Chislehurst Flowers Privacy Policy

Introduction

This Privacy Policy describes how Chislehurst Flowers ("we", "us", or "our") collects, uses, stores, and protects your personal data. The policy applies to all customers placing orders with Chislehurst Flowers in Chislehurst and the surrounding districts. We are committed to safeguarding your personal information and respecting your privacy rights in line with the General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order or interact with Chislehurst Flowers, we collect and process certain types of personal data. This information may include:

  • Identity Data: Your name and, where necessary, the name of the recipient.
  • Contact Data: Address, telephone number, and other relevant delivery details.
  • Order Data: Details of products and services you purchase, order notes, and any special delivery instructions.
  • Payment Data: While we do not store your full card details, we may collect payment method information for processing your transactions securely.
  • Communications: Records of your correspondence and feedback, including queries and complaints.

We do not collect sensitive categories of data such as health, race, or religious information.

Lawful Basis for Processing Your Data

Under GDPR, we must have a lawful reason to use your personal data. We rely on the following legal bases:

  • Contractual Necessity: Processing is essential for completing your orders, arranging deliveries, or taking steps before entering into a contract with you.
  • Legal Obligation: We may process your data to comply with UK laws linked to accounting, taxation, or other statutory requirements.
  • Legitimate Interests: We may process your data for certain legitimate business interests, such as improving our services, maintaining customer records, or handling enquiries, provided these interests are not overridden by your rights.
  • Consent: On rare occasions, we may seek your explicit consent to use your data (e.g., for marketing). Where consent is given, you have the right to withdraw it at any time.

How We Use Your Data

Your personal data is used strictly for the following purposes:

  • To process, confirm, and deliver your flower orders.
  • To communicate with you about your order or respond to your requests.
  • To manage your preferences and improve our products and services.
  • For bookkeeping, regulatory compliance, and internal record keeping.

How Long We Retain Your Data

We will retain your personal data only for as long as is necessary for the purposes for which it was collected, including fulfilling our contractual or legal obligations. Typically, we keep:

  • Order and transaction records for up to 7 years, in accordance with accounting and tax regulations.
  • Contact and delivery data for up to 2 years following your last order, to facilitate future bookings unless otherwise requested.

After these periods, your personal data is securely deleted or anonymised so it can no longer be associated with you.

Our Data Processors

We utilise trusted third-party services (known as "processors") to support our operations:

  • Payment Processors: Securely handle your financial transactions online and do not provide us with your full payment details beyond what is necessary for confirmation.
  • IT & Cloud Providers: Assist in hosting our order and communication systems and ensure data is protected by appropriate security measures.
  • Delivery Partners: Will be provided with necessary contact and delivery details for fulfillment of your order within Chislehurst and the surrounding districts.

All processors are contracted to only use your data for the purposes specified by us and in line with this Privacy Policy. We do not sell, rent, or trade your information to unauthorised third parties.

International Data Transfers

Your information is generally processed and stored in the UK. If, in rare instances, data is transferred or stored outside the UK or European Economic Area, we will ensure that adequate safeguards are in place to protect your data and ensure it is treated securely.

Data Security

We implement appropriate technical and organisational measures to prevent accidental loss, destruction or damage to your data and to protect it from unauthorised access. These include data encryption, secured servers, access controls, and staff training in data protection principles.

Your Data Protection Rights

As a customer, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of your personal data held by us.
  • Right to Rectification: You may ask us to correct any incomplete or inaccurate information we hold.
  • Right to Erasure: In certain circumstances, you can request the deletion of your data (also known as the 'right to be forgotten').
  • Right to Restrict Processing: You can ask us to restrict the processing of your data in certain situations.
  • Right to Object: You have the right to object to our processing of your data based on legitimate interests.
  • Right to Data Portability: You can request that we provide your data to you or another service provider in a commonly used, machine-readable format.

If you wish to exercise any of these rights, please contact us through the details provided on our website. We will respond to your request as required by law and within applicable deadlines.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. The latest version will always be available on our website, and we encourage you to review it periodically.

Contact and Further Information

If you have any questions about this Privacy Policy or your personal data at Chislehurst Flowers, please use the contact methods provided on our official website. We are committed to addressing your privacy concerns and ensuring your rights are respected.