Florist South Croydon GDPR Privacy Policy

Privacy Policy Overview

This Privacy Policy details how Florist South Croydon ('we', 'us', 'our') collects, stores, and processes personal data when you place an order with us from South Croydon and surrounding districts. We are dedicated to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. Please review this policy to understand how your personal information is handled.

Scope of This Policy

This policy applies to all natural persons ('you', 'your') placing orders for floral arrangements and related products or services through Florist South Croydon, whether directly via our website, by telephone, or in person. It covers customers located in South Croydon and surrounding districts.

What Data We Collect

When you place an order, communicate with us, or interact with our website, we collect and process the following categories of personal data:

  • Identity and Contact Data: Your full name, delivery address, billing address, postcode, contact phone numbers, and any other information necessary for delivery and billing purposes.
  • Order Details: Products or services ordered, delivery instructions, personal messages attached to orders.
  • Payment Information: Details you provide for payment purposes. Please note, we do not store full cardholder data; only information necessary to process payments via secure third-party payment processors.
  • Correspondence: Records of communications sent between you and Florist South Croydon, including any queries, complaints, or feedback.
  • Website Usage Data: When you visit our website, technical information such as IP address, browser type, time zone, page views, and related metadata may be collected via cookies or analytics tools, always collected and used in compliance with applicable regulations.

Lawful Basis for Processing

We process your personal data only where there is a lawful basis under the GDPR. Our main purposes and legal bases are:

  • Contractual Necessity: To fulfil our contract with you, such as processing and delivering your order, responding to your inquiries, and managing payments.
  • Legal Compliance: To comply with legal obligations, for example, keeping financial records required by law.
  • Legitimate Interests: To improve our products and services, ensure the security of our website and operations, and market to existing customers, always balancing our interests with your rights.
  • Consent: Where consent is required, such as for marketing communications sent by electronic means, we will request your permission and you may withdraw it at any time.

How We Use Your Information

Your information is used exclusively for the purposes outlined above, including:

  • Processing and delivering your orders correctly and efficiently
  • Communicating with you regarding your order or our services
  • Responding to your queries, complaints, or feedback
  • Complying with applicable legal and financial obligations
  • Conducting basic analytics to improve our products and customer service (with de-identification/anonymisation where possible)
  • Sending marketing information, only where you have opted in

Retention of Your Data

We retain your personal data only for as long as necessary to fulfil the delivery of your order and to meet our regulatory and legal obligations. The specific retention periods depend on the type and purpose of the data, for example:

  • Order and transaction records: Typically retained for seven years for accounting and tax compliance
  • Correspondence and feedback: Retained for up to two years after resolution
  • Marketing data: Retained until you withdraw consent or unsubscribe
  • Website analytics data: Retained as per cookie and analytics policy, with aggregated and anonymised data used for longer periods

Once the retention period expires, your data is securely deleted or anonymised.

Data Processors

To deliver our services, we use trusted third-party processors who help us operate our business. These include:

  • Payment Processors: Secure providers who process payments on our behalf, ensuring your card details are handled in accordance with PCI DSS and data protection standards.
  • IT Service Providers: Companies providing hosting, IT maintenance, support, and website analytics. All providers are vetted for GDPR compliance.
  • Delivery Partners: Where applicable, delivery service providers who receive essential delivery details to complete your order.

We ensure that all processors are bound by contractual agreements to protect your data, process it only on our instructions, and in accordance with the law.

Security Measures

Your personal data is handled securely using a combination of physical, electronic, and managerial procedures to safeguard it from unauthorised access, accidental loss, alteration, or disclosure. Staff are trained on data protection, and access to your information is limited to personnel who need it to do their job.

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

  • Right to Access: You may request details of the personal data we hold and process about you.
  • Right to Rectification: You may request the correction of inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your data where there is no legal or contractual reason for us to retain it.
  • Right to Restrict Processing: You may request that we restrict processing in certain circumstances.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing.
  • Right to Data Portability: You may request a copy of your data in a commonly used format and, if feasible, instruct us to transfer it to another provider.
  • Right to Withdraw Consent: You may withdraw consent at any time, where processing is based on consent (e.g., for marketing).

To exercise any of these rights, please contact us using the details on our website or by visiting our premises. We respond to all legitimate requests within one month and may require verification of your identity.

Changes to This Policy

We review and update this policy periodically to reflect changes in our practices, legal requirements, or customer feedback. The most current version is always available at our business premises and on our website. We encourage you to review it regularly.

Contact and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or the handling of your personal data, please get in touch with us via the contact details provided on our website or in-store. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are dissatisfied with how we handle your data.