Privacy Policy for Elmers End Flowers Customers

Scope of This Privacy Policy

This Privacy Policy explains how Elmers End Flowers collects, uses, stores, shares, and protects your personal data. It applies to all customers placing flower orders with Elmers End Flowers from Elmers End and the surrounding districts. We are committed to safeguarding the privacy and security of your information, in compliance with the UK General Data Protection Regulation (GDPR).

Personal Data We Collect

To process your orders and provide our services, we collect and process the following categories of personal data:

  • Identity Data: Your name, surname, and, where relevant, the name of the recipient.
  • Contact Data: Delivery addresses, billing addresses, and phone numbers (if provided).
  • Order Information: Details about your flower order, such as messages for delivery cards, special instructions, and order history.
  • Transaction Data: Information about payment amounts and dates. Please note that we do not store full payment card details; these are processed directly by our payment service providers.
  • Communication Data: Records of communications with us, including feedback or complaints you may submit.

Lawful Basis for Processing

Under GDPR, all processing of personal data must be justified by a legal basis. Our lawful bases for processing your data are:

  • Contractual Necessity: We process your identity, contact, order, and transaction data to fulfill your flower order and deliver our services as agreed when you place an order.
  • Legitimate Interests: We may process your communication and order data to improve our customer service, respond to enquiries, and manage our relationship with you. Our interests do not override your rights and freedoms.
  • Legal Requirements: In some cases, we may be required by law to process your data, for example, for tax and accounting purposes.
  • Consent: Where required (for instance, for optional marketing communications), we will only process your data with your explicit consent.

How We Use Your Information

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders for flowers and related products.
  • Contacting you regarding your order (e.g., confirming your order, arranging delivery, or notifying you of any issues).
  • Managing payments and preventing fraud.
  • Improving our services based on feedback and communication history.
  • Meeting legal and regulatory obligations.

Data Retention

We only retain your personal data for as long as is necessary to fulfill the purposes outlined in this policy. After your order and any related customer service matters are completed, we keep your data for up to 6 years, in line with accounting and tax record keeping requirements. After this period, your data will be securely deleted or anonymised unless required to be kept longer as required by law.

Data Processors and Sharing

To provide our services, we may share certain personal data with trusted third parties who act as data processors on our behalf. These include:

  • Payment Service Providers: To securely process payments.
  • Delivery Partners: To deliver your flowers to the specified address.
  • IT Support and Hosting Providers: For maintaining secure IT systems and website operation.

All third-party processors are required to comply with data protection laws, keep your data confidential, and process it only according to our instructions. We do not sell or share your personal data with any third parties for marketing or unrelated purposes.

Your Data Protection Rights

Under the GDPR, you have several important rights regarding your personal data:

  • Right of Access: You can request confirmation of whether we hold your personal data, and obtain a copy of it.
  • Right to Rectification: You have the right to request corrections to inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data unless there is a valid legal reason for us to retain it.
  • Right to Restrict Processing: You may request that we limit the ways in which we use your data.
  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format, and have it transferred where feasible.
  • Right to Object: You can object to us processing your data, where we rely on legitimate interests as a basis.
  • Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to contact the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

Security of Your Personal Data

We use appropriate measures to protect your personal data from accidental loss, unauthorised access, disclosure, alteration, or destruction. Access to your information is limited to employees and designated processors who need to know it for the purposes outlined in this policy, and they are required to keep your data confidential and secure.

Children’s Privacy

Our services are not intended for use by anyone under 18 years of age. We do not knowingly collect or maintain personal data from children.

Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in legal, regulatory, or operational requirements. Updates will be posted on our website. It is your responsibility to review this policy periodically for any changes.

Contacting Us

If you have any questions about this privacy policy or the way we handle your personal data, please contact us at our business premises or using the methods outlined on our contact page.