GDPR Privacy Policy for Flower Delivery Old Oak Common

Introduction

This Privacy Policy outlines how Flower Delivery Old Oak Common ("we", "us", "our") collects, uses, stores, and safeguards your personal information. This policy applies to all customers placing orders for flower delivery within Old Oak Common and its surrounding districts. We are committed to compliance with the General Data Protection Regulation (GDPR) and to ensuring the protection of your rights and privacy.

What Data We Collect

We collect both personal and non-personal data necessary for processing your orders and improving our services. The types of information we may collect include:

  • Identity Information: Name, delivery recipient's name
  • Contact Information: Delivery address, billing address, telephone number (if provided)
  • Order Details: Product selections, messages or notes to recipients
  • Payment Information: Limited payment details as required for transaction processing (processed securely by payment service providers; we do not store payment card details ourselves)
  • Technical Data: IP address, browser type, device information, and access times (collected automatically through our website to ensure site security and improve functionality)
  • Correspondence: Any communications you send to us regarding your order or enquiries

Lawful Basis for Processing Data

We only collect and process personal data when we have a lawful basis to do so. Under the GDPR, our lawful bases for processing your personal data are:

  • Contractual Necessity: Processing your information is necessary to fulfill your order, communicate with you regarding your purchase, process payment, and deliver flowers to the specified address.
  • Legal Obligations: We may retain certain order records as required by applicable accounting and tax laws.
  • Legitimate Interests: We may process data to improve our services, ensure website security, and offer customer support, provided these interests do not override your fundamental rights and freedoms.
  • Consent: Where required (such as for direct marketing by email or message), we will obtain your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your data is used solely for the purposes for which it was collected, including:

  • Processing and delivering your flower orders
  • Communicating with you about your order and any customer service enquiries
  • Fulfilling our legal and regulatory obligations
  • Enhancing our website and services
  • Where applicable, sending marketing communications if you have provided consent

Data Retention Policy

We retain personal data only for as long as is necessary to fulfill the intended purpose, comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria for determining retention periods include:

  • Order data is kept for up to seven years to meet legal, accounting, and tax requirements.
  • Account or profile information (if applicable) is held until you request deletion or your account becomes inactive as defined by our internal policies.
  • Technical and analytical data may be kept for a shorter period solely for site security and improvement purposes.
  • Communication records are retained for as long as necessary to address your enquiries and for internal training or quality assessment.

When data is no longer required, it will be securely deleted or anonymised in accordance with applicable legislation and best practice standards.

Data Processors and Sub-Processors

To provide our services, we may share your personal data with carefully selected third-party service providers (data processors) who act on our behalf. The categories of data processors we use include:

  • Payment Service Providers: To process and verify transactions securely
  • IT Hosting and Maintenance Providers: For secure website operation and data storage
  • Delivery Partners: To ensure flowers are delivered to the recipient as per your instructions
  • Analytics Providers: For website performance monitoring and enhancement

All processors are contractually obliged to adhere to the GDPR, ensuring your data is handled securely and confidentially. We do not allow our third-party service providers to use your personal data for their own purposes. We do not sell or rent your personal data to third parties.

Your Rights under GDPR

As a data subject within the GDPR, you have the following rights:

  • The right to access: You may request details of the personal data we hold about you.
  • The right to rectification: You can request we correct any inaccurate or incomplete information.
  • The right to erasure ("right to be forgotten"): You may request deletion of your personal data in certain circumstances.
  • The right to restrict processing: You may request that we limit how your data is used.
  • The right to data portability: Where applicable, you may request your data be provided in a structured, commonly used machine-readable format.
  • The right to object: You may object to processing based on legitimate interests or direct marketing.
  • The right to withdraw consent: Where we rely on consent, you have the right to withdraw it at any time.
  • The right to lodge a complaint: You may raise concerns with us or with a supervisory authority if you believe your data rights have been infringed.

If you wish to exercise any of these rights, please contact us using the details provided on our website. In order to verify your identity and process your request efficiently, we may require further information from you. We will respond to all legitimate requests within one month, or let you know if more time is required in complex cases.

Data Security

We are committed to protecting your personal data from unauthorized access, alteration, disclosure, or destruction. We have implemented appropriate technical and organizational measures, including but not limited to encryption, secure web protocols, password protection, and restricted access procedures.

Changes to This Privacy Policy

This policy may be updated from time to time to reflect changes in our practices or applicable laws. We encourage you to review this policy periodically to stay informed about how we protect your personal information. Material changes will be highlighted on our website, and where appropriate, we will notify you directly.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please use the contact details provided on the Flower Delivery Old Oak Common website. We are committed to addressing your queries promptly and transparently.