Privacy Policy for Orders with Flower Delivery Byfleet

Introduction

This Privacy Policy explains how Flower Delivery Byfleet collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders for flower deliveries within Byfleet and the surrounding districts. We are committed to safeguarding your privacy and ensuring transparency in how your information is handled.

What Data We Collect

When you place an order or contact Flower Delivery Byfleet, we may collect the following types of personal data:

  • Contact information: Name, delivery address, telephone number, and other relevant contact details necessary to fulfil your order.
  • Order information: Details of your flower purchase, specific delivery instructions, recipient details, and order history.
  • Payment information: Card or banking information for processing payments (note: payment data may be processed securely by third-party payment processors).
  • Communication data: Records of your communications with us, including queries, feedback, or complaints.
  • Technical information: IP address, browser type, and cookies, collected for website analytics, security, and performance optimization.

Lawful Basis for Processing Your Data

Under the GDPR, we process your personal data based on one or more of the following lawful bases:

  • Contractual Necessity: To fulfil the contract when you place an order with us, such as processing and delivering your flowers to the requested address.
  • Legal Obligations: To meet our obligations under UK law, such as tax or accounting regulations.
  • Legitimate Interests: To enhance customer experience, improve our service delivery, and maintain the security of our systems, providing these interests do not override your privacy rights.
  • Consent: For any processing that is not covered by the above bases, such as sending marketing communications, we will seek your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your data is used to provide and improve our flower delivery services, including:

  • Processing and fulfilling your order efficiently and accurately
  • Communicating with you about your purchase, deliveries, or customer support requests
  • Managing orders and keeping internal records for audit and business continuity
  • Complying with applicable laws and regulations
  • Enhancing our website experience and security through analytics

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law. Typically, we hold order and contact information for up to six years after your last transaction to comply with legal and tax obligations. After this period, your data will be securely deleted or anonymized. If you withdraw your consent for data processing where consent is the basis, we will stop processing and delete the relevant data, unless retention is required by law.

Processors and Data Sharing

Your information may be shared with trusted third-party service providers ("processors") who assist in delivering our services. These include:

  • Payment processors: Handling secure transactions for your orders. We do not retain full payment card details in our systems; these are processed by recognized payment gateways in compliance with industry standards.
  • Delivery partners: Local courier services or florists involved in fulfilling your order to the correct address.
  • Technology providers: Supporting our website and IT infrastructure to ensure stability and security.

All processors are contractually required to act only on our instructions, protect your data, and refrain from using your information for any unauthorised purpose. We will never sell or rent your personal data to third parties.

Your Data Protection Rights

As a customer, you have the following rights under the GDPR:

  • The right to be informed: You have the right to clear information about how your data is used.
  • The right of access: You may request a copy of any personal data we hold about you.
  • The right to rectification: You can ask us to correct or update inaccurate personal data.
  • The right to erasure: You have the right to have your personal data deleted, subject to legal obligations that require us to retain certain records.
  • The right to restrict processing: You can request that we temporarily suspend processing of your data if you believe it is incorrect or being used unlawfully.
  • The right to data portability: In certain circumstances, you can request to receive your data in a portable format.
  • The right to object: You can object to the processing of your data for direct marketing or based on our legitimate interests.
  • Rights related to automated decision-making: We do not make automated decisions that have legal or significant effects on you, but you have rights in relation to such processing if it occurs.

Data Security

We take all reasonable measures to ensure your personal data is protected against unauthorized access, alteration, disclosure, or destruction. Technical and organisational safeguards include secure servers, encryption of sensitive data, limited access for authorised personnel, and staff training on data protection obligations.

International Data Transfers

We aim to keep your data within the United Kingdom or the European Economic Area. If your data is transferred outside these regions, we ensure appropriate safeguards, such as contractual obligations, to uphold data protection standards as required by GDPR.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be accessible through our website. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Contact and Concerns

If you have questions or concerns about this Privacy Policy or your personal data, please contact us through our standard customer support channels. You may also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your rights have not been respected.