Florist Feltham Privacy Policy

Introduction

This Privacy Policy explains how Florist Feltham (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you place an order with us. This Policy applies to all customers placing orders from Feltham and the surrounding districts. Your trust is important to us, and we are committed to processing your data in accordance with the General Data Protection Regulation (GDPR) and all applicable privacy laws.

What Personal Data We Collect

When you interact with Florist Feltham—by phone, through our website, or during in-person visits—we may collect and process the following types of personal data:

  • Contact Information: Name, delivery and billing addresses, phone number.
  • Order Details: Product selection, delivery instructions, purchase history.
  • Payment Information: Payment card details are processed securely by our payment provider, and are not stored by us.
  • Communication Data: Any correspondence between you and our team, including special requests or feedback.
  • Technical Data: IP address, browser type, device information, and usage data if you access our website.

Lawful Basis for Data Processing

In accordance with Article 6 of the GDPR, Florist Feltham processes your personal data only when there is a lawful basis to do so. These include:

  • Contractual Necessity: To fulfill our obligations regarding your order, such as processing payment and delivering flowers to your chosen address.
  • Legal Obligation: Where required under applicable laws (for example, for accounting and tax records).
  • Legitimate Interest: For purposes such as improving our services, preventing fraud, or handling customer queries, provided that your rights do not override these interests.
  • Consent: Where you have explicitly agreed, such as to receive marketing communications. You may withdraw your consent at any time.

How We Use Your Data

Your personal data will be used for the following purposes:

  • To process your orders and payments accurately.
  • To arrange delivery or collection of products to your specified address.
  • To communicate with you regarding your order, inquiries, or feedback.
  • To maintain our records and comply with applicable legal obligations.
  • To improve our products and services based on customer feedback and usage patterns.
  • If you consent, to provide offers and updates about our services you might be interested in.

Data Retention

We retain your personal data only as long as is necessary to fulfill the purpose it was collected for, including for any legal, accounting, or reporting requirements. Typically, order-related data is kept for up to seven years to comply with tax laws and financial auditing, after which it is securely deleted or anonymized. Communication and feedback data may be retained for up to two years to help us improve our services.

Our Data Processors

Florist Feltham uses a limited number of carefully selected third-party processors to process data on our behalf. These may include:

  • Payment service providers to process your card transactions securely.
  • Delivery and courier services to ensure your flowers reach you as requested.
  • IT and web hosting providers to manage and support our website and internal IT systems.

All processors are bound by contractual obligations to keep your data confidential and process it only in accordance with our instructions and the law. We do not sell your data to any third parties.

Transfer of Data

Your personal data is stored within the UK or European Economic Area (EEA), and we do not transfer your personal data internationally unless it is strictly necessary and our processors meet adequate levels of data protection as required by law.

Your Rights Under GDPR

As a customer, you have specific rights regarding your personal data. These include:

  • Right to Access: You may request a copy of your personal data that we hold.
  • Right to Rectification: You may request correction of any inaccurate or incomplete data.
  • Right to Erasure: In certain cases, you may request your personal data be deleted (“right to be forgotten”).
  • Right to Restriction: You may request us to restrict how we process your data in certain circumstances.
  • Right to Data Portability: You are entitled to receive your personal data in a structured, commonly used, and machine-readable format where technically feasible.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where consent forms the basis of processing, you have the right to withdraw it at any time.

These rights can be exercised by contacting us, and we will respond to your request as required by law.

Security Measures

We implement a variety of technical and organizational measures to safeguard your personal data, including secure storage, encryption, access controls, and staff training on data protection. However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee absolute security.

Changes to This Privacy Policy

We review and update this Privacy Policy regularly. Any significant changes will be communicated through our website or directly, where appropriate. Continued use of our services expresses acceptance of the updated policy.

Contact Information

If you wish to exercise your rights or have any concerns regarding your personal data, you may contact us using the details provided on our website. We will do our best to address your requests and resolve any concerns in accordance with applicable law.