Flowers Tolworth GDPR Privacy Policy

Privacy Policy Overview

This Privacy Policy applies to all customers placing orders with Flowers Tolworth from Tolworth and the surrounding districts. Flowers Tolworth is committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This policy outlines the types of personal data we collect, our lawful basis for processing that data, how long we retain it, who processes it, and your rights as a data subject.

What Data We Collect

When you place an order with Flowers Tolworth, we collect personal data necessary for fulfilling your request and providing our services. This may include:

  • Contact Information: Name, delivery address, and contact preferences.
  • Order Details: Purchase information such as product selection, delivery instructions, date and time of order, and personal messages included with flower arrangements.
  • Payment Information: Payment method details (not card numbers, which are processed securely through third-party payment processors).
  • Communication Records: Any correspondence or feedback you provide in relation to your order.
  • Technical Data: Limited technical data such as IP address, device type, and browsing activity if you use our website in placing your order, which helps us improve our online services.

Lawful Basis for Processing Your Data

Under GDPR, we must have a valid lawful basis to collect and process your personal data. The primary legal grounds we rely on are:

  • Contractual Necessity: Processing your data to fulfill your orders, deliver products, and manage transactions.
  • Legal Obligation: Compliance with legal requirements, such as tax obligations, record keeping, and consumer protection laws.
  • Legitimate Interests: To improve our products and services, ensure network and information security, and prevent fraud.
  • Consent: In rare cases, for example, for direct marketing beyond your existing relationship with us, we may ask for your explicit consent. Wherever consent is used, you can withdraw it at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and delivering your flower orders promptly and accurately.
  • Communicating with you regarding your order, delivery status, or feedback.
  • Responding to your queries and requests for information.
  • Improving our business operations, including analyzing orders and customer preferences to enhance our services.
  • Maintaining business records for accounting, audit, and legal compliance purposes.

Data Retention

We only retain your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Typically, order and transaction information is retained for up to seven years in line with legal and tax obligations. Where your details are used for marketing purposes, they will be kept until you withdraw consent or unsubscribe. Data that is no longer needed is securely deleted or anonymised.

Processors and Third-Party Service Providers

To provide our services effectively, we may share your personal data with trusted third-party service providers, known as data processors. These include:

  • Payment Processors: Secure payment gateways that handle payment transactions on our behalf.
  • IT and Web Hosting Providers: Companies hosting our website and managing our technical infrastructure.
  • Delivery Partners: Selected couriers and delivery services transporting your orders to their destination.
  • Professional Advisors: Accountants, auditors, or legal counsel assisting with compliance and business operations.

All processors act in accordance with GDPR requirements and only process your data based on our instructions. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

User Rights Under GDPR

As a data subject, you have several rights under the GDPR regarding your personal information:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct incomplete or inaccurate data.
  • Right to Erasure: Request the deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Limit how we use your data, under certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used and machine-readable format, or ask us to transfer it to another service provider.
  • Right to Object: Object to the processing of your data, including direct marketing activities.
  • Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: You can raise concerns about how we process your data with the relevant supervisory authority.

To exercise any of these rights, please contact us through the channels provided on our website or in-store.

Data Security

We implement appropriate technical and organisational measures to protect your data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include secure storage systems, encryption where required, access controls, and staff training in data handling best practices.

Changes to This Privacy Policy

Flowers Tolworth reserves the right to update or revise this Privacy Policy at any time. Any significant changes will be communicated via our website or by another appropriate means. The date of the latest update will be displayed at the top of this policy.

Contact Information

If you have any questions about this Privacy Policy or your data, please refer to the contact details provided on our website or visit our Tolworth premises for assistance.