Privacy Policy for Flower Delivery Nine Elms Customers

Introduction

This Privacy Policy details how Flower Delivery Nine Elms collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders through Flower Delivery Nine Elms within Nine Elms and the surrounding districts. Please take the time to review this policy carefully to understand your rights and how we handle your information.

What Data We Collect

When you place an order with Flower Delivery Nine Elms or use our services, we collect the following categories of personal data:

  • Identity Information: Name, and, where applicable, company name.
  • Contact Details: Address, delivery address (which may differ from billing address), postcode, and geographic location relevant to Nine Elms and nearby areas.
  • Communication Data: Any correspondence you send us regarding your order or our services.
  • Order Information: Details of the products you purchase, messages to recipients (such as personal notes), and delivery preferences.
  • Payment Information: Payment details such as cardholder name and truncated card numbers, processed securely via third-party payment processors. We do not store full card numbers or CVV codes.
  • Technical Data: When you interact with our website, we may collect anonymised technical information such as IP address, browser type, and device information, primarily for analytics and security purposes.

Lawful Basis for Processing

The lawful bases under GDPR for our processing of your personal data are:

  • Performance of Contract: We process your personal data to perform our contractual obligations to you, such as fulfilling and delivering your order.
  • Legitimate Interests: We may use your information to improve our products and services, prevent fraud, and ensure the security of our operations, provided these interests are not overridden by your rights and interests.
  • Legal Obligations: We may process or retain certain data where required or permitted by law, for example, for tax or regulatory reasons.
  • Consent: Where required, we may seek your consent, such as to send you promotional communications. You have the right to withdraw consent at any time.

How We Use Your Information

Your personal data is used for the following purposes:

  • Processing and fulfilling your flower delivery orders
  • Delivering flowers and associated items to specified addresses
  • Managing your account, if created
  • Providing customer service and responding to your queries
  • Processing payments and preventing fraud
  • Meeting legal, regulatory, or tax obligations
  • Informing you about changes to our services or relevant policies
  • Improving our website and services, including carrying out analytics and market research (using anonymised or aggregated data where possible)

Data Retention

We retain your personal data only for as long as is necessary for the purpose for which it was collected, including for the fulfilment of your order, aftercare, resolution of disputes, and compliance with legal and regulatory requirements. Specifically:

  • Order and delivery information is typically retained for up to 7 years to comply with tax and accounting obligations.
  • Payment data is not retained by us, but by our secure payment processor, who retains it as necessary to facilitate payment and comply with financial regulations.
  • Where you consent to receive marketing communications, your contact details remain on file until you withdraw consent or request deletion.

Processors and Third Parties

To provide our services efficiently, we may share your information with trusted third-party data processors, strictly limited to those necessary to fulfil your order or support our business operations. These include:

  • Payment service providers to securely process transactions.
  • Delivery partners or couriers responsible for delivering your flowers or products.
  • IT service providers supporting our website, data storage, and communications infrastructure.

All processors are rigorously vetted and operate under contractual obligations in line with GDPR. They are only permitted to use your data as necessary to provide the contracted service, and are not allowed to use it for their own purposes.

Data Security

Flower Delivery Nine Elms employs appropriate technical and organisational measures to safeguard your personal data against loss, theft, unauthorised access, or disclosure. This includes secure servers, encryption, and restricted access to personal data within our operations. While we follow best practices, please be aware that no transmission over the internet or data storage system is guaranteed to be 100% secure.

Your Rights as a Data Subject

Under GDPR, you are entitled to exercise the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data, subject to our legal and contractual obligations to retain certain records.
  • Right to Restrict Processing: Under certain circumstances, you may ask us to restrict the processing of your data.
  • Right to Data Portability: You can request that your data be transferred to you or another service provider in a structured, commonly used format.
  • Right to Object: You may object to our processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us via our published contact methods on our website or in your order confirmation correspondence. We aim to respond promptly and within the time periods set out in the GDPR.

International Data Transfers

We store and process your data within the United Kingdom and the European Economic Area (EEA). If it is ever necessary to transfer your data outside these regions, we will ensure that appropriate safeguards are implemented in line with GDPR requirements to protect your privacy and rights.

Policy Updates

This Privacy Policy is reviewed regularly and may be updated to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

Contact and Complaints

If you have any questions about this Privacy Policy or your data rights, please reach out to us through our published contact methods. If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority under GDPR.