Privacy Notice for Customers of Denmark Hill Florist

Introduction

This Privacy Policy describes how Denmark Hill Florist collects, uses, stores, and protects your personal data in line with the requirements of the General Data Protection Regulation (GDPR). This policy applies to all individuals who place orders from Denmark Hill and surrounding districts.

Personal Data We Collect

When you order from Denmark Hill Florist, we collect the following categories of personal data:

  • Contact Information: Your name, address, postcode, and telephone number.
  • Order Details: Recipient's name, address, and telephone number (if different from the customer).
  • Payment Information: Necessary payment details (e.g., credit/debit card data). Note: We do not store full payment card details; processing occurs securely with our payment processor.
  • Communication Records: Any correspondence relating to your order, requests, or feedback.
  • Delivery Instructions: Specific instructions you provide regarding delivery.

We do not knowingly collect data from children under the age of 16.

Lawful Bases for Processing

Our collection and processing of your personal data are grounded in the following lawful bases under the GDPR:

  • Contractual Necessity: Processing is necessary to fulfil your order, including communicating with you and delivering products as requested.
  • Legitimate Interests: We may process data to improve our services, handle queries or complaints, or for record-keeping purposes that do not override your rights or interests.
  • Legal Obligations: Some data may be processed to comply with applicable laws (such as tax or accounting regulations).
  • Consent: In limited circumstances, we may seek your explicit consent for specific uses of your data (for example, direct marketing communications), which you can withdraw at any time.

Duration of Data Retention

Denmark Hill Florist retains your personal data only as long as necessary to achieve the purposes described in this policy, or as required by law.

  • Order Information: Kept for up to seven years to satisfy tax, accounting, and legal requirements.
  • Customer Service Records: Retained for up to three years after your last interaction with us.
  • Payment Data: Stored only as required for the transaction and to prevent fraud; complete cardholder data is not held on our systems.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe.

After these retention periods, your personal data will be securely deleted or anonymised.

How We Use Your Data

Your personal data will be used for the following purposes:

  • Processing and delivery of your order.
  • Communicating with you regarding your order, including updates and notifications.
  • Dealing with any requests, complaints, or queries.
  • Maintaining business records as required by law.
  • (If you opt in) Sending you relevant information about offers or services.

Data Sharing and Processors

We share your personal data only with trusted third parties where it is necessary for fulfilling our service, complying with laws, or improving our business operations. These parties act as data processors and are contractually obligated to handle your personal data securely and in compliance with the GDPR.

Data may be shared with:

  • Payment service providers (to process your payment securely).
  • Courier and delivery partners (to deliver your order).
  • IT providers managing our website and business systems.
  • Legal or regulatory authorities when required by law.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. If data needs to be transferred outside the European Economic Area, appropriate safeguards will be established as required by law.

Your Rights Under GDPR

As a customer of Denmark Hill Florist, your rights under data protection law include:

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Ask us to correct inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your data in certain circumstances ("right to be forgotten").
  • Right to Restrict Processing: Ask us to suspend processing if you contest accuracy or object to processing.
  • Right to Data Portability: Request your data in a machine-readable format and have it transferred to another service provider where feasible.
  • Right to Object: Object to processing based on our legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Right to Lodge a Complaint: Complain to your data protection authority if you believe your rights have been infringed.

To exercise any of these rights, please contact us using the details provided at the end of this policy or through the contact options provided on our website or in-store.

Data Security

We are committed to protecting your data. We have put appropriate technical and organisational measures in place to prevent unauthorised access, disclosure, loss, or destruction of your data. We regularly review our data handling practices and policies, and staff are trained in data protection compliance.

Updates to This Policy

This Privacy Policy may be updated occasionally to reflect changes in our business, legal requirements, or best practice. Continued use of our services after any updates constitutes acceptance of the revised policy. Please refer to this policy periodically to stay informed about how we process your personal data.

Contact and Further Information

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us using the contact details available on our website or by visiting our store. We aim to respond to all requests within one month, as required by law.

This policy is effective as of June 2024 and applies to all Denmark Hill Florist customers ordering from Denmark Hill and surrounding districts.