Privacy Policy for Flower Delivery Cheshunt

Data Protection and Privacy Policy Overview

This Privacy Policy sets out how Flower Delivery Cheshunt ('we', 'us', 'our'), collects, uses, retains, and protects your personal information when you place flower delivery orders within Cheshunt and the surrounding districts. We are committed to complying with our obligations under the General Data Protection Regulation (GDPR) and ensuring your data privacy.

Scope of the Policy

This policy applies to all customers who order flowers for delivery from Flower Delivery Cheshunt, whether through our website, via phone, or in person. It covers all data collected in the course of placing, processing, and delivering your orders within Cheshunt and neighboring areas.

What Personal Data We Collect

When you interact with Flower Delivery Cheshunt, we may collect and process the following types of personal information:

  • Contact Details: Name, delivery address, billing address, and contact information (such as phone number).
  • Order Details: Order information including selected flower products, delivery instructions, and gift message contents.
  • Payment Information: Payment transaction details (note that card data is processed securely through our payment provider and not retained by us).
  • Communication Records: Details of correspondence, customer service queries, feedback, and complaints.
  • Technical Data: IP address, device information, and website usage data collected through cookies or analytics tools (if you use our website).

Lawful Basis for Processing Your Data

We process your personal data in accordance with the principles set out in the GDPR. Our lawful bases for processing your data are:

  • Contractual Necessity: To fulfill our contractual obligations to you when you place an order (for example, delivering your chosen flowers and communicating about your order).
  • Legal Obligation: To comply with applicable laws and regulations (for example, retaining transaction records for tax purposes).
  • Legitimate Interests: To pursue legitimate business interests, such as improving our services, customer support, and fraud prevention. We carefully balance our interests with your rights and freedoms.
  • Consent: For processing not covered by the above bases, such as sending marketing communications or using certain non-essential cookies, we will seek your explicit consent first. You may withdraw consent at any time.

How We Use Your Data

Your personal information is used for the following purposes:

  • Processing and fulfilling your flower delivery orders.
  • Arranging payment and issuing order confirmations or receipts.
  • Communicating with you about your order status, delivery, or any queries.
  • Handling customer service requests, feedback, or complaints.
  • Complying with our legal and regulatory obligations.
  • Improving our website, services, and customer experience (using aggregated data and analytics).
  • Providing you with marketing information (where consent has been obtained).

How Long We Retain Your Data

We retain your data for no longer than is necessary for the purposes described in this policy:

  • Order Data: Retained for up to seven years to satisfy legal, accounting, and tax requirements.
  • Customer Support Communications: Retained for as long as required to resolve your query, and for up to two years after resolution.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from our communications.
  • Cookies and Analytics Data: Retained according to our cookies policy and the expiry period of individual cookies, typically up to two years.

Upon expiration of these retention periods, your personal data is securely deleted or anonymized.

Data Sharing and Processors

We may share your personal data with selected third parties under strict obligations:

  • Payment Providers: To process payments securely for your orders.
  • Delivery Partners: To ensure accurate and timely delivery of your flowers.
  • IT Service Providers: Who enable us to operate our website, process orders, and store data securely.
  • Professional Advisors: Such as legal, accounting, or compliance consultants.

We ensure that all third-party processors act in accordance with GDPR requirements, process your information only on our instructions, and implement appropriate security measures.

Your GDPR Data Rights

Under the GDPR, you have important rights regarding your personal data:

  • Right to Access: You can ask to see what personal data we hold about you.
  • Right to Rectification: You can ask for inaccurate or incomplete information to be corrected.
  • Right to Erasure: You can request deletion of your data in certain circumstances.
  • Right to Restriction: You can ask us to limit processing of your data in specific situations.
  • Right to Data Portability: You can ask to receive your data in a portable format.
  • Right to Object: You can object to processing carried out for legitimate interests, direct marketing, or research.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise your rights or make a data-related request, please contact us via our official communication channels. We will respond to your requests in compliance with statutory time limits and may need to verify your identity to protect your data security.

Data Security

We implement technical and organisational measures to safeguard your personal data, such as encrypted data transfers, secure storage, limited access protocols, and regular security reviews. While we strive to protect your data, please be aware that no internet transmission is completely secure and you should also take precautions to safeguard your personal information.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in legal requirements, our processing practices, or our services. Any updates will be published on our website and effective upon posting. We recommend that you review this policy regularly to stay informed on how we protect your privacy.

Contact and Concerns

If you have questions, concerns, or requests related to your personal data, or if you wish to exercise any of your GDPR rights, please contact us through our official customer service channels. If you are unsatisfied with our response, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).