Florist Northwood GDPR Privacy Policy

Introduction

This Privacy Policy outlines how Florist Northwood collects, processes, stores, and protects the personal data of its customers. The policy is designed to be fully compliant with the UK General Data Protection Regulation (GDPR) and is applicable to all customers placing orders with Florist Northwood from Northwood and surrounding districts. We are committed to safeguarding your privacy and ensuring transparency in the use of your information.

What Data We Collect

Florist Northwood collects personal data necessary for the provision of our services and order fulfillment. The types of data we may collect include:

  • Contact Information: Your full name, delivery address, email address, and telephone number for communication and delivery purposes.
  • Order Information: Details of your orders, including product selections, card messages, and delivery notes.
  • Payment Information: Payment card details and transaction data (processed securely via our payment partners).
  • Recipient Information: Names, addresses, and contact details of recipients designated by the customer.
  • Technical Data: IP address, device type, browser type and version, interaction logs, and cookies as required for website operation and analytics.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a valid lawful basis to process your personal data. Florist Northwood processes customer data under the following legal bases:

  • Contractual Necessity: To fulfill and deliver your order, and communicate regarding order status (Article 6(1)(b)).
  • Legal Obligations: To meet record-keeping requirements and comply with laws relating to tax or regulatory obligations (Article 6(1)(c)).
  • Legitimate Interests: For service improvement, fraud prevention, and communication purposes, provided such interests are not overridden by your rights (Article 6(1)(f)).
  • Consent: Where you voluntarily sign up for marketing communications, your consent is required (Article 6(1)(a)). You may withdraw your consent at any time.

How We Use Your Data

Your data is used solely for the purposes described below:

  • Processing, confirming, and delivering your floral orders.
  • Providing customer support and responding to queries or complaints.
  • Sending service-related communications, such as order confirmations and delivery updates.
  • Improving website usability and customer experience via analytics.
  • Complying with applicable laws and regulatory obligations.
  • If agreed, sending promotional offers and news about Florist Northwood events or services.

Data Retention

Florist Northwood retains your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Orders and Transaction Records: Retained for a minimum of six years in compliance with tax and accounting laws.
  • Customer Accounts: Maintained while your account is active or until you request its deletion.
  • Marketing Data: Retained until you opt-out or withdraw your consent for marketing communications.
  • Cookies and Analytics: Retention periods vary as specified in our cookie policy, which are set to the minimum necessary duration for performance measurement.

Following the expiry of the retention period, your data will be securely deleted or anonymised so that it can no longer be connected to your identity.

Data Processors and Third Parties

Florist Northwood may engage trusted third-party data processors to facilitate essential business functions, such as order payment processing, delivery logistics, IT services, and website analytics. Whenever we employ such processors, we take steps to ensure they comply with GDPR requirements and process your personal data on the basis of written contracts that ensure your privacy rights are maintained. Third-party processors may include:

  • Payment processing partners (for secure transaction handling).
  • Courier or delivery partners (to complete the delivery of your orders).
  • IT service providers (for secure website hosting and technical support).
  • Analytics providers (for improving website performance and customer experience).

We do not sell, lease, or trade your personal information to any other companies or organisations. Data will not be transferred outside the European Economic Area (EEA) unless adequate safeguards, as mandated by GDPR, are in place.

Your Rights as a Data Subject

As a customer of Florist Northwood, you have specific rights regarding the personal data we hold about you. Under the GDPR, you are entitled to:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right of Rectification: Request correction of any inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where there is no overriding legal basis for its continued processing.
  • Right to Restrict Processing: Ask us to pause or limit processing of your data in certain circumstances.
  • Right to Data Portability: Obtain and reuse your data for your own purposes across different services.
  • Right to Object: Object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where consent is the legal basis, you may withdraw it at any time, affecting future processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority, such as the Information Commissioner's Office (ICO), if you believe your data has been processed unlawfully.

How We Protect Your Information

We implement industry-standard technical and organisational security measures to protect the confidentiality, integrity, and availability of your personal data. Access to your data is strictly limited to staff and processors who require it for fulfilling their responsibilities. All payment information is handled using secure encryption technology, and our team undergoes privacy and data protection training.

Policy Applicability and Updates

This privacy policy applies to every customer placing orders with Florist Northwood in Northwood and the surrounding districts. We reserve the right to update this Privacy Policy as changes in law or our business practices require. Changes will be published promptly, and where appropriate, we will notify customers of significant updates. We encourage customers to review this policy regularly.

Contact Us

If you have any queries, concerns, or wish to exercise your individual data rights as outlined above, please contact us through the contact details provided on our website. We are committed to responding to your request within one calendar month as mandated by GDPR regulations.