GDPR Privacy Policy - Flower Delivery Northwood

Privacy Statement for Customers in Northwood and Surrounding Areas

At Flower Delivery Northwood, we are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This Privacy Policy explains how and why we collect, use, store, and disclose your personal information when you place orders with Flower Delivery Northwood from Northwood and the surrounding districts.

Scope of This Privacy Policy

This policy applies to all customers and recipients of Flower Delivery Northwood orders from Northwood and adjacent localities. By placing an order, you acknowledge that your data will be processed in line with this Privacy Policy.

What Personal Data We Collect

When you interact with Flower Delivery Northwood, we collect different categories of data to fulfill our services:

  • Contact Details: Such as your name, delivery address, phone number (optional), and postal code.
  • Order Information: Including the recipient’s name and address, personalized card messages, details about the products you order, and any delivery instructions.
  • Payment Information: We process payment details via secure PCI-compliant providers but do not store your credit or debit card numbers ourselves; payment is handled by third-party processors.
  • Communication Records: Records of correspondence with us (such as emails, forms, or notes on calls) related to your order, queries, feedback, or complaints.
  • Technical Data: Including your IP address, browser type, and usage statistics (where applicable), collected through cookies or analytics for website optimization.

Lawful Basis for Processing Your Data

Flower Delivery Northwood processes your personal data based on one or more of the following lawful grounds:

  • Performance of a Contract: Processing is necessary to fulfill the order you place with us, including delivery and customer service.
  • Legitimate Interests: To improve our services, prevent fraud, or respond to your queries, provided these do not override your fundamental rights.
  • Legal Compliance: Processing your information when required to comply with laws or regulations.
  • Your Consent: In situations where consent is the legitimate basis, such as for certain types of marketing communications (with clear opt-in mechanisms).

How Your Data Is Used

Your data is utilized strictly for the following purposes:

  • Processing and delivering your orders efficiently.
  • Communicating with you regarding order confirmations, delivery updates, or queries relating to your purchase.
  • Handling customer support requests, feedback, or complaints.
  • Improving our website functionality and user experience through analysis of anonymized technical data.
  • Fulfilling our legal and regulatory obligations.

Data Retention Periods

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Typically, this means:

  • Order and Transaction Information: Retained for up to seven years after your last transaction to comply with financial and tax regulations.
  • Enquiry and Complaint Records: Retained for up to three years following resolution for administrative purposes.
  • Marketing Preferences: Retained until you opt-out or withdraw your consent.

After these periods expire, your personal data will be securely deleted or anonymised.

Categories of Data Processors

To deliver our services, we may engage reputable third-party processors who process data on our behalf. These include:

  • Payment Providers: For secure processing of financial transactions.
  • IT and Hosting Providers: For the secure storage and management of our website and order systems.
  • Delivery Partners: Courier and delivery services that require recipient name, address, and instructions.
  • Analytics Services: For anonymised website and customer analytics used to improve our services.

All processors are subject to robust data protection agreements and operate in accordance with GDPR standards.

Data Sharing and Transfers

We do not sell or rent your personal data to third parties. Data is shared solely with trusted processors listed above. Where processors operate outside the UK or EEA, we ensure adequate safeguards are in place, such as standard contractual clauses or similar mechanisms, to protect your data rights.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal information:

  • Right to Access: You may request a copy of personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccuracies or incomplete data.
  • Right to Erasure: You can request deletion of your data where there is no overriding legal reason for continued processing.
  • Right to Restriction: You may request restriction of processing in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a commonly used format and, where feasible, transfer it to another service provider.
  • Right to Object: Where processing is based on legitimate interests or direct marketing, you may object at any time.
  • Right to Withdraw Consent: Where processing relies on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, verification may be required to ensure your identity.

Protecting Your Data

We take data security seriously and maintain appropriate technical and procedural safeguards to protect your personal data against accidental loss, unauthorized disclosure, alteration, or destruction.

Policy Updates

We may occasionally update this Privacy Policy to reflect changes in our practices or legal obligations. Any updates will be clearly posted or otherwise communicated at the point of order or interaction. Please revisit this policy regularly to stay informed about how we protect your information.

Contact and Complaints

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us using the details provided at the time of your order or on our website. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or relevant supervisory authority if you believe your rights have been infringed.