Florists Clapham - Privacy Policy

Introduction

At Florists Clapham, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, and store your information when you place an order with Florists Clapham, whether you are located in Clapham or any of the surrounding districts. This policy applies to all customers engaging with our services and is designed to ensure compliance with the General Data Protection Regulation (GDPR).

What Personal Data We Collect

When you order from Florists Clapham, the following types of personal data may be collected, depending on your interaction with us:

  • Contact Details: Your name, delivery address, billing address, and contact telephone number.
  • Order Information: Details of the products and services you purchase, including any personalised messages to recipients.
  • Payment Data: Information required to process your payment (note: payment card data is processed securely by our payment providers and not stored by us).
  • Account Data: If you create an account, we collect login credentials and any preferences you set.
  • Communication Data: Emails, phone calls, or other communications you have with us related to your order or customer service requests.
  • Technical Data: Your internet protocol (IP) address, browser type, and usage data when you visit our website.

Lawful Basis for Processing Your Data

We process your personal data under the following lawful bases, as prescribed by the GDPR:

  • Contractual Necessity: Processing your data is necessary for us to fulfil your order, take payment, and deliver your flowers or products.
  • Legal Obligation: We may be required to process and retain certain information for tax, accounting, or other legal purposes.
  • Legitimate Interests: We may occasionally use your data to improve our services, prevent fraud, or send updates related to your order. These uses will not override your interests or fundamental rights.
  • Consent: Where required by law, we will seek your explicit consent for certain processing activities, such as sending marketing communications. Consent can be withdrawn at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders, including delivery and order confirmation.
  • Communicating with you about your order or in response to inquiries.
  • Handling payments and, where required, processing refunds.
  • Meeting our legal, tax, and auditing obligations.
  • Improving our services, administering the website, and ensuring security.
  • Providing customer support and resolving issues that may arise.
  • Sending you service-related notifications and, if you have consented, marketing materials.

How Long We Keep Your Information (Data Retention)

We retain your personal data only for as long as necessary for the purposes described in this policy, in line with our legal and regulatory obligations. Typically, we keep order and contact data for up to seven years to comply with accounting and taxation requirements. For marketing communications, your data is retained until you opt out or withdraw consent. Any digital communications or correspondence are reviewed periodically and deleted when no longer relevant.

Who Processes Your Data (Data Processors and Recipients)

To provide our services, we may share your personal data with trusted third-party service providers (data processors) who assist us in processing payments, delivering orders, managing our website, or providing communication tools. These third parties process your data strictly in accordance with our instructions and GDPR requirements. All processors are contractually bound to use your data solely for the purposes necessary to provide their service to us and are prohibited from using it for their own purposes or sharing it further.

We may also disclose your data to professional advisers, regulatory authorities, or other parties when required by law or as necessary for legal proceedings or to defend our legal rights.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request details of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccuracies in your personal data.
  • Right to Erasure: You may request deletion of your personal data where there is no legal basis for us to retain it.
  • Right to Restriction: You can ask us to restrict processing where you contest the accuracy or the lawfulness of processing.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to have it transferred to another controller.
  • Right to Object: You can object to the processing of your personal data on grounds relating to your particular situation, especially if the processing is based on legitimate interests or for marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw this at any time.

To exercise any of your rights, you may contact us using the contact details provided on our website. Requests will be handled in compliance with GDPR timescales.

International Data Transfers

Your personal data is generally processed within the United Kingdom and European Economic Area (EEA). Should it be necessary to transfer data outside these regions, we will ensure appropriate safeguards are in place to maintain the security of your information and to meet GDPR requirements.

Security of Your Data

We take the security of your personal data seriously. Appropriate technical, organisational, and administrative security measures are in place to protect your data from loss, misuse, unauthorised access, or disclosure. Data is stored securely, and access is limited to only those who need it to perform their job functions.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data practices. The latest version will always be available on our website, and significant changes will be communicated as appropriate.

Contact and Complaints

If you have any questions or concerns about how we handle your personal data, please contact us using the contact mechanisms on our website. If you feel your data has not been handled appropriately or that your rights have not been respected, you have the right to raise a complaint with the Information Commissioner's Office (ICO), the UK’s independent authority for data protection.