How Flowers Garston Protects Your Personal Information

Flowers Garston Privacy Policy Overview

Introduction

This Privacy Policy describes how Flowers Garston ('we', 'our', 'us') collects, uses, stores, and protects your personal information when you place orders with us within Garston and its surrounding districts. We are committed to ensuring your privacy and complying fully with the General Data Protection Regulation (GDPR). Please review this policy carefully to understand your rights and our obligations regarding your data.

Scope of Policy

This Privacy Policy applies to all customers who place orders with Flowers Garston, either through our website, by phone, or in person, in Garston and the surrounding areas. By placing an order or interacting with Flowers Garston, you acknowledge and accept the practices outlined in this document.

What Data We Collect

We collect and process different types of personal data based on your interaction and the nature of your order. The categories of personal data may include:

Identity Data: Your name, delivery recipient's name
Contact Data: Delivery address, billing address, contact telephone number
Order Data: Details of your orders, including items purchased, delivery date and time preferences, and any note or messages for the recipient
Payment Data: Transaction-related information (while payments may be processed via third-party providers, we may retain certain non-sensitive transaction records for order reconciliation and legal purposes)
Communication Data: Records of communications, inquiries, or feedback you send to us

We do not knowingly collect or process any special categories of personal data (such as health or biometric data), nor do we knowingly collect data from children under 16 years old.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. Flowers Garston processes your data under the following legal bases:

Contractual Necessity: To fulfill and administer your flower orders and provide delivery and customer services as requested.
Legal Obligation: To comply with legal and accounting requirements, such as record keeping and responding to legal requests.
Legitimate Interests: To enhance our service, understand customer preferences, and maintain the safety and security of our business operations. We ensure that these legitimate interests do not override your rights and freedoms.

How We Use Your Data

We use your data solely for the following purposes:

To process, fulfill, and deliver your orders
To provide customer support and address your requests and inquiries
To maintain accurate records for business and legal compliance
To personalize your customer experience and improve our services
To contact you regarding your order or to follow up on service quality

Data Retention

We retain your personal data for no longer than necessary to fulfill the purposes for which it was collected. In general:

Order and transactional data are retained for up to 7 years to meet accounting and taxation legal requirements.
Customer service communications are kept for up to 2 years.
If you make an enquiry but do not place an order, your personal data will be deleted within 12 months unless further communication occurs.

Once data is no longer required, it will be securely deleted or anonymised so it can no longer be associated with you.

Data Processors and Third Parties

Flowers Garston will only share your personal data where necessary for the operation of our services or when legally required. We may use the following types of trusted third-party service providers ("processors"):

Payment processors: To securely process transactions
Delivery agents: For delivering your orders
IT and system support providers: To manage our ordering system and website infrastructure
Professional advisers: Such as accountants or legal advisors, when necessary

We require all processors to respect the security of your data and to treat it in accordance with GDPR. Processors are only permitted to process your data in accordance with our instructions and not for their own purposes.

Data Security Measures

We take appropriate technical and organisational measures to safeguard your personal information. These measures include physical, electronic, and managerial procedures to protect against unauthorised access, loss, alteration, or disclosure. Access to data is limited to only those employees and processors with a legitimate business need, and they are subject to confidentiality duties.

Your Data Subject Rights

Under the GDPR, you have the following rights concerning your personal data held by Flowers Garston:

Right of Access: Obtain confirmation whether we process your data and request a copy of your data.
Right to Rectification: Request correction of any inaccurate or incomplete information.
Right to Erasure ("Right to be Forgotten"): Ask us to delete your personal data where there is no legal obligation to retain it.
Right to Restrict Processing: Request us to suspend processing of your data under certain circumstances.
Right to Data Portability: Receive your data in a structured, commonly used format, and transfer it to another data controller when applicable.
Right to Object: Object to processing of your personal data where we rely on our legitimate interests.

To exercise any of these rights, please contact us using our online form or by writing to our business address. We will respond to all requests in line with GDPR requirements and within statutory timeframes.

Changes to This Privacy Policy

This Privacy Policy may be updated to reflect changes in our practices, legal requirements, or service offerings. Updated versions will be made available before changes take effect. Customers are encouraged to review this policy regularly.

Contact and Concerns

If you have any questions, concerns, or requests regarding your personal data and this Privacy Policy, please contact us in writing at our registered business address. If you are not satisfied with our response, you have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO) or your local data protection authority.