Flowers Harrow on the Hill Privacy Policy

Privacy Policy for Flowers Harrow on the Hill Customers

This Privacy Policy details how Flowers Harrow on the Hill processes, stores, and protects your personal data when you place an order with us. We take your privacy seriously and manage your information in accordance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers ordering Flowers Harrow on the Hill products in Harrow on the Hill and surrounding districts.

What Personal Data We Collect

When you place an order or interact with our business, we may collect the following categories of data:

  • Identity Data: Your name, delivery recipient's name.
  • Contact Data: Delivery address, billing address, postcode.
  • Order Information: Details of flowers or products ordered, delivery instructions, card message details, order history.
  • Payment Data: Payment method information (e.g., last four digits of card, but not your full payment card details – full details are processed via our secure payment processor).
  • Communication Data: Correspondence with us regarding orders, enquiries, complaints, or feedback.
  • Technical Data: Where you use our website and its features, we may collect IP address, browser type, device information, and cookies (see our cookie policy).

Lawful Basis for Processing

We only use your personal data when we have a lawful basis to do so under GDPR. These include:

  • Contractual Necessity: To process your flower order, arrange delivery, and communicate regarding your purchase.
  • Legal Obligations: To meet requirements set by law, for example, maintaining transaction records for tax purposes.
  • Legitimate Interests: To improve our services, handle enquiries, resolve issues, or send updates concerning your order (we rely on legitimate interest only where your rights and freedoms are not overridden).
  • Consent: For direct marketing, such as sending you special offers or news about Flowers Harrow on the Hill – we only do this if you have given clear consent, which you can withdraw at any time.

How We Use Your Data

Your personal data is used to:

  • Processing and fulfilling flower orders and related requests
  • Arranging secure payment collection
  • Delivering products to specified addresses in Harrow on the Hill and surrounding districts
  • Responding to queries or complaints
  • Retaining records for transaction and accounting purposes
  • Improving our products, customer experience, systems, and security
  • Where agreed, sending marketing offers or seasonal updates

Sharing and Processors

We may share your personal data with trusted third parties to enable the fulfilment of our services. Examples include:

  • Payment Processors: Secure providers who process your payment details on our behalf. We do not store full payment card details ourselves.
  • Delivery Partners: Couriers or trusted delivery drivers responsible for delivering orders to your nominated address.
  • IT Service Providers: Companies providing website hosting, database management, or secure data storage solutions.
  • Professional Advisors: Accountants or auditors, only where necessary for legal or regulatory purposes.

All third party providers are subject to appropriate confidentiality and security obligations and only use your personal data in line with their contract with us and UK data protection law.

Data Retention

We retain your personal data only as long as necessary for the purposes set out above, including for fulfilling your order, dealing with any queries, and meeting legal, accounting, or reporting requirements. Our typical data retention periods are as follows:

  • Order and Transaction Data: Kept for up to 7 years to comply with UK tax and accounting regulations.
  • Direct Marketing Data: Retained only while you have consented; removed as soon as you withdraw your consent.
  • Customer Correspondence: Retained for up to 3 years after resolution of your enquiry or complaint.
  • Technical and Cookie Data: Refer to our separate cookie policy for details on retention.

After these periods, your data is securely deleted or anonymised so it can no longer be associated with you.

Your Rights Under GDPR

As a customer, you have the following rights relating to your personal data under GDPR:

  • Right to Access: You can request a copy of personal data we hold about you.
  • Right to Rectification: You can ask us to correct or update any inaccurate data.
  • Right to Erasure: You may request the deletion of data where applicable (subject to legal retention requirements).
  • Right to Restrict Processing: You can ask us to limit how we use your data, in certain circumstances.
  • Right to Data Portability: You can request a copy of certain data in a commonly used, machine-readable format.
  • Right to Object: You can object to processing for direct marketing or where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on your consent (e.g., for marketing), you can withdraw this at any time.
  • Right to Lodge a Complaint: You have the right to complain to the Information Commissioner's Office (ICO) if you believe your data is not being handled lawfully.

If you wish to exercise any of these rights, please contact us using the methods available on our website or in writing at our business premises.

Data Security

We are committed to keeping your data secure. We use appropriate technical and organisational measures to safeguard your personal data from accidental loss, unauthorised access, alteration, or disclosure. This includes restricted access, encrypted storage for electronic data, locked storage for paper records, and staff training. When using third-party processors, we ensure they comply with stringent security standards.

International Transfers

All customer data is stored and processed within the UK or European Economic Area (EEA). If we ever need to transfer data outside these zones, we will ensure equivalent levels of data protection and inform you beforehand.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law or our practices. The date of the most recent revision will always be noted at the end. We encourage you to review this policy regularly.

Last updated: June 2024