East Finchley Florist Privacy Policy

Introduction

At East Finchley Florist, we value your privacy and are fully committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, and secure your information, in compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws. This policy applies to all customers ordering from East Finchley Florist, whether you are based in East Finchley or the surrounding districts.

What Data We Collect

When you place an order with East Finchley Florist, or interact with us for queries and services, we may collect the following information:

  • Identity Data: Name, title.
  • Contact Data: Delivery address, billing address, telephone number, and any contact preferences.
  • Order Data: Order details, recipient information, message cards, and purchase history.
  • Payment Data: Transaction reference, partial card information (where applicable). We do not store complete card details.
  • Technical Data: IP address, browser type, operating system, and usage patterns on our website.
  • Communications Data: Emails, notes of calls, and records of contact with us.

We limit collection to what is necessary to fulfil your order, ensure delivery, and provide customer support.

Lawful Basis for Processing Data

We process your personal information under the following lawful bases:

  • Performance of a Contract: Most data is processed to fulfil your order or respond to service requests.
  • Legal Obligation: When regulations require us to retain certain information, such as for accounting or tax purposes.
  • Legitimate Interests: For improving services, sending important updates, or preventing fraud, provided these interests are not overridden by your data protection rights.
  • Consent: In specific cases, such as sending marketing information, we will only do so with your explicit consent.

How We Use Your Data

Your personal information is used in the following ways:

  • Processing and delivering your orders, including contacting you and the recipient for delivery arrangements.
  • Managing payments and refunds.
  • Handling customer service requests, queries, or complaints.
  • Improving our website and services through internal analysis or customer feedback.
  • Complying with legal and regulatory requirements.
  • Notifying you of important changes to our terms or services.
  • Sending marketing communications, if you have given us permission to do so.

How We Share Your Data

We treat your data with respect and confidentiality. Your personal information may be shared only under these circumstances:

  • Service Providers (Processors): We use third-party service providers for payment processing, website hosting, delivery services, and IT support. These providers are contractually required to safeguard your data and process it only on our instructions.
  • Legal Requirements: If needed, we may disclose information to public authorities where legally required to do so.

We do not sell or trade your personal data to any third parties for their own marketing purposes.

Data Retention

We will retain your personal information only as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. The specific retention period depends on the type and context of data:

  • Order and transaction data: typically retained for up to seven years for tax and legal compliance.
  • Contact and communication data: retained for as long as you are a customer and for a reasonable period after your last interaction, unless you request deletion sooner.
  • Marketing data: retained only until you withdraw your consent.

After these periods, your information will be securely deleted or anonymised.

How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal information. This includes secure storage, restricted access to authorised personnel, regular review of security protocols, and using secure methods of data transmission. Where we use external processors, we ensure appropriate contracts to protect your data in line with GDPR requirements.

International Data Transfers

In most cases, your data is stored within the UK or European Economic Area (EEA). If we use any providers outside these regions, we ensure suitable safeguards are in place, such as Standard Contractual Clauses, to guarantee your data remains protected to the standard required by law.

Your Rights as a Data Subject

Under GDPR, you have several rights regarding your personal data:

  • Right to Access: You can request a copy of any personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
  • Right to Erasure ('Right to be Forgotten'): You may request deletion of your data when it is no longer required for processing or where consent is withdrawn.
  • Right to Restrict Processing: You may request we pause use of your data in certain situations.
  • Right to Data Portability: You can request that your data be provided to you or another organisation in a commonly used format.
  • Right to Object: You may object to processing carried out on the basis of legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time.

To exercise your rights, please contact us using the contact methods available on our website or in-store. We may need to verify your identity for security before acting on your request.

Policy Updates

We may update this Privacy Policy from time to time to ensure clarity or address changes in law or our business practices. Please review this policy periodically for the latest information on our privacy practices. The date of the most recent update will always be shown at the start of this policy.

Contacting Us

If you have any questions, concerns, or wish to exercise your data protection rights, you can reach out to us via the contact options provided on our website or at our East Finchley shop. We aim to respond to queries and requests promptly and to resolve any issues to your satisfaction.