Florist Colney Hatch GDPR-Compliant Privacy Policy

Scope and Application

This Privacy Policy describes how Florist Colney Hatch collects, uses, shares, and protects your personal information in accordance with the General Data Protection Regulation (GDPR). This policy is applicable to all customers placing orders with Florist Colney Hatch from Colney Hatch and the surrounding districts.

The Personal Data We Collect

In order to process your orders and offer you our services, Florist Colney Hatch collects the following types of personal data:

  • Contact Information: Name, delivery address, billing address, and town/district information.
  • Communication Details: Optional notes or messages provided with your order, preferences for delivery times, and your communications with us regarding orders or services.
  • Transaction Data: Details of products you order, purchase history, order value, and payment confirmation (we do not store card details but may store transaction confirmations from payment processors).
  • Technical Information: IP address, device type, and browser used for order placement and website analytics.
  • Marketing Preferences: Consent to receive updates or marketing communications.

We do not intentionally collect or process special categories of personal data, such as health information, unless explicitly provided by you as part of a specific order (e.g., allergy information for a bespoke arrangement).

Lawful Basis for Processing

Your data is collected and processed on the following lawful bases under GDPR:

  • Contractual Necessity: To fulfil your order, manage your account, and deliver products to the correct location.
  • Legitimate Interests: For customer service improvement, order tracking, fraud prevention, and business analysis.
  • Legal Obligation: To comply with applicable laws relating to accounting, taxation, or resolving disputes.
  • Consent: For sending marketing communications, where you have opted in. You can withdraw this consent at any time.

How We Use Your Personal Data

The personal data we collect is used to:

  • Process and deliver your flower orders accurately and efficiently
  • Communicate order updates, confirmations, or issues
  • Respond to customer queries and requests
  • Improve our website, services, and customer experience
  • Send you marketing or promotional information, only if you have agreed
  • Comply with our legal and taxation obligations

How Long We Keep Your Data (Data Retention)

Personal data will be retained only as long as necessary for the purposes described above unless a longer retention period is required by law. Typically, customer and order records are retained for up to seven years to comply with taxation and accounting laws. Marketing data will be retained only as long as you remain subscribed or until you withdraw your consent.

Data that is no longer necessary will be securely deleted or anonymised. Periodic reviews are conducted to ensure personal data is not kept beyond its retention period.

Data Processors and Third Parties

To deliver our services, your information may be shared with trusted external processors, including:

  • Payment Providers: For secure processing of orders (e.g., card payment processors). We do not retain your full payment details.
  • Delivery Partners: To ensure correct and timely delivery of your order to the address specified.
  • IT and Hosting Providers: For website hosting, data storage, and technical support, who process data only on our instructions and under confidentiality obligations.
  • Accountants or Legal Advisors: When required for compliance with taxation or legal obligations.

All third-party processors are contractually required to safeguard your data and comply with GDPR requirements. Personal data is not sold or made available for commercial use outside the scope of fulfilling your orders or legitimate interests described in this policy.

International Data Transfers

Where personal data is transferred outside the United Kingdom or the European Economic Area (EEA), we ensure equivalent protections are in place, including the use of adequacy decisions or Standard Contractual Clauses as required by data protection laws.

Your Rights Under GDPR

Under the General Data Protection Regulation, you have several important rights:

  • Right to Access: You may request copies of your personal data held by Florist Colney Hatch.
  • Right to Rectification: You can have inaccurate or incomplete data corrected or updated at any time.
  • Right to Erasure: In certain cases, you can request deletion of your personal data.
  • Right to Restrict Processing: You can ask us to restrict the processing of your data under specific circumstances.
  • Right to Data Portability: You may request to receive your personal data or for it to be sent to another service provider in a commonly used electronic format.
  • Right to Object: You may object to certain types of processing, such as marketing communications.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of previous processing.
  • Right to Complain: You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached.

Security Measures

Florist Colney Hatch implements appropriate technical and organisational measures to protect your personal data against unauthorised access, misuse, alteration, or loss. We routinely review our procedures to guarantee the ongoing confidentiality, integrity, and availability of your information.

Policy Updates

This Privacy Policy may be updated to reflect changes to our practices or to comply with updates in relevant legislation. You will be notified of material changes where appropriate. The latest version will always be available for your review before placing an order.

Contact and Queries

For further information about this Privacy Policy, to exercise your rights, or to raise any concerns about how your personal data is handled, please contact Florist Colney Hatch using the contact options provided on our website or at our premises.