Flowers Rotherhithe Privacy Policy Overview
Privacy Policy for Flowers Rotherhithe Customers
This Privacy Policy explains how Flowers Rotherhithe collects, uses and protects personal data of customers who place orders from Rotherhithe and the surrounding districts. It is intended to provide clear information in accordance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR.
By placing an order with Flowers Rotherhithe or otherwise providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy. This policy applies to all individual customers, recipients and website users located in or ordering to Rotherhithe and neighbouring areas.
Who We Are and Scope of This Policy
Flowers Rotherhithe is a local florist business providing floral products and related services to customers in Rotherhithe and surrounding districts. For the purposes of data protection law, Flowers Rotherhithe is the data controller of the personal data described in this Privacy Policy. This means we decide how and why your personal data is processed.
This Privacy Policy covers personal data processed when you browse our website, place an order, contact us with an enquiry, or otherwise interact with us in the context of our services in Rotherhithe and nearby districts.
Personal Data We Collect
We collect and process different categories of personal data depending on how you interact with us. The main categories are:
Identity and contact details: Name, billing address, delivery address (including recipient details), and in some cases your preferred contact method.
Order and transaction information: Details of floral products ordered, card messages, delivery instructions, order date and time, transaction amounts, and basic payment confirmation information (we do not store full payment card details; these are handled securely by our payment processors).
Communication data: Information you provide when you contact us by post or through other communication channels, including enquiries, complaints, feedback or special requests.
Technical and usage data: When you use our website, limited technical information may be collected, such as your IP address, browser type, device information, and your interactions with our website pages. This is typically collected via cookies or similar technologies and is used to help operate and improve our website.
Preference data: Your marketing and communication preferences, preferred delivery times, and flower or product preferences that you choose to share with us.
Purposes and Lawful Bases for Processing
We process your personal data only where there is a lawful basis under the GDPR. The main purposes and corresponding lawful bases are as follows:
To process and deliver your orders: We use your identity, contact and order information to accept, confirm, prepare and deliver your floral orders, and to manage payments and refunds. The lawful basis is the performance of a contract or steps taken at your request prior to entering into a contract.
Customer service and communication: We process your contact and communication data to respond to your enquiries, provide order updates, and handle complaints or queries. The lawful basis is performance of a contract and our legitimate interest in providing efficient customer service.
Marketing communications: Where permitted, we may use your contact details and preference data to send you information about our products, seasonal offers or promotions relevant to Rotherhithe and surrounding districts. The lawful basis is your consent where required, or our legitimate interest in promoting and developing our business. You can withdraw consent or opt out of marketing at any time.
Website operation and improvement: Technical and usage data may be processed to operate our website, ensure security, measure performance and understand how visitors use our services. The lawful basis is our legitimate interest in running and improving our website and services.
Legal and regulatory obligations: We may process your personal data to comply with legal or regulatory requirements, including tax and accounting obligations or responding to lawful requests from authorities. The lawful basis is compliance with legal obligations.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.
Order and transaction records: We typically retain order information and associated personal data for a period consistent with tax and accounting rules, usually up to six years after the end of the financial year in which the order was placed, unless a longer period is required by law.
Customer service records: Communications related to enquiries, complaints or feedback are generally retained for up to three years after resolution, to assist with any follow-up issues and to improve our services.
Marketing data: If you subscribe to marketing communications, we keep your contact and preference data until you opt out or withdraw your consent, or until we determine that the information is no longer needed.
Technical and usage data: Website logs and analytics data are usually retained for shorter periods necessary for security, troubleshooting, and analysis, after which they may be anonymised or deleted.
Data Sharing and Processors
We do not sell your personal data. However, we may share your information with selected third parties where necessary to provide our services or comply with legal obligations. These third parties act as data processors or, in some cases, independent controllers. Categories of recipients include:
Payment service providers: To process your payments securely when you place an order with Flowers Rotherhithe. These providers handle payment card details and provide us with payment confirmations.
IT and hosting providers: Companies that host our website, maintain our systems, or provide other technical services necessary for running our business.
Delivery partners or couriers: Where applicable, we may share delivery details, including recipient name, address and delivery instructions, to enable delivery within Rotherhithe and surrounding districts.
Professional advisers and authorities: Accountants, legal advisers or regulatory authorities, where necessary for compliance with our legal obligations or to protect our rights.
Whenever we use data processors, we ensure there is a written contract requiring them to process personal data only in accordance with our instructions, to keep it secure, and to comply with applicable data protection laws.
International Transfers
Our primary operations and services are based in the United Kingdom. If personal data is transferred outside the UK or European Economic Area, we will ensure that adequate safeguards are in place, such as standard contractual clauses or equivalent protective measures, in accordance with data protection law.
How We Protect Your Data
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration or disclosure. These measures include restricted access to personal data, appropriate physical security for premises and systems, and regular review of our security practices.
While no system can be completely secure, we are committed to maintaining a level of security appropriate to the risks associated with the processing of personal data in connection with Flowers Rotherhithe orders.
Your Data Protection Rights
Under the GDPR, you have several rights in relation to your personal data. These rights may be subject to certain legal conditions and exemptions. Your main rights include:
Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of that data, along with certain information about how it is processed.
Right to rectification: You can ask us to correct or complete any inaccurate or incomplete personal data we hold about you.
Right to erasure: In certain circumstances, you may request that we delete your personal data, for example where it is no longer needed for the purposes for which it was collected or where you have withdrawn your consent.
Right to restriction of processing: You can ask us to restrict the processing of your data in certain situations, such as where you contest its accuracy or object to our use of it.
Right to data portability: In some cases, you may request to receive personal data you have provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
Right to object: You can object at any time to processing of your personal data based on our legitimate interests, including profiling. You also have an absolute right to object to direct marketing.
Rights in relation to automated decision-making: Flowers Rotherhithe does not carry out automated decision-making that has legal or similarly significant effects on individuals in the context of this Privacy Policy.
To exercise any of your rights, you may contact us using the usual contact channels associated with Flowers Rotherhithe. We may need to verify your identity before responding to your request, and we aim to respond within the time limits set by data protection law.
Complaints
If you have concerns about how we handle your personal data, we encourage you to contact us so we can address your concerns. You also have the right to lodge a complaint with the relevant data protection supervisory authority in the United Kingdom or in the country where you live or work, if you believe your data protection rights have been infringed.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services in Rotherhithe and surrounding districts. When we make significant changes, we will take appropriate steps to bring the changes to your attention. The date of the latest revision will be indicated in the most recent version of this Privacy Policy.
We recommend that you review this Privacy Policy periodically to stay informed about how Flowers Rotherhithe protects and uses your personal data.
