Flowers Byfleet Privacy Policy for Customers

Introduction

Flowers Byfleet is committed to protecting the privacy and security of our customers’ personal information. This Privacy Policy outlines how we collect, use, store, and share your data when you place an order with us. It also describes your rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders from Byfleet and the surrounding districts.

What Data We Collect

When you interact with Flowers Byfleet—for example, by placing an order or making an enquiry—we may collect and process the following categories of personal data:

  • Contact Details: Full name, delivery address, and telephone number.
  • Order Information: Details of your purchase, including flower selections, card messages, and delivery instructions.
  • Payment Details: Payment confirmation and transaction reference (note: we do not store your full payment card details).
  • Correspondence: Any communications you send to us (e.g., via online forms, written letters, or phone calls).
  • Website Usage Data: Anonymous usage statistics, such as how you use our site, which are collected via cookies and similar technologies.

Lawful Basis for Processing Data

Under GDPR, Flowers Byfleet relies on the following lawful bases to process your personal data:

  • Contractual Necessity: Most data processing is necessary for the performance of the contract when you place an order with us (e.g., delivering flowers to the right address).
  • Legal Obligation: We may process some data to comply with applicable legal obligations, such as tax reporting and accounting requirements.
  • Legitimate Interests: We may use your data to improve our services, ensure security, and resolve customer queries, provided these interests do not override your fundamental rights and freedoms.
  • Consent: In some cases, with your prior consent, we may send you marketing communications or promotional offers. You have the right to withdraw your consent at any time.

How We Use Your Personal Data

Your personal data is used for the following purposes:

  • To process, fulfill, and deliver your orders.
  • To contact you regarding your order or to respond to your queries.
  • To maintain business records required by law, including for accounting and tax purposes.
  • To improve our services by analyzing usage and feedback anonymously.
  • To send you marketing information (only if you have provided explicit consent).

How We Store and Protect Your Data

We take data protection seriously and implement appropriate organizational and technical measures to safeguard your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Access to your personal data is restricted to only those employees, agents, contractors, or processors who need it for legitimate business purposes and are bound by confidentiality obligations.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Typically, customer order data is stored for up to six years from the order date to meet our legal, tax, and contractual obligations. After this period, data is securely deleted or anonymized.

Data Processors and Third Parties

Flowers Byfleet may use reputable third-party service providers (data processors) to help deliver our products and services. Examples include:

  • Payment processing companies for secure payment transactions
  • Delivery partners to ensure your flowers reach you on time
  • Website hosting and IT support providers

All data processors are vetted to ensure GDPR compliance and are only permitted to process your personal data according to our instructions. We do not sell, rent, or otherwise share your personal data with third parties for their own marketing purposes.

Your Rights Under GDPR

As a resident of the UK or EU, you have several rights concerning your personal data:

  • Right to Access: You may request details about the personal data we hold about you.
  • Right to Rectification: You can request corrections to any inaccurate or incomplete data.
  • Right to Erasure: You may ask for your personal data to be deleted where legally permissible.
  • Right to Restrict Processing: Under certain circumstances, you can request us to restrict the processing of your data.
  • Right to Data Portability: You can request that personal data you have provided to us be transferred to another organization or directly to you.
  • Right to Object: You may object to the processing of your personal data in some circumstances, such as for direct marketing.
  • Right to Withdraw Consent: Where we process your data based on your consent, you may withdraw that consent at any time.

If you wish to exercise any of your rights, please contact us using the contact details provided on our website or by written correspondence. To protect your privacy, we may need to verify your identity before fulfilling your request.

Children's Privacy

We do not knowingly collect or process data from individuals under the age of 16 without parental consent. If you believe we have inadvertently collected such information, please let us know so that we can delete it.

Changes to This Policy

Flowers Byfleet may update this Privacy Policy from time to time. Any changes will be posted on our website, and where appropriate, we will notify you of significant changes. We encourage all customers to review this policy regularly to stay informed about how we are protecting your data.

Contact and Complaints

If you have concerns about how we handle your personal data or wish to make a complaint, you may contact us using the details on our website. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority if you believe your data protection rights have been violated.

This Privacy Policy was last updated in June 2024 and applies to all customers placing orders with Flowers Byfleet from Byfleet and the surrounding districts.