Flowers Keston Customer Privacy Policy

Introduction

This Privacy Policy outlines how Flowers Keston collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). It applies to all individuals placing orders with Flowers Keston from Keston and neighbouring districts, whether over the phone, online, or in person. We are committed to protecting your privacy and ensuring transparency regarding how your information is handled.

What Data We Collect

When you place an order with Flowers Keston, we may collect the following types of personal data:

  • Contact Details: Your name, address, delivery address, and phone number.
  • Order Information: Details of your flower order(s), card messages, special instructions, and preferences.
  • Payment Information: Payment method and transaction details (we do not store full credit/debit card details, only payment confirmations as required by our payment processor).
  • Communication Records: Correspondence via phone, written notes, or through our website.
  • Technical Information: When using our website: IP address, browser type, and cookies, as applicable.

We do not intentionally collect sensitive personal data unless it is essential for fulfilling your order and with your explicit consent.

Lawful Basis for Processing Your Data

Flowers Keston processes your personal data only when there is a lawful basis to do so. Our primary lawful bases include:

  • Contractual Necessity: To process and deliver your order, handle payments, and provide customer support as required by our contract with you as a customer.
  • Legal Obligation: To comply with accounting, tax, and regulatory requirements related to business transactions.
  • Legitimate Interests: To improve our services, ensure the security of our operations, protect against fraud, and communicate with you about your order or inquiries.
  • Consent: For marketing communications, where you have given explicit permission.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your flower order, including arranging delivery to the designated recipient.
  • Communicating with you about your order, including order confirmation, updates, and customer service responses.
  • Processing payments securely through our selected payment processor.
  • Maintaining a record of transactions to comply with financial and legal obligations.
  • Improving and personalizing your service experience.

Data Retention

Flowers Keston retains your personal data only for as long as necessary to fulfill the purposes outlined in this Policy and to satisfy legal, accounting, or reporting requirements. Typically, order information and communication records are retained for a period of seven years in line with statutory financial retention periods. After this period, your data will either be securely deleted or anonymized so that it can no longer be associated with you.

Data Processors

To deliver our services efficiently, Flowers Keston engages trusted third-party service providers who process data on our behalf. These processors may include:

  • Payment Service Providers: For processing card and electronic payments securely.
  • Delivery Partners: To facilitate order delivery to your chosen address.
  • IT Service Providers: For website hosting, system support, and data backup.

All third-party processors are contractually obliged to process your data according to GDPR requirements, follow our instructions, and implement appropriate measures to keep your data secure.

Security of Your Personal Data

Flowers Keston takes the security of your information seriously. We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include access controls, secure storage, and staff training on data protection responsibilities.

User Rights under GDPR

Under the GDPR, you as a data subject have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete information.
  • Right to Erasure: In certain circumstances, you may request that we delete your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: You can ask us to limit how we use your data in certain cases.
  • Right to Object: You may object to processing based on legitimate interests.
  • Right to Data Portability: Where applicable, you can request that we transfer your data to you or another service provider in a usable format.
  • Right to Withdraw Consent: If processing is based on your consent (e.g., marketing emails), you have the right to withdraw that consent at any time.

Exercising Your Rights

If you wish to exercise any of these rights, please contact us using the details provided when placing your order or through our website. We may require verification of your identity before fulfilling your request. We aim to respond to all legitimate requests within one month, though this may be extended if your request is particularly complex or numerous.

Updates to This Policy

This Privacy Policy may be updated as necessary to reflect changes in our data practices or changes in applicable laws. We encourage you to review this Policy periodically to stay informed about how we protect your personal information.

Contact and Further Information

If you have any questions or concerns about this Privacy Policy or how your personal data is handled by Flowers Keston, please contact us using the details provided when you placed your order or through our official website correspondence forms. We are committed to addressing and resolving any privacy concerns promptly and transparently.