Florist Tolworth Privacy Policy for Customers

Introduction

This Privacy Policy describes how Florist Tolworth manages your personal data in accordance with the General Data Protection Regulation (GDPR). It applies to all customers placing orders with Florist Tolworth from Tolworth and the surrounding districts. By using our services, you acknowledge the practices described in this policy, which is intended to help you understand how we collect, use, secure, and share your information, as well as your legal rights.

What Data We Collect

We collect personal data to process your orders effectively and provide a smooth customer experience. The data we collect depends on the nature of your interaction with Florist Tolworth, but may include:

  • Contact Details: Full name, delivery address, billing address, and phone number.
  • Order Information: Details about the products or services you order, such as flower arrangements, delivery preferences, and your message to recipients.
  • Payment Information: Payment card details (processed through secure third-party processors) and transaction history.
  • Communication: Records of communications with us, including complaints, inquiries, or feedback.
  • Technical Data: IP address, device information, and browsing activity associated with our online ordering platform (if applicable).

We do not knowingly collect or process special category data (including data about health, ethnicity, or religious beliefs), nor do we intentionally collect data from children under 16.

Lawful Basis for Processing Personal Data

Under GDPR, we must have a lawful basis to process your personal data. Florist Tolworth relies on the following legal bases:

  • Contractual Necessity: Processing is necessary for us to fulfill your order, deliver your flowers, and administer payment.
  • Legal Obligation: We may process your data to comply with relevant legal requirements such as maintaining records for tax purposes.
  • Legitimate Interests: We may process your data for purposes that are proportionate and do not override your privacy rights, such as improving our products, fraud prevention, or responding to customer queries.
  • Consent: For direct marketing or certain types of cookies, we process your data only with your explicit consent, which you may withdraw at any time.

How We Use Your Information

Your personal data is used strictly for the purpose it was collected. Key uses include:

  • Processing your floral order and arranging delivery to the specified address.
  • Communicating with you about your order, including confirmations and updates.
  • Handling payment and invoicing tasks securely via our payment partners.
  • Responding to your questions or complaints and resolving any issues quickly.
  • Abiding by legal and regulatory requirements to which we are subject.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, customer and order information will be stored for up to six years after the transaction, unless a longer retention period is required or permitted by law. Once this period expires, your data will be securely deleted or anonymised.

Data Processors and Third Parties

Florist Tolworth may share your personal data with certain trusted third parties who assist us in providing our services, known as data processors. These include:

  • Payment Service Providers: To process your transaction securely and efficiently.
  • Delivery Partners: To ensure your order arrives at the correct destination.
  • IT and Hosting Providers: To securely store your data and support our ordering systems.
  • Professional Advisers: Such as auditors or legal consultants, to ensure legal and regulatory compliance.

All data processors are required to handle your data only as instructed by us, are bound by confidentiality agreements, and must implement suitable security measures. We do not sell, rent, or trade your data with third parties for their marketing purposes.

International Data Transfers

While we endeavour to store and process your data within the UK and European Economic Area (EEA), it may occasionally be transferred to countries outside this region, for example if a delivery provider or payment processor operates internationally. Where this occurs, we ensure that appropriate safeguards (such as standard contractual clauses or certification mechanisms) are in place to protect your privacy.

How We Protect Your Information

Florist Tolworth implements appropriate technical and organisational measures to secure your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These security practices include:

  • Encrypted transmission of payment information.
  • Restricted access to customer records to authorised staff only.
  • Regular review and updating of our data protection protocols.
  • Secure disposal of records when retention is no longer required.

Your Rights Under GDPR

As a data subject under GDPR, you have specific rights regarding your personal information processed by Florist Tolworth:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your data under certain circumstances (also known as the "right to be forgotten").
  • Right to Restrict Processing: Ask us to suspend the processing of your data.
  • Right to Data Portability: Obtain and reuse your data for your own purposes across different services.
  • Right to Object: Object to the processing of your data where we rely on legitimate interests, including for direct marketing.
  • Right to Withdraw Consent: Where we rely on your consent to process data, you may withdraw this consent at any time.

If you wish to exercise any of these rights, please contact us and we will respond to your request in line with GDPR requirements. We may need to verify your identity before fulfilling certain requests.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. The most recent version will always apply to your data. We encourage you to review this page regularly to stay informed about how we protect your personal information.

Contact and Further Information

If you have any questions about your data, how it is processed, or want to exercise any of your data rights, please reach out to us through the standard contact methods listed on our website or in your order confirmation. We will be happy to assist you further.

This policy was last updated in June 2024.