Privacy Policy for Florist New Barnet Customers

Introduction

Florist New Barnet respects your right to privacy and is committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, store, and protect the personal information of all customers placing orders with Florist New Barnet from New Barnet and surrounding districts. Our practices comply with the UK General Data Protection Regulation (GDPR). Please read this policy carefully to understand your rights and how we manage your information.

What Personal Data We Collect

We collect personal data when you place an order, interact with us, or use our services. The types of information we collect include:

  • Contact Information: Name, billing address, delivery address, telephone numbers (if provided), and, where applicable, email address.
  • Order Details: Product selection, personal messages for delivery, and preferences.
  • Payment Information: Limited payment details necessary to process your order (we do not store full card details as payments are processed through third-party providers).
  • Correspondence: Records of your communications with us, including feedback or queries.
  • Marketing Preferences: Your preferences if you choose to receive marketing communications from us.

Lawful Basis for Processing

Florist New Barnet processes your personal data only when there is a lawful basis to do so under the GDPR. The principal legal bases we rely upon include:

  • Contractual Necessity: Processing necessary to fulfil your order and deliver products/services you have requested.
  • Legal Compliance: Processing required to fulfil legal or regulatory obligations.
  • Legitimate Interests: For purposes such as improving our services, preventing fraud, and administering our business, unless your rights and interests override these.
  • Consent: Where we send marketing communications or process data for optional services, we rely on your explicit consent. You may withdraw your consent at any time.

How We Use Your Personal Data

Your information is used for the following purposes:

  • To process orders, arrange delivery, and provide the products and services requested.
  • To communicate order confirmations, processing updates, and delivery details.
  • To handle enquiries, resolve complaints, and provide customer support.
  • To improve our services and customer experience through internal analysis.
  • To meet legal, regulatory, or contractual requirements.
  • If you opt-in, to send you relevant offers and information about our products or services.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, and to meet our legal and regulatory obligations. Generally:

  • Order and transaction data are retained for up to seven years for accounting and tax purposes.
  • Customer correspondence is usually kept for up to two years.
  • Marketing preferences will be stored until you opt-out or request deletion.

At the end of the retention period or upon your valid request, your data is securely deleted or anonymised.

Data Processors and Third Parties

We may share your personal data with selected third parties (data processors) that help us provide our services, such as:

  • Payment Processors: To handle secure card transactions.
  • Courier or Delivery Services: To deliver your order to the requested address.
  • IT Service Providers: For website hosting, data management, and communication services.

All third parties are contractually required to process your information securely and only in accordance with our instructions. They must not use your data for their own purposes.

Security of Your Personal Data

We implement suitable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted payments, secure storage systems, role-based access controls, and staff training. In the unlikely event of a data breach, we will follow all legal requirements regarding notification and remediation.

Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request information about the personal data we hold about you and how we process it.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you may request the deletion of your data (‘right to be forgotten’).
  • Right to Restrict Processing: You can ask us to limit the way we use your data under certain conditions.
  • Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where we process data based on your consent, you may withdraw this at any time.

To exercise your rights, please contact us through the communication channels provided in our customer correspondence or on our website. We will respond to legitimate requests within one month and, where legally permitted, there is no charge for most requests.

Children’s Privacy

Our services are not intended for use by anyone under the age of 18. We do not knowingly collect or process personal data from children.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law or our data protection practices. Any changes will be posted on our website, and we recommend checking this page periodically.

Contact and Complaints

If you have any questions about this Privacy Policy, our data practices, or if you wish to make a complaint regarding how your personal data has been processed, please contact us through the contact details provided in our customer communications or on our official website. If you remain unsatisfied, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.