Your Privacy at Yiewsley Florist: Data Principles and Your Rights

Privacy Policy for Yiewsley Florist Customers

This Privacy Policy explains how Yiewsley Florist ('we', 'us', 'our') collects, uses, stores, and protects your personal data when you place orders as a customer from Yiewsley and surrounding districts. We are committed to protecting your privacy and complying fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to provide you with clear and transparent information regarding your rights and our responsibilities.

What Data We Collect

When you place an order with Yiewsley Florist or contact us regarding our services, we may collect and process the following types of information:

  • Identity and Contact Information: Your name, address, telephone number, and (if supplied) email address.
  • Order Details: Information about your floral order, including delivery recipient name, recipient address, contact details, and any personalized messages or instructions.
  • Payment Information: Payment confirmation (such as transaction reference numbers). We do not store full credit or debit card details.
  • Technical Data: Your IP address and other information collected through your interactions with our website, such as browser type and device information.
  • Marketing Preferences: Your preferences if you choose to receive marketing communications from us.

Lawful Basis for Processing Your Data

We only process your personal data when we have a lawful basis to do so. The primary lawful bases we rely on are:

  • Contractual Necessity: To process, fulfill, and deliver your orders and provide customer service. This is necessary for the performance of our contract with you.
  • Legal Obligation: To comply with relevant tax and accounting laws and regulatory requirements.
  • Legitimate Interest: For our business interests, such as improving our services, preventing fraud, and ensuring network and information security, provided your rights do not override such interests.
  • Consent: Where you have specifically opted in, for sending you marketing communications or placing certain cookies on your device.

How We Use Your Data

Your data is used for the following purposes:

  • Processing and delivering your floral orders.
  • Contacting you about your order, including clarification, updates, or issues.
  • Arranging delivery to the correct recipient and managing any specific delivery instructions.
  • Operating, maintaining, and improving our website and customer service.
  • Complying with our legal or regulatory responsibilities.
  • Sending you marketing materials (where you have consented).

Data Retention

We will retain your personal data only for as long as is necessary for the purposes for which it was collected, as required by law, or as necessary to resolve disputes or enforce agreements. Specifically:

  • Order and Payment Records: Retained for up to six years to comply with tax and accounting regulations.
  • Marketing Data: Retained until you withdraw consent or request removal.
  • Operational Records: Retained as required to manage business processes and customer enquiries, typically no longer than two years unless further retention is necessary for compliance or dispute resolution.

Data Processors and Third Parties

Yiewsley Florist uses trusted third parties (‘processors’) to support our operations. Such third parties may only process your data on our instructions and in accordance with appropriate data protection agreements and safeguards. Examples include:

  • Payment Service Providers: To process card or other electronic payments securely.
  • Delivery Partners: To deliver orders to the specified recipient addresses in Yiewsley and surrounding districts.
  • IT and Website Support Providers: To help support, maintain, and secure our website and communications systems.

We do not sell your data. Your data is not transferred outside of the UK or European Economic Area unless adequate data protection standards or safeguards are in place.

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of your personal data we hold.
  • Right to Rectification: You can request corrections if your data is inaccurate or incomplete.
  • Right to Erasure: You may request deletion of your data, subject to our legal obligations to retain certain records.
  • Right to Restrict Processing: You can ask us to limit the way we use your data.
  • Right to Data Portability: You can request your data in a structured, commonly used format for transfer to another provider.
  • Right to Object: You can object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.
  • Right to Complain: You have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data rights have been infringed.

To exercise your rights or make a data-related request, please contact us by post or in person at our shop premises. We may need to verify your identity before responding to your request.

Security Measures

We have implemented appropriate technical and organisational measures to secure your data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These include secure payment processing, restricted data access, and staff training on data protection.

Policy Updates

We review and update this Privacy Policy periodically. Any changes will be effective as soon as they are published and will apply to all customers from Yiewsley and the surrounding districts. We encourage customers to review our Privacy Policy regularly to stay informed of how we protect your data.

Scope of Policy

This Privacy Policy applies to all personal data collected from individuals who place orders or make enquiries with Yiewsley Florist, whether in person, by telephone, or via our website, within Yiewsley and the surrounding districts.