Privacy Policy for Flowers Stepney Customers

Introduction

This Privacy Policy explains how Flowers Stepney collects, uses, and manages your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Flowers Stepney from Stepney and surrounding districts. We are committed to protecting your privacy and ensuring transparency regarding your personal information.

What Personal Data We Collect

When you place an order or interact with Flowers Stepney, we may collect the following types of personal data:

  • Identity Data: First name, last name, and title.
  • Contact Data: Delivery address, billing address, telephone number (if provided), and other order-specific contact information.
  • Order Data: Products ordered, delivery instructions, purchase history, and delivery information.
  • Payment Data: Payment method and transaction details. Note that payment information is handled securely, and we do not store complete credit or debit card numbers on our systems.
  • Communication Data: Information sent via customer queries, order instructions, complaints, or feedback.
  • Technical Data: IP address, browser type, operating system, and other device information when you visit or use our website.

Lawful Bases for Data Processing

Under the GDPR, we must have a lawful basis to process your personal data. The main bases we rely on include:

  • Contractual necessity: We process your data to fulfill the orders you place and provide our services to you.
  • Legal obligation: In certain cases, we are required to process personal data to comply with UK laws, such as tax or accounting obligations.
  • Legitimate interests: We may process your data for our legitimate business interests, such as product improvement, fraud prevention, and ensuring the security of our services, except where such interests are overridden by your rights or interests.
  • Consent: In specific cases, such as marketing communications (where applicable), we will obtain your explicit consent before processing your data for these purposes. You have the right to withdraw this consent at any time.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and deliver your orders.
  • To communicate with you about your orders, deliveries, or any questions you may have.
  • To respond to your customer service requests or complaints.
  • To keep accurate records for administrative and legal purposes.
  • To improve our products and services, and to analyse trends and feedback for service optimisation.
  • To ensure the security of our website and prevent fraudulent activity.

How Long We Retain Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, order and transaction records are kept for up to seven years to comply with legal obligations. Personal data provided for customer communication or enquiries, which is unrelated to transactional information, is retained for up to two years from the date of our last interaction unless required longer by law.

After the relevant retention periods, your personal data will be securely deleted or anonymised so that it can no longer be associated with you.

Data Processors and Third Parties

To enable us to provide our services, we may share your data with trusted third-party processors. These include:

  • Payment processing providers for secure transaction handling.
  • Delivery and courier services to complete your orders.
  • IT and website hosting providers to support our operations.
  • Professional advisors (e.g., accountants or legal consultants) where required by law.

All third-party processors are required to adhere to GDPR standards and only process your data on our instructions. We do not share your personal data with any third parties for their marketing purposes.

How We Protect Your Data

We have implemented appropriate technical and organisational measures to safeguard your personal data against accidental loss, unauthorised access, disclosure, or destruction. These measures include encrypted connections, secure servers, restricted data access protocols, and regular staff training on data protection duties.

Your Rights Under GDPR

As a customer placing orders from Stepney and surrounding districts, you are entitled to the following rights:

  • Right of Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You may request corrections to any inaccurate or incomplete personal data we hold.
  • Right to Erasure ("Right to be Forgotten"): You may request that we delete your personal data where there is no compelling reason for its continued processing.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your personal data for particular purposes, such as direct marketing or legitimate interests.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time. This will not affect the validity of processing conducted prior to withdrawal.
  • Right to Lodge a Complaint: You have the right to complain to the UK Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

To exercise any of these rights, please contact us by using the contact form provided on our website or by written correspondence. We will respond to your request within one month as required by law.

Policy Applicability and Updates

This policy applies to all customers placing orders with Flowers Stepney from Stepney and its surrounding districts. We may update this Privacy Policy from time to time to reflect legal changes or improvements in our privacy practices. We will notify you of significant changes by updating the date at the beginning of this policy and, where appropriate, through other means.

We encourage you to review this policy periodically to stay informed about how we protect your personal data and your rights.