Flower Delivery Harold Park Privacy Policy

Introduction

This Privacy Policy outlines how Flower Delivery Harold Park (hereafter referred to as “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you place a flower delivery order from Harold Park or the surrounding districts. We are committed to ensuring your privacy is respected and your data handled in accordance with the UK General Data Protection Regulation (GDPR).

Who This Policy Applies To

This policy applies to all customers ("you" or "your") who place orders with Flower Delivery Harold Park for delivery to Harold Park and the surrounding areas. By using our services, you agree to the collection and use of your personal data as set out in this policy.

What Personal Data We Collect

We collect the following types of personal data when you place an order or interact with us:

  • Identity Data: Full name
  • Contact Data: Delivery address, phone number, and relevant contact details
  • Order Details: Products ordered, delivery instructions, recipient information (if different from the customer)
  • Payment Data: Payment method, transaction records, and billing address (Please note: we do not store full payment card information; this is processed securely by our payment processors)
  • Account Data: Customer account information if you register an account with us
  • Correspondence: Records of communications with our support team, feedback, or complaints
  • Technical Data: IP address, browser type, and operating system, collected automatically through our website for security and analytical purposes

Lawful Basis for Processing Personal Data

We are permitted to process your personal data under several lawful bases as outlined by GDPR:

  • Contractual Necessity: To process and deliver your flower order, and fulfil our obligations under the contract with you
  • Legal Obligation: To comply with applicable laws, regulations, and statutory requirements
  • Legitimate Interests: To manage and improve our services, prevent fraud, and handle enquiries, provided these interests are not overridden by your data protection rights
  • Consent: Where required, such as for promotional communications or optional surveys, we seek your explicit consent, which you can withdraw at any time

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Processing and delivering your flower orders, including communicating with you about your order
  • Managing customer accounts and providing customer support
  • Handling payments and refunds securely
  • Complying with legal obligations, such as tax and accounting requirements
  • Improving our products, services, and website experience
  • Sending you service updates or, when you consent, promotional messages
  • Protecting against fraudulent transactions and ensuring the security of our website

Who Processes Your Data

We sometimes share your personal data with trusted third parties to help us provide and improve our services:

  • Payment Processors: To securely handle payment transactions (we do not store full card details ourselves)
  • Delivery Partners: To deliver your flower order to you or your intended recipient
  • IT Service Providers: To host our website, manage databases, and ensure IT security
  • Professional Advisors: Such as accountants or legal advisers, where necessary for compliance

All data processors are required to process your data securely and only on our instructions, in line with GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with our legal, accounting, or reporting obligations. Typically, we will keep order and transaction data for up to seven years, as required by law. If you have created an account, your account information will be retained until you request deletion or your account becomes inactive. Communications and feedback may be retained for up to two years following your last interaction. When your data is no longer required, we will securely delete or anonymise it.

Your Rights

Under GDPR, you have the following rights concerning your personal data:

  • Right of Access: To request a copy of the personal data we hold about you
  • Right to Rectification: To have any incomplete or inaccurate data corrected
  • Right to Erasure: To request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: To request we limit how we use your data
  • Right to Data Portability: To receive your data in a structured, commonly used format for transfer to another provider
  • Right to Object: To object to our processing of your data, especially regarding direct marketing
  • Right to Withdraw Consent: To withdraw consent for any processing based on consent
  • Right to Lodge a Complaint: To complain to the UK’s Information Commissioner’s Office if you believe your rights have been infringed

To exercise any of these rights, please contact us via the methods listed on our website.

How We Protect Your Data

We implement robust physical, technical, and administrative measures to protect your personal data from loss, theft, misuse, and unauthorised access. These include secure servers, up-to-date software, access controls, and regular staff training on data protection. All third-party processors are required to have appropriate security arrangements in place when handling your data.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes to our practices or due to legal or regulatory reasons. When we make changes, we will revise the "last updated" date and, where appropriate, notify you of any significant changes. Please review this policy periodically to stay informed about how we process and protect your data.

Contacting Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please get in touch with us using the contact details provided on our website.

Last updated: June 2024.