Flowers Rush Green Privacy Policy

Introduction

This Privacy Policy explains how Flowers Rush Green collects, uses, and safeguards your personal data when you place orders with us. This policy applies to all customers placing orders with Flowers Rush Green from Rush Green and the surrounding districts. We are committed to ensuring that your personal information is handled in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

What Data We Collect

When you interact with Flowers Rush Green, we collect the following types of personal data as necessary to fulfil your order and provide our services:

  • Contact Information: Name, delivery address, billing address, and contact details such as phone number.
  • Order Details: Products ordered, delivery instructions, special requests, and order history.
  • Payment Information: Limited payment data required to process your payment securely (processed via third-party providers; we do not store full card details).
  • Communication Records: Correspondence between you and our staff (including customer service queries and feedback).
  • Technical Information: Details about how you access our website, including device IP address, browser type, and access times (collected via cookies or similar technologies for site analytics and security).

Lawful Basis for Data Processing

We process your personal data under one or more of the following lawful bases, as defined under GDPR:

  • Contractual Necessity: To process and deliver your orders, manage payments, and fulfil any contractual obligations related to your purchase.
  • Legitimate Interests: For business purposes such as service optimisation, fraud prevention, and maintaining security of our operations – provided these do not override your rights.
  • Legal Obligations: Where we are required to keep certain data to meet legal or regulatory obligations, such as tax or accounting requirements.
  • Consent: In specific situations (for example, for direct marketing where required by law), we will only process your data if you have given us clear consent. You may withdraw this consent at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • To process, confirm, and deliver your flower orders efficiently.
  • To communicate important updates about your orders and services.
  • To manage payments and administrative processes.
  • To handle your customer service queries and product feedback.
  • To improve our website, services, and offerings through analytics.
  • To send personalised offers or updates, where you have provided consent or as permitted by law.

Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected and to comply with legal, accounting, or regulatory requirements. The typical retention periods are as follows:

  • Order and Transaction Data: Retained for up to 7 years to fulfil tax and bookkeeping regulations.
  • Customer Service Records: Generally retained for up to 3 years after your last interaction, unless needed for the resolution of disputes or legal claims.
  • Marketing Data: Retained until you withdraw your consent or opt out of communications.

Data Processors and Third Parties

To provide our services efficiently, we may share parts of your personal data with trusted third parties or processors. These processors are contractually bound to protect your data in compliance with GDPR and are only permitted to use it for specified purposes. Examples of such processors include:

  • Payment Providers: To securely process your payments.
  • IT and Cloud Service Providers: For hosting, software, and data backup purposes.
  • Delivery Partners: To ensure your orders reach their destination.
  • Professional Advisors: Such as accountants and legal advisors, when necessary for compliance and business administration.

We do not sell, rent, or otherwise disclose your personal information to third parties for their own marketing purposes.

International Data Transfers

Your personal data is primarily processed within the United Kingdom and European Economic Area (EEA). If a service provider is located outside this area, we ensure appropriate safeguards are in place to protect your information, complying with GDPR requirements on international transfers.

Data Security

We employ appropriate technical and organisational measures to safeguard your personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure servers, encrypted payment processing, and regular staff training on data protection principles.

Your Data Protection Rights

As a customer of Flowers Rush Green, you have the following rights concerning your personal data under GDPR:

  • Right to Access: You may request access to the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: You have the right to request deletion of your personal data where we are not obliged to retain it for legal reasons.
  • Right to Restrict Processing: In certain circumstances, you may limit how your data is processed.
  • Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format.
  • Right to Object: You may object to processing of your data, particularly for direct marketing purposes.
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

If you wish to exercise any of these rights, please contact us using the contact details provided on our website or at your point of sale. We may need to verify your identity before processing your request. We aim to respond to all legitimate requests within one month, or sooner where possible.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Any changes will be posted on our website and will take effect upon publication. We encourage you to review this policy periodically for the latest information.

Contact and Complaints

If you have further questions regarding how we collect, use, or protect your personal data, or if you wish to make a complaint, please contact us using the information on our website. You also have the right to lodge a complaint with the Information Commissioner's Office or your local supervisory authority if you believe we have not complied with data protection laws.