Shepherd's Bush Florist Privacy Policy

Introduction

This Privacy Policy outlines how Shepherd's Bush Florist (“we,” “us,” “our”) handles the personal data of individuals (“you,” “your,” “customer”) who place orders with us in Shepherd's Bush and surrounding districts. We are committed to protecting your privacy and handling your information in accordance with the European Union General Data Protection Regulation (GDPR) and related data protection laws.

Scope of this Policy

This policy applies to all customers who place orders directly with Shepherd's Bush Florist for delivery or collection in Shepherd's Bush, White City, Acton, Hammersmith, and other neighboring locations. It governs the collection, use, and management of your personal data whenever you order flowers or related products from us.

What Personal Data We Collect

We collect the following categories of personal information to process orders and provide floristry services:

  • Contact Information: Name, delivery address, billing address, contact telephone number.
  • Order Details: Specific products ordered, card messages, requested delivery times, and any special instructions.
  • Payment Information: Card details or payment transaction references (note: card details are processed directly through a secure payment provider and are not stored by us).
  • Communication Records: Emails, order confirmations, and customer service correspondence.
  • Device and Usage Information: IP address, device type, browser type, and usage patterns (if you use our website).

Lawful Basis for Processing

We only process your personal data when there is a lawful basis for doing so, as required under GDPR. The primary bases we rely on are:

  • Contractual Necessity: We process your information to fulfill your orders and provide customer services as part of our contract with you.
  • Legitimate Interests: We may use contact details to follow up on orders or improve our services, provided this does not override your privacy rights.
  • Legal Obligation: Certain information may be processed to comply with legal and regulatory requirements, such as record retention for tax purposes.
  • Consent: If you have explicitly agreed to receive marketing communications, we process your data based on your consent. You may withdraw your consent at any time.

How We Use Your Information

Your personal data is used strictly for the following purposes:

  • Processing, managing, and delivering your orders.
  • Responding to your inquiries or requests.
  • Notifying you of order status, delivery updates, or issues.
  • Improving and personalizing our services.
  • Meeting legal and accounting obligations.
  • With your permission, sending occasional updates about our products or special offers.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to resolve disputes, and as required by applicable law. Typically:

  • Order and transaction records are retained for up to 7 years to comply with tax and accounting laws.
  • Customer service communication is kept for up to 2 years for quality assurance.
  • Marketing consent records are retained until you withdraw consent.

After these periods, your data will be securely deleted or anonymized.

Third-Party Processors

To provide our services, we may share your personal data with trusted third-party processors who work on our behalf and only process your data in accordance with our instructions. These include:

  • Payment Processors: For secure payment handling (your card details are never stored by us).
  • Delivery Partners: Courier or delivery services for order fulfillment.
  • Technical Service Providers: Providers of IT, web hosting, and customer management systems.

All processors are contractually bound to protect your data and are prohibited from using it for unrelated purposes.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal information:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request erasure of your personal data in certain circumstances (the 'right to be forgotten').
  • Right to Restrict Processing: Ask us to restrict how we process your data in certain situations.
  • Right to Data Portability: Receive a copy of your personal data in a common, machine-readable format.
  • Right to Object: Object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time without affecting the lawfulness of processing carried out before withdrawal.

How We Protect Your Data

We take data security seriously and use industry-standard measures to protect your information. This includes secure storage, encryption of sensitive data during transfer, limited access to personal data by authorized personnel only, and regular reviews of our data handling processes.

Children's Privacy

Our services are intended for customers aged 18 and over. We do not knowingly collect data from children under 18. If we become aware of such data being inadvertently collected, we will take steps to delete it promptly.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated to customers placing orders through visible updates on our website or at the point of order. The date of the last update will always be shown at the end of this document.

Contact and Concerns

If you have questions or concerns about how your personal data is used, or wish to exercise any of your rights, please contact us using the details provided through our usual customer communication channels, such as our website or in-shop staff; we are always happy to help. You also have the right to lodge a complaint with the UK Information Commissioner's Office if you believe your data has been handled unlawfully.

Last updated: June 2024