Flowers Plaistow Privacy Policy

Policy Overview

This Privacy Policy outlines how Flowers Plaistow collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (GDPR). This policy is applicable to all customers placing orders with Flowers Plaistow from Plaistow and the surrounding districts. We are committed to ensuring that your privacy is protected and your personal data is treated with care and transparency.

What Data Do We Collect?

We collect and process personal data necessary to fulfil your orders and provide you with our services. The types of personal data we may collect include:

  • Identity Information: Name (first and last), title
  • Contact Information: Delivery address, billing address, contact number, and billing postcode
  • Order Information: Details of products ordered, purchase dates, delivery instructions, special requests, and recipient information where applicable
  • Payment Information: Payment card details (processed via secure payment providers; we do not store full card information)
  • Communication Data: Any correspondence sent to Flowers Plaistow through our online forms or customer service channels, including feedback and complaints
  • Technical Data: IP address, browser type, device identifiers, and browsing activity on our website

Lawful Basis for Processing

Under GDPR, we may only process your personal data when there is a legal basis to do so. The lawful bases on which Flowers Plaistow relies include:

  • Contractual Necessity: Most of the data we process is required to fulfil the contract of sale and deliver your order. Without the necessary information, we would not be able to process your requests or send your flowers.
  • Legal Obligations: Certain information is required for compliance with legal and regulatory requirements, such as record-keeping for tax purposes.
  • Legitimate Interests: We may process your information for legitimate business interests, such as improving our services, fraud prevention, protecting our business, and managing customer relationships; these activities do not override your rights and freedoms.
  • Consent: We may occasionally request your explicit consent for specific uses of your data, such as direct marketing material. Where consent is relied upon, you may withdraw your consent at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders, including delivery and customer support
  • Communicating with you regarding your purchase and any related inquiries or complaints
  • Managing payments and preventing fraudulent transactions
  • Maintaining accurate internal records for accounting, auditing, and regulatory compliance
  • Improving our website, products, and services based on analysis of customer activity and feedback
  • Sending required service notices, transactional communications, or information regarding policy updates

How Long We Retain Your Data

We retain your personal data only as long as necessary for the fulfilment of your order, to meet legal or regulatory requirements, and as permitted under the lawful basis outlined above. Retention periods are as follows:

  • Order and Transaction Data: Typically retained for up to seven years to comply with accounting and taxation laws.
  • Contact and Communication Records: Retained for up to two years after order completion or last contact, unless we have an ongoing customer relationship or are required by law to retain it longer.
  • Marketing Preferences: Where you have opted in for marketing communications, we will retain your details until you unsubscribe or withdraw your consent.

Once your data is no longer required, it will be securely deleted or anonymised.

Processors and Data Sharing

We do not sell your personal data to third parties. However, we may share your information with selected third-party service providers (data processors) to enable the provision of our services. These may include:

  • Payment processors: To securely handle your card payments and prevent fraud
  • Delivery partners: Trusted couriers or drivers to deliver your orders to the specified address
  • IT and Website Hosting Providers: To support our website infrastructure, data storage, backup, and analytics functions
  • Professional advisers: Such as accountants, auditors, or legal consultants, where required for our operations and compliance

All data processors acting on our behalf are contractually obligated to handle your data securely, confidentially, and in accordance with GDPR. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes in accordance with our instructions.

Your Rights under GDPR

As a data subject, you have several rights under GDPR regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: If any information we hold is incomplete or inaccurate, you have the right to request correction.
  • Right to Erasure: In certain circumstances, you may request that your data be deleted.
  • Right to Restrict Processing: You can request limits on how we use your data under specific conditions.
  • Right to Data Portability: Where applicable, you can ask for your data in a machine-readable format to transfer to another provider.
  • Right to Object: You have the right to object to certain types of data processing, such as direct marketing.
  • Right to Withdraw Consent: Where consent is the lawful basis, you may withdraw consent at any time for processing that relies on it.

To exercise any of these rights, you may contact us through the customer service channels provided on our website or in your transaction receipts. We will respond to any legitimate requests within one month, as prescribed by law.

Security of Your Personal Data

We employ appropriate technical and organizational measures to ensure your personal data is protected against unauthorized or unlawful access, disclosure, alteration, or destruction. These measures include secure servers, access controls, encryption of data during transmission, and staff training regarding data protection obligations.

Policy Updates

We regularly review our Privacy Policy to comply with changing laws and business practices. Any updates will be reflected in this document. Substantial changes will be communicated with reasonable advance notice where appropriate. By continuing to use our services following such changes, you acknowledge our updated privacy practices.

Contact and Complaints

If you have questions, concerns, or wish to exercise your data rights, please use the contact details and forms provided on the Flowers Plaistow website. You are also entitled to lodge a complaint with the Information Commissioner's Office if you believe your data rights have been violated, although we encourage you to contact us first so we can address your concerns directly.