Flowers Stanmore Privacy Policy

Privacy Notice for Flowers Stanmore Customers

This Privacy Policy explains how Flowers Stanmore ('we', 'us', or 'our') collects, uses, and protects your personal data when you order our floral products and services. This policy applies to all customers placing orders for delivery or collection from Stanmore and surrounding districts. Your privacy is important to us, and we are committed to ensuring your information is handled in accordance with the UK General Data Protection Regulation (GDPR) and relevant legislation.

What Data We Collect

When you place an order with Flowers Stanmore, we may collect the following categories of personal data:

• Identity Data: Your name and (if applicable) the recipient’s name.
• Contact Data: Delivery address, billing address, and contact details such as phone number.
• Order & Transaction Data: Order details, purchases made, order date, and payment method. (We do not store your full payment card details; these are processed securely by our payment provider.)
• Correspondence: Information relating to your contact with us, including feedback or queries.
• Technical Data: IP address, browser type, device information, and website usage statistics, where collected via cookies or analytics tools (see our cookie policy for details).

Lawful Basis for Processing Data

Flowers Stanmore collects and processes your personal data only where there is a legal basis to do so under the GDPR. The lawful bases applicable to our processing include:

• Performance of a Contract: Most data we collect is necessary for us to fulfil your flower order, arrange deliveries, and provide our services.
• Legal Obligations: Some data may be retained to comply with laws, such as record-keeping requirements for accounting and tax purposes.
• Legitimate Interests: We may process your data to improve our services, prevent fraud, or handle customer support, provided these interests do not override your fundamental rights and freedoms.
• Consent: If we wish to send you marketing materials or process special categories of data, we will request your explicit consent. You may withdraw this at any time.

Retention Periods

We retain your personal data only as long as necessary for the purposes described in this policy and to fulfil our legal obligations. Typically, order and transaction records are retained for up to seven years, in line with accounting laws. Customer correspondence may be stored for up to two years from the date of your last contact. Data used for marketing purposes will be retained until you unsubscribe or withdraw consent, at which point it will be securely erased. When data is no longer required, it will be deleted or anonymised in accordance with best practices.

Data Processors and Sharing

To provide our services, we use trusted third-party processors. These may include:

• Payment Providers: Securely process card payments. We do not store complete payment information ourselves.
• Delivery Partners: Where applicable, to deliver flowers to the address specified in your order.
• IT and Hosting Providers: To operate our website and maintain secure digital infrastructure.
• Professional Advisors: Such as accountants or auditors, if legally required.

All processors act on written instructions and are required to comply with GDPR. Data may only be used for the agreed purposes and is protected with appropriate safeguards. We do not sell or rent your data to third parties.

User Rights Under the GDPR

As a customer of Flowers Stanmore, you have several rights concerning your personal data under the GDPR:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to ask us to correct or update inaccurate or incomplete data.
• Right to Erasure: You may request the deletion of your data, in certain circumstances (e.g. where we are no longer required to retain it).
• Right to Restrict Processing: You can ask us to restrict how we use your data while we resolve concerns you raise.
• Right to Data Portability: Where applicable, you can request that we transfer your data to another provider.
• Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

If you wish to exercise any of these rights, please contact us using the details provided on our website or by post.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data against accidental, unlawful, or unauthorised loss, access, or use. This includes secure servers, encrypted data transmissions, robust password practices, regular staff training, and restricted access only to staff and partners who need to process your order. We review and update our security measures regularly.

International Transfers

Your data is generally processed within the UK or the European Economic Area (EEA). If we ever need to use processors outside these regions, we will ensure equivalent safeguards are in place as required by law, such as Standard Contractual Clauses or adequacy decisions.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in laws or our business operations. We encourage you to review this policy periodically. Significant changes will, where practical, be communicated in advance or at the point of order.

Contact and Complaints

If you have questions regarding your personal data or this privacy policy, please contact Flowers Stanmore using the details on our website or by post. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has not been handled in accordance with the law.

Last updated: June 2024