Flowers Upper Clapton Privacy Policy

Our Commitment to Privacy

Your privacy is important to us at Flowers Upper Clapton. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you place orders for our flowers from Upper Clapton and surrounding areas. We are dedicated to complying with all relevant legal obligations, including the EU General Data Protection Regulation (GDPR).

Scope of This Policy

This Privacy Policy applies to all customers who place flower delivery or collection orders with Flowers Upper Clapton, whether through our website, over the phone, or in-person, and who reside or request deliveries to Upper Clapton or nearby districts.

What Personal Data We Collect

When you order from Flowers Upper Clapton, we may collect various types of personal data necessary for fulfilling your order and providing customer service. This may include:

  • Identity Data: Name, title, or similar identifier
  • Contact Data: Billing and delivery address, telephone number, and contact preferences
  • Order Details: Product and service selections, recipient information (such as name and address for delivery), and any messages you request to be included with your order
  • Payment Data: Payment information (e.g., last four digits of your card, transaction reference numbers)
  • Technical Data: IP address, device information, browser type and version, and usage data collected through cookies when visiting our website
  • Correspondence: Records of your communications with us, including queries, feedback, or complaints

Lawful Bases for Data Processing

We rely on the following legal bases under GDPR to collect and process your personal data:

  • Contractual Necessity: Most of the data we collect is required to fulfill your order, communicate with you about your purchase, and deliver products to the recipient.
  • Legal Obligation: Certain information must be retained to comply with applicable tax, accounting, or other legal requirements.
  • Legitimate Interests: We may process your data for our legitimate business purposes, such as improving our services or responding to your queries, provided these are not overridden by your rights and interests.
  • Consent: In some cases, such as for marketing communications, we will ask for your explicit consent. You may withdraw this consent at any time.

Retention of Your Data

Personal data is retained only for as long as necessary to fulfill the purposes it was collected for, including for the purpose of satisfying any legal, accounting, or reporting requirements. Specifically:

  • Order and transaction records: Retained for up to 7 years in accordance with financial regulations
  • Marketing/email preferences: Retained until you withdraw consent or unsubscribe
  • Enquiries and correspondence: Retained up to 2 years after resolution
  • Technical and website usage data: Retained for up to 2 years for analytics and security purposes

After the relevant retention period, your personal data will be securely deleted or anonymised.

Data Processors and Sharing

We may share your personal data with trusted third-party service providers who help us fulfil your orders, process payments, deliver customer communications, and manage our website. These may include:

  • Payment processors (to handle secure online and card payments)
  • Delivery partners and couriers
  • IT service providers (including hosting, email, and analytics providers)
  • Professional advisors (e.g., accountants, auditors) as strictly required

We require all third-party processors to respect the security of your personal data and to treat it in accordance with the law. They are only permitted to process your data for specified purposes and in accordance with our instructions.

Your data will not be transferred outside the European Economic Area unless adequate safeguards are in place in accordance with GDPR requirements.

How We Protect Your Data

We employ appropriate technical and organisational measures to ensure the security of your personal data. This includes the use of secure servers, encrypted transactions, access controls, and regular review of data processing methods. We also instruct our employees and processors on the importance of privacy and security.

Your GDPR Rights

You have rights under GDPR in relation to how we handle your personal data. These include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: If your data is incorrect or incomplete, you are entitled to have it rectified.
  • Right to Erasure: Also known as the ‘right to be forgotten’, you may request deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Under certain conditions, you may ask us to restrict use of your data.
  • Right to Object: You may object to processing of your data on grounds relating to your particular situation, especially for direct marketing.
  • Right to Data Portability: Where applicable, you can request your data be transferred in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority if you believe your rights have been infringed.

Updates to This Policy

We may occasionally update this Privacy Policy to reflect changes in the law, our business practices, or the services we offer. Substantial changes will be highlighted on our website or communicated directly where appropriate. We encourage you to review this policy periodically to stay informed about how we process your data.

Contacting Us

If you have any questions about this Privacy Policy, want to exercise your rights, or require further information about how we handle your personal data, please contact us using the details provided on our main website or visit our shop in Upper Clapton.