Privacy Policy for Flowers Bromley Customers

GDPR-Compliant Privacy Policy

This Privacy Policy explains how Flowers Bromley collects, uses, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Flowers Bromley from Bromley and surrounding districts. We are committed to safeguarding your privacy and ensuring transparency regarding your personal information.

1. What Data We Collect

To fulfil your order and provide a high standard of service, we collect the following categories of personal data:

  • Contact Details: Name, delivery address, billing address (if different), and contact number.
  • Order Details: Order information including products selected, special instructions, and occasion details.
  • Payment Information: Payment card details or transaction reference. Note: payment information is processed securely through third-party payment providers and is not retained by us beyond transaction completion, except as required for fraud prevention and legal compliance.
  • Communication Records: Correspondence with our team regarding orders, inquiries, or complaints.
  • Recipient Information: If you supply recipient details (e.g. for delivery), these are treated with the same degree of protection as customer details.
  • Technical Data: When you use our website, we may collect information such as your IP address, browser type, and usage data for analytics and performance improvements.

2. Lawful Basis for Data Processing

We process your personal data only when there is a lawful basis under GDPR. Our grounds for processing include:

  • Contract: Processing data to fulfil your order (e.g. delivering flowers, processing payments, confirming delivery details).
  • Legal Obligation: Compliance with applicable laws and regulations, including tax and accounting requirements.
  • Legitimate Interests: For purposes such as customer support, service improvements, fraud prevention, and handling inquiries, provided these do not override your rights and interests.
  • Consent: Where you have explicitly given us consent, such as for marketing communications.

3. Data Retention

Flowers Bromley will retain your personal information only as long as necessary for the purposes it was collected for, including fulfilling orders, complying with legal obligations, resolving disputes, and enforcing our agreements. In general:

  • Order and transaction records are retained for up to 6 years to fulfil accounting, tax, and regulatory requirements.
  • Customer service correspondence is retained for up to 2 years from the date of last interaction.
  • Marketing preferences are retained until you withdraw your consent.
  • Technical and usage data for analytics are anonymised as soon as practically possible.

After these periods, your data is securely deleted or anonymised.

4. Data Processors and Sharing

To provide our services efficiently, we sometimes use trusted third-party service providers (processors). These processors only have access to the information required to perform their functions and are required to comply with GDPR requirements. Key categories include:

  • Payment Processors: To handle card and electronic payments securely.
  • Delivery Companies: To ensure accurate and timely delivery of your orders.
  • IT Service Providers: For website hosting, data storage, and maintenance.

All processors operate under contractual agreements in compliance with data protection laws. Flowers Bromley does not sell or rent customer data to any third parties. Personal data is only shared beyond our processors where required by law or with your explicit consent.

5. International Data Transfers

Flowers Bromley primarily processes your data within the United Kingdom and the European Economic Area (EEA). Where it is necessary to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent level of data protection.

6. How We Protect Your Data

We implement a variety of technical and organisational measures to protect your data from unauthorised access, loss, misuse, or disclosure. These include:

  • Encrypted transmissions for data shared via our website or with processors.
  • Access controls and regular staff training on data protection.
  • Regular audits and technical security reviews.

7. Your Rights as a Data Subject

Under GDPR, you have a range of rights concerning your personal data:

  • Right of Access: Request a copy of your personal data held by us.
  • Right to Rectification: Request correction or update of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data where it is no longer necessary for the purposes collected, or if you withdraw your consent.
  • Right to Restriction: Request that we restrict processing of your personal data.
  • Right to Data Portability: Request a digital copy of your data in a commonly used format for transfer elsewhere.
  • Right to Object: Object to certain types of processing, such as direct marketing or profiling.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw it at any time.

Requests to exercise these rights can be made by contacting Flowers Bromley using the contact details provided on our website. We respond to all requests in accordance with legal requirements and within the statutory time frame.

8. Children's Data

Flowers Bromley does not knowingly collect or process data relating to individuals under the age of 16. If you believe we have inadvertently received such information, please notify us so we can delete it.

9. Changes to This Policy

We may periodically update this Privacy Policy to reflect changes in the law or in our data processing activities. The latest version is always available on our website. We encourage you to review it regularly to stay informed about how we protect your information.

10. Contact and Complaints

If you have questions about this Privacy Policy, our data processing practices, or wish to make a complaint, please use the contact details provided on our website to reach our Data Protection Officer. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority if you believe your rights have been infringed.

Your privacy and trust are very important to us. Thank you for choosing Flowers Bromley and for reviewing our Privacy Policy.