Willesden Florist Privacy Policy – GDPR Information

Introduction

At Willesden Florist, we are committed to safeguarding your privacy and ensuring that your personal information is protected in accordance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws. This Privacy Policy explains how and why we collect, use, and retain your personal data when you order from Willesden Florist, whether you are located in Willesden or the surrounding districts. We also explain your data protection rights and provide details about our data processors.

Scope of This Policy

This Privacy Policy applies to all customers who place orders with Willesden Florist, whether online, by phone, or in person. It is relevant to residents of Willesden and neighbouring areas served by our florist. If you use our services, you agree to the collection, use, and disclosure of your information as described in this policy.

What Data We Collect

To fulfil your order and provide our services, we may collect and process the following categories of personal data:

  • Identity Information: Name, title, and contact details (such as address and phone number).
  • Order Information: Details of the products and services you have purchased, including recipient's name and delivery address.
  • Payment Information: Payment method details (such as cards, but not card numbers or security codes) processed securely by our payment providers.
  • Correspondence: Records of communications with us, including queries, complaints, or feedback.
  • Technical Data: IP address, browser type, and access times, if you use our website.

Purpose and Lawful Basis for Processing

Willesden Florist processes your personal data only when there is a legal basis for doing so. The main lawful bases under GDPR that apply are:

  • Performance of Contract: We process your information to fulfil your floral order and provide related services (Article 6(1)(b) GDPR).
  • Legitimate Interests: For administrative purposes, to improve our services, and to prevent fraud (Article 6(1)(f) GDPR). We carefully balance these interests with your rights and expectations.
  • Legal Obligation: To comply with applicable laws and respond to lawful requests by public authorities (Article 6(1)(c) GDPR).
  • Consent: Where required, such as for marketing communications not related to your order, we will ask for your explicit consent (Article 6(1)(a) GDPR).

How We Use Your Personal Information

The personal data we collect is used to:

  • Process, fulfil, and deliver your flower orders.
  • Contact you regarding your order or respond to your enquiries.
  • Manage payments and prevent fraudulent transactions.
  • Improve our products and services based on your feedback.
  • Comply with legal requirements and maintain business records.
  • If consent is given, send information about offers or seasonal promotions (you may opt out at any time).

Retention of Your Data

We only keep your personal data for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations. Typically, data related to your orders is retained for up to seven years to comply with UK tax law. After this period, data is securely deleted or anonymised unless we are required by law to retain it longer.

Data Processors and Data Sharing

In the course of providing our services, we may share limited personal data with trusted third parties ("processors") who help us operate effectively. These include:

  • Payment Service Providers: For processing card payments securely.
  • Delivery Partners: For fulfilling deliveries to your specified recipients.
  • IT and Software Providers: For managing our order processing systems.

Our processors are contractually obligated to handle your data securely and only process it for specified purposes in line with this policy. We do not sell your personal data to third parties.

Your Data Protection Rights

Under GDPR, you have several rights regarding your personal data:

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You can request corrections to any incomplete or inaccurate personal data.
  • Right to Erasure (Right to be Forgotten): You may request deletion of your personal data in certain circumstances, subject to legal obligations.
  • Right to Restrict Processing: You can ask us to limit how we use your data under certain conditions.
  • Right to Data Portability: You can request to receive your data in a structured format for use elsewhere.
  • Right to Object: You can object to processing of your data based on our legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where consent is the basis for processing, you may withdraw it at any time.

If you wish to exercise any of your rights under the GDPR, please contact us using the communication methods provided through our website or by post.

How We Protect Your Data

Your privacy is important to us. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Examples include secure payment methods, strict access controls, and staff training in data protection.

Changes to This Privacy Policy

We review and update this Privacy Policy regularly to reflect any changes in our data practices or legal obligations. You are encouraged to review this policy periodically. Any significant changes will be communicated to our customers as appropriate.

Contacting Willesden Florist

If you have any questions or concerns about this Privacy Policy or how we handle your personal information, please contact us using the options available on our website or by post at our shop address.

Thank you for trusting Willesden Florist to handle your data responsibly and safely.