices. The latest version will always be displayed on our website and will state the date of last revision.

Contacting Us

If you have any questions or wish to exercise your data protection rights, you can contact us using the contact forms or postal address provided on our website or in your order documentation. We will respond as promptly as possible in accordance with GDPR requirements.