Flower Delivery Harrow Weald - Privacy Policy

Overview and Scope of This Privacy Policy

This Privacy Policy explains how Flower Delivery Harrow Weald collects, uses, stores, and protects your personal data when you place orders from Harrow Weald or the surrounding districts. We are committed to safeguarding your privacy and handling your data in a transparent and secure manner, in compliance with the General Data Protection Regulation (GDPR).

Who This Policy Applies To

This Privacy Policy applies to all customers placing orders for flower delivery with Flower Delivery Harrow Weald. If you use our flower delivery services within Harrow Weald or its surrounding districts, your personal information will be processed as outlined in this document.

What Personal Data We Collect

When you order flowers with us, we collect the following categories of personal data as applicable:

  • Identity Data: Name, surname, and sometimes title (e.g., Ms, Mr).
  • Contact Data: Delivery address, billing address, contact phone numbers, and recipient's contact details (when provided).
  • Order Data: Details about the floral products and services you have ordered, delivery preferences, and messages included with the flowers.
  • Payment Data: Payment transaction details (note: card data is typically handled directly by our third-party payment processor and not stored by us).
  • Correspondence: Records of communications you have with us regarding orders, enquiries, and feedback.
  • Technical Data (where relevant): IP address, device type, browser type, operating system, and interaction with our website (collected via cookies or log files, where applicable).

Purposes and Lawful Basis for Data Processing

We only process your personal data when we have a lawful basis under GDPR. These are:

  • Contractual Necessity: To process your flower delivery order, manage payment, delivery, and customer service. This applies to most of the data you provide when ordering.
  • Legal Obligation: To comply with UK laws in relation to tax, accounting, or other regulatory requirements.
  • Legitimate Interests: For quality control, business analysis, fraud prevention, and security (these do not override your fundamental rights and freedoms).
  • Consent: Where required, we may process your data based on your explicit consent (e.g., for optional marketing communications). You may withdraw consent at any time.

How We Use Your Personal Data

Your data is collected and processed for the following purposes:

  • Processing and fulfilling your flower delivery orders.
  • Contacting you regarding your order or in response to your queries.
  • Delivering flowers to the specified recipient in Harrow Weald or nearby areas.
  • Processing payments (note: we do not store full card details but receive confirmation from the payment processor).
  • Maintaining internal records for accounting, operations, and customer service.
  • Improving our services and website based on user feedback and analytics (where relevant and with the use of cookies, subject to your browser settings).
  • Sending you marketing communications, if you have opted-in (with the ability to unsubscribe at any time).

Data Sharing and Processors

In certain cases, your personal data may be shared with trusted third-party partners ("Processors") who assist us in providing our services. Typical categories include:

  • Payment Processors: Securely managing credit/debit card transactions. These providers are GDPR-compliant and do not receive more data than necessary for payment.
  • Delivery Partners: Couriers or drivers who receive delivery addresses and contact details needed for fulfilling orders.
  • IT Service Providers: Hosting or maintaining our order and website infrastructure.
  • Professional Advisors: Accountants, insurers, or legal advisers, as required by law.

All processors act on our instructions and are subject to contractual obligations concerning confidentiality, data protection, and security. We do not sell your data or share it with unrelated third parties for their own purposes.

International Data Transfers

Your data is generally processed within the United Kingdom or European Economic Area (EEA). Should data be transferred outside the EEA, we ensure it is protected in accordance with GDPR standards (e.g., by using approved contractual clauses or ensuring providers are under adequacy decisions).

Retention of Personal Data

We retain your data only as long as it is necessary for the purposes it was collected, including to comply with legal obligations, resolve disputes, and enforce agreements. Data relating to orders is typically retained for up to 6 years, in accordance with UK tax and accounting regulations. Where data is collected for marketing with your consent, we retain it until you unsubscribe or withdraw your consent.

Your Rights Under GDPR

As a data subject, you have several rights under the GDPR:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct or update inaccurate or incomplete data.
  • Right to Erasure: You have the right to request the deletion of your personal data, subject to legal or contractual retention requirements.
  • Right to Restrict Processing: You may ask us to suspend processing of your data under certain circumstances.
  • Right to Data Portability: Where applicable, you can request your data in a commonly used electronic format or ask for it to be transferred to another provider.
  • Right to Object: You can object to processing carried out based on legitimate interests or direct marketing at any time.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.
  • Right to Lodge a Complaint: You may lodge a complaint with the Information Commissioner’s Office or your relevant data protection authority if you believe your rights have been infringed.

Data Security

We take appropriate technical and organisational measures to secure your personal data. This includes the use of secure servers, encryption of sensitive data, access restrictions, and regular review of our data handling practices to protect against unauthorised access, alteration, disclosure, or destruction.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal or regulatory requirements or changes to our services. Updates will be made available to customers. We encourage you to review this policy regularly.

Contact and Further Information

If you have any questions regarding this Privacy Policy or wish to exercise your rights, please contact us using the details provided on our website or through our usual customer service channels. We are committed to working with you to address any concerns or requests you may have about your personal data.