Privacy Policy for Flowers Shadwell Customers

Introduction

This Privacy Policy describes how Flowers Shadwell collects, uses, stores, and protects the personal data of its customers. It applies to anyone placing orders with Flowers Shadwell from Shadwell and the surrounding districts. The policy outlines our procedures in compliance with the General Data Protection Regulation (GDPR) and other relevant UK data protection legislation. By placing an order with us, you agree to the terms of this privacy policy.

What Personal Data We Collect

When you interact with Flowers Shadwell, we may collect different types of personal information in the course of providing our services. The specific data types may include:

  • Identity Information: Your name and, if applicable, recipient name.
  • Contact Information: Delivery address, billing address, and location information relevant to the order.
  • Communication Data: Order details, notes or instructions provided to us, and record of correspondence.
  • Transaction Information: Details about payments made for orders (please note, we do not store card details; these are handled securely via our payment processor).
  • Order History: Previous purchases, dates, and preferred products.
  • Usage Information: How you interact with our services, such as time and date of your orders.

We do not intentionally collect sensitive personal data (such as health-related information) unless it is necessary for a specific purpose and you provide your explicit consent.

Lawful Basis for Processing Your Data

Flowers Shadwell only processes your data when there is a lawful basis to do so under GDPR. Our main reasons for processing are:

  • Contractual necessity: To fulfil your orders, communicate with you about deliveries, and provide products as requested.
  • Legal obligation: For record-keeping according to tax or accounting laws.
  • Legitimate interests: To improve our products and services, manage our business, respond to queries, and prevent fraud.
  • Consent: Where we use your data for marketing or promotional purposes, we will ask for your explicit consent, which you may withdraw at any time.

How We Use Your Data

The personal data we collect is used for the following purposes:

  • Processing and delivering your flower orders efficiently and accurately.
  • Contacting you regarding the status of your order or to clarify delivery arrangements.
  • Retaining records of transactions for accounting and legal purposes.
  • Improving the quality of our services based on customer preferences and past orders.
  • Sending periodic updates, promotions, and special offers if you have opted in for marketing communications (from which you can unsubscribe at any time).

Data Retention

We will retain your personal data only as long as it is necessary to fulfil the purposes described above, including for legal, accounting, or reporting requirements. Specifically:

  • Transactional data is generally retained for a minimum of six years after your last order, to comply with statutory obligations.
  • Order and communication records may be kept until no longer required for customer service or business analysis, or until you request deletion (if permitted by law).
  • Marketing contact details will be retained while you remain subscribed. If you opt out, we will promptly remove your information from our marketing lists.

When your data is no longer required, it will be securely deleted or anonymised.

Data Processors and Third Parties

To fulfil your orders efficiently, we may share your data with trusted third parties (data processors), only where necessary and with appropriate safeguards in place:

  • Payment processors: Securely manage online payments on our behalf. We do not retain your card or payment details—these are handled via the processor’s secure systems.
  • Delivery partners: Occasionally, to help deliver your order to the correct address if handled jointly with a delivery service.
  • IT and business support services: Such as website hosting, order management software, or cloud storage providers. These partners only access data as required to provide their specific service and are contractually obliged to protect your information.

We will not sell, rent, or trade your personal data. Data sharing with law enforcement or regulators is only in response to valid legal requests.

How Your Data Is Protected

Your personal data is kept secure using commercially reasonable measures, including:

  • Encryption of electronic records and secure storage solutions.
  • Restricted access to personal information by authorised staff only.
  • Regular review and updates of our data protection practices.
  • Contracts with third-party processors aligning with GDPR requirements.

Your Rights Under GDPR

As a data subject under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the information we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete personal data.
  • Right to Erasure: Request the deletion of your data under certain circumstances (“right to be forgotten”).
  • Right to Restrict Processing: Ask us to limit how we use your data under specific circumstances.
  • Right to Data Portability: Obtain a copy of your data in a commonly used, machine-readable format for transfer elsewhere.
  • Right to Object: Object to the processing of your personal data in certain situations, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.

To exercise your rights or if you have questions about your data, you may contact us using the details on our website.

Updates to This Policy

We may review and update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy practices. The most current version will always be available on our website, and we will notify you of any material changes where required.

Contact and Complaints

If you have any concerns or complaints about how we use your personal data at Flowers Shadwell, please reach out to us via the contact section of our website. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.