Florist Brockley Privacy Policy

Introduction

This Privacy Policy outlines how Florist Brockley collects, uses, shares, and protects your personal data. This policy applies to all customers placing Florist Brockley orders in Brockley and surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring your information is secure.

What Data We Collect

When you place an order with Florist Brockley, we may collect the following personal data:

  • Identification information: Full name
  • Contact details: Delivery address, billing address, telephone number
  • Transaction information: Order details, purchase history, payment method (we do not store complete card numbers or bank details)
  • Recipient details: Name, address, and telephone number of the person receiving flowers
  • Communication records: Emails, online form submissions, or notes from phone conversations
  • Technical data: IP address, browser type, and other usage data collected via our website cookies (where applicable and with your consent)

We collect data directly from you when you place an order, contact us, or use our website, and indirectly through our payment providers and delivery partners.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis for all personal data processing. We process your data under the following bases:

  • Contract: To fulfil your flower order and deliver products as requested
  • Legal obligation: For accounting, tax, or legal compliance
  • Legitimate interests: To improve our services, respond to inquiries, and maintain business records
  • Consent: In instances where we use optional cookies or send marketing communications, we will always obtain your explicit consent

We never process your data for purposes incompatible with those described above.

How We Use Your Information

Your data is used for the following purposes:

  • Processing and delivering your orders
  • Communicating with you about orders or inquiries
  • Arranging delivery to specified recipients
  • Managing our accounts and records
  • Improving our website, products, and customer service
  • Complying with legal and regulatory requirements

We do not use your personal data for automated decision-making or profiling.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Order and transaction data is held for up to seven years to comply with tax and accounting requirements.
  • Communication records are kept for up to two years for customer service and quality assurance purposes.
  • Technical data is typically retained for up to one year or as specified in our cookie policy.

After retention periods expire, data is securely deleted or anonymised.

Disclosure and Data Processors

We may share some of your information with trusted third parties (data processors) necessary for providing our services. These include:

  • Payment processing providers to manage payment transactions
  • Delivery companies and couriers for fulfilling orders
  • IT service providers (e.g., web hosting, cloud storage, email services)
  • Accountants or regulators as required by law

All data processors are carefully selected to ensure they comply with GDPR, use your data only as instructed, and keep it secure. Personal data is not transferred outside the European Economic Area unless adequate safeguards are in place.

How We Protect Your Data

We use physical, technical, and organisational measures to secure your data from unauthorised access, loss, or misuse. Staff are trained to handle data securely, and data is only accessible to those who need it. We constantly review and update our protection practices in line with current standards.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to access – Request a copy of the personal data we hold about you
  • Right to rectification – Ask us to correct inaccurate or incomplete data
  • Right to erasure (right to be forgotten) – Request deletion of your data where appropriate
  • Right to restriction – Ask us to restrict our use of your data in certain circumstances
  • Right to data portability – Obtain personal data you have provided to us in a machine-readable format
  • Right to object – Object to our use of your data where we rely on legitimate interest or direct marketing
  • Right to withdraw consent – Withdraw consent at any time where we rely on your consent

To exercise your rights, you can contact Florist Brockley in writing with your request. We will respond within a month, unless the request is complex or numerous, in which case we will notify you if an extension is needed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. Any changes will be posted on our website, and significant changes may be communicated to you directly where possible. We encourage you to review this policy regularly so you are informed about how we protect your data.

Contact and Complaints

If you have any concerns or questions about how we handle your personal data, please contact Florist Brockley directly. You also have the right to lodge a complaint with your national data protection authority if you believe your data has been processed unlawfully.

This policy was last updated June 2024.