Flower Delivery Spitalfields GDPR Privacy Policy

Introduction

This Privacy Policy outlines how Flower Delivery Spitalfields (“we”, “us”, or “our”) collects, uses, stores, protects, and processes your personal data when you place orders with us from Spitalfields and the surrounding districts. We are committed to safekeeping your personal information and ensuring transparency about your rights under the UK General Data Protection Regulation (GDPR).

Who This Policy Applies To

This policy is intended for all customers who place orders with Flower Delivery Spitalfields, whether directly through our website, over the phone, or in person within Spitalfields and neighbouring areas. By using our services, you acknowledge and agree to the practices detailed in this Privacy Policy.

Personal Data We Collect

When you use our flower delivery service, we may collect the following categories of personal data as necessary for order fulfillment and customer service:

  • Contact details: Name, delivery address, billing address, phone number.
  • Order information: Details of your purchase including items ordered, order dates, and delivery instructions.
  • Payment data: Payment method details and transaction records (note: we do not retain complete payment card numbers).
  • Communication data: Any correspondence you have with us, including queries, special requests, and feedback.
  • Technical data: Limited information about how you use our website, such as IP address, browser type, and cookies (see our separate Cookie Policy).

Lawful Basis for Processing Your Data

Under GDPR, we are required to have a lawful basis for processing your personal information. Flower Delivery Spitalfields relies on the following grounds:

  • Contractual Necessity: We process your data to enter into and fulfil our contract with you to supply goods and services.
  • Legal Obligation: Some processing is mandatory for compliance with UK law (e.g., maintaining records for tax purposes).
  • Legitimate Interests: We may process your contact and order history to improve our products or services, provided our interests do not override your rights.
  • Consent: For direct marketing, where applicable, we will seek your explicit consent beforehand, and you may withdraw it at any time.

How We Use Your Data

We process your personal data for the primary purposes of:

  • Managing and fulfilling your orders, including arranging delivery and payment processing.
  • Responding to your queries, requests, and any service-related communications.
  • Administrative functions and business analytics.
  • Complying with legal and regulatory requirements.
  • Sending you information about similar products and services, subject to your communication preferences.

How Long We Keep Your Data (Data Retention)

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting, or reporting requirements. Typically:

  • Order and transaction records are retained for up to six years to comply with tax and accounting obligations.
  • Customer contact details and communications are kept for no longer than three years after your last purchase, unless longer retention is required under law.
  • Technical data collected via cookies or analytics is deleted in accordance with our Cookie Policy.

After these periods, we securely erase or anonymise your personal information.

Third Party Data Processors

We may share your personal data with trusted third-party processors who aid us in providing and delivering our services. These include:

  • Payment service providers: To securely process transactions.
  • Delivery and courier companies: To deliver your orders to the correct address.
  • IT and support service providers: To maintain and safeguard our website, databases, and communications infrastructure.
  • Professional advisors: For legal, accounting or regulatory advice.

We ensure that all data processors comply with GDPR requirements and only act on our documented instructions, using appropriate security measures to protect your information. Your data is not sold or shared with third parties for their own marketing purposes.

Your Rights under GDPR

As a customer, you have the following GDPR rights over your personal data:

  • Access: You can request a copy of the personal information we hold about you.
  • Rectification: You can ask us to correct or update inaccurate or incomplete data.
  • Erasure: You can request that we delete your data, subject to certain legal exceptions.
  • Restriction: You can request that we limit the processing of your personal data in certain circumstances.
  • Data Portability: You can request a copy of your data in a structured, commonly used format for transfer elsewhere.
  • Objection: You can object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: When processing is based on your consent, you may withdraw this at any time.

If you wish to exercise any of these rights, please contact us using the details provided at the bottom of this policy. We may require proof of identity before fulfilling certain requests, to safeguard your data.

Children’s Privacy

We do not knowingly collect or process personal information about anyone under the age of 16. If you believe that a child has provided us with their personal data without parental consent, please notify us so that we can investigate and delete such information as appropriate.

Data Security Measures

We implement appropriate technical and organisational security measures to protect your personal data from loss, misuse, unauthorised access, disclosure, or alteration. These include secured databases, encryption protocols in our payment processes, access controls, and regular staff training on data protection.

Changes to This Privacy Policy

We review and update this Privacy Policy regularly. Any substantial changes will be notified to you by reasonable means, where possible, before they take effect. Please revisit this page routinely to ensure you remain aware of any updates.

Contacting Us

For further information about this Privacy Policy, to exercise your rights, or to raise a concern or make a complaint about our data practices, please contact us using the details provided on our website or at our Spitalfields office. If you are dissatisfied with how we handle your request or personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).