Flowers Shepperton Privacy Policy

Privacy Policy Overview

This Privacy Policy outlines how Flowers Shepperton collects, uses, processes, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). The policy applies to all individuals placing orders with Flowers Shepperton, covering Shepperton and the surrounding districts.

What Data We Collect

To provide our floral delivery services and process orders efficiently, Flowers Shepperton may collect the following categories of personal data from customers:

  • Identification Data: Your name and, if applicable, the name of the recipient.
  • Contact Data: Address for delivery, contact telephone number, and any written notes for order fulfillment.
  • Transactional Data: Information about the products or services you purchase, as well as purchase dates.
  • Payment Data: Limited payment information (e.g., transaction confirmation) as processed through third-party payment providers. Flowers Shepperton does not store full payment card details.
  • Communication Data: Records of any correspondence and communication regarding your order or inquiries.

We do not collect special categories of personal data (such as health or biometric data) unless it is essential for order fulfillment and you have provided explicit consent.

Lawful Basis for Processing

Flowers Shepperton only processes your personal data where there is a lawful basis to do so according to GDPR. These include:

  • Contractual Necessity: Most data collected is required to fulfill your floral order and deliver items to the correct recipient.
  • Legal Obligations: Certain data may be retained as required by tax, accounting, or other relevant laws.
  • Legitimate Interests: We may use personal data to improve our services, respond to your inquiries, and prevent fraud. Such processing is balanced against your privacy rights and interests.
  • Consent: For any non-essential processing (such as marketing communications) your explicit consent will be sought. You may withdraw consent at any time.

How We Use Your Data

Your personal data is used for a variety of purposes, including:

  • Processing and delivering your flower orders.
  • Maintaining accurate records of transactions and communications.
  • Handling your enquiries and providing customer support.
  • Complying with any applicable legal or regulatory requirements.

Data Retention Period

Flowers Shepperton only retains your personal data for as long as is strictly necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. Specifically:

  • Order and transaction data are retained for up to seven years in line with applicable legal requirements (such as tax regulations).
  • Contact and communication data are generally retained for two years following your last interaction with us, unless you request its deletion sooner, and provided there is no ongoing dispute or legal requirement.
  • Data used for marketing is retained until you withdraw consent or unsubscribe from communications.

At the end of the retention periods, your data is securely deleted or anonymised so it cannot be linked back to you.

Processors and Data Sharing

Flowers Shepperton may engage third-party service providers (data processors) to facilitate the provision of services. These may include payment processors, IT service providers, and delivery partners. All processors are contractually obligated to handle your data securely and only as instructed by Flowers Shepperton.

Your data will not be sold, rented, or disclosed to unauthorised third parties. Additionally, your data is not transferred outside the UK or European Economic Area unless adequate safeguards are in place to protect your privacy rights as specified by GDPR.

Your Rights under GDPR

As a customer of Flowers Shepperton, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right of Rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right of Erasure: You may, in certain circumstances, request that your data be erased (the "right to be forgotten").
  • Right to Restrict Processing: You may request that we restrict the processing of your data under specific conditions.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format for transfer to another provider.
  • Right to Object: You may object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where we process data based on your consent, you have the right to withdraw this consent at any time.

Requests to exercise any of these rights will be responded to in accordance with applicable regulations and timeframes. Please note that certain rights may be limited depending on our legal obligations or the necessity of processing for contract performance.

Data Security

We are committed to maintaining the security of your personal data. Physical, technical, and organisational measures are in place to prevent loss, misuse, unauthorised access, disclosure, or modification of your data. We regularly review our security practices to ensure continual improvement and compliance with applicable standards.

Changes to This Policy

Flowers Shepperton may update this Privacy Policy from time to time to reflect changes in legal requirements or our business practices. Any significant changes will be communicated to you as appropriate. We encourage you to review this policy periodically for updates.

Contact and Questions

If you have any questions regarding this policy or your personal data, please contact us using the methods provided on our website. We are committed to responding promptly and transparently to all privacy-related inquiries.