Ruislip Florist Privacy Policy

Introduction

Your privacy is important to Ruislip Florist (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (“GDPR”). This policy applies to all customers placing orders with Ruislip Florist from Ruislip and surrounding districts. By making use of our services, you agree to the collection and use of your information as described in this policy.

What Data We Collect

Depending on your interaction with us, Ruislip Florist may collect the following data:

  • Contact Information: such as your name, delivery address, billing address, and contact telephone number.
  • Order Details: including the products chosen, any messages provided for recipients, delivery preferences, and order notes.
  • Payment Information: where applicable, payment details are processed securely by our third-party payment processor and not stored by Ruislip Florist.
  • Digital Information: such as your IP address, browser type, device details, and information relating to your visit for analytics and security.
  • Correspondence: records of correspondence, including queries, complaints, or feedback submitted via channels available to you.

Lawful Basis for Processing

Under GDPR, we only process personal data where we have a valid legal basis. Our grounds for processing your data are:

  • Performance of a Contract: Most data collected (such as contact, delivery, and order details) is necessary to fulfill your floral order.
  • Legal Obligations: Retaining some records for accounting, tax, or legal requirements.
  • Legitimate Interests: We may use information to maintain business operations, respond to customer inquiries, improve services, prevent fraud, and maintain our website’s security.
  • Consent: Where required, we may process your data (e.g., for marketing) after obtaining your explicit consent. You can withdraw your consent at any time.

How We Use Your Information

We use your information to:

  • Process orders and arrange delivery of floral arrangements;
  • Contact you regarding your order if necessary;
  • Manage customer queries and provide customer service;
  • Comply with legal and financial obligations;
  • Improve and administer our website and services;
  • Send marketing communications, if you have opted in to receive them.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected. This typically means we retain order-related information for up to six years to meet accounting and legal requirements. Where data is held only for marketing or business analysis (with your consent), it will be deleted or anonymized if you withdraw consent.

After the relevant retention period, data is securely deleted or anonymized so it can no longer be associated with you.

Data Processors and Third Parties

We sometimes share your data with trusted third-party service providers to fulfill orders and deliver our services. These providers have contractually agreed to handle your data securely and in compliance with GDPR. Common categories of data processors include:

  • Payment Processors: To securely process your payment details; payment details are not stored within Ruislip Florist systems.
  • Delivery Couriers: To deliver your floral orders to the requested address.
  • IT and Cloud Service Providers: For secure hosting, data backup, and email communications.
  • Professional Advisors: (such as accountants or legal advisors) if required by law.

We do not sell your data to third parties. If we are required by law to share data (such as with regulatory authorities), we will do so only as mandated.

User Rights Under GDPR

You have several rights regarding your personal data. These include:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure: You can request that we delete your personal data, subject to certain legal exemptions.
  • Right to Restrict Processing: In certain circumstances, you have the right to limit how your data is used.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used format for transfer to another provider, where applicable.
  • Right to Object: You can object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.

If you wish to exercise any of these rights, please contact us using the details found on our website or in your order confirmation.

Security of Your Data

We prioritise the security of your personal data and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. Access to your personal data is restricted to employees and processors who need to know that information in order to fulfill your order or assist with your enquiry.

International Data Transfers

Ruislip Florist primarily stores your data within the United Kingdom or European Economic Area (EEA). If your data is processed in a country outside the EEA, we ensure it is protected by appropriate safeguards and contractual requirements in accordance with GDPR.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes to our business practices, legal obligations, or applicable regulations. When we make changes, we will revise the "last updated" date at the end of this document. We encourage you to review this Privacy Policy periodically.

Contact and Complaints

If you have questions, concerns, or wish to exercise your data rights, please contact us through the methods listed on our website. If you are not satisfied with how we handle your data, you may contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

Last updated: 2024