Florist Rayners Lane Privacy Policy for Order Customers

Introduction

This Privacy Policy describes how Florist Rayners Lane collects, uses, protects, and manages the personal data of customers placing orders from Rayners Lane and surrounding districts. Handling your information responsibly and transparently is a key part of our commitment to safeguarding your privacy, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Scope of This Policy

This policy applies to all customers who place flower orders, including those placed online, in person, or over the phone, from Florist Rayners Lane. It covers customers located in Rayners Lane and all neighbouring areas we deliver to. For the purposes of this policy, “we”, “us”, and “our” refer to Florist Rayners Lane, and “you” refers to our customers.

What Personal Data We Collect

In order to process and fulfil your orders, we collect various types of personal data, including:

  • Contact Details: such as your full name, delivery address, billing address, and telephone number.
  • Order Details: information about your purchases including order contents, messages for recipients, and preferences.
  • Payment Information: details needed to process payments, such as partial card details and payment confirmation (processed securely via our payment provider; we do not store full card data ourselves).
  • Communication Data: records of your communications and any additional instructions provided to us.
  • Technical Data: IP address, browser information, and usage data if you interact with our website, to improve service and protect against fraud.

Lawful Basis for Processing

We process your personal data under several lawful bases:

  • Contractual Necessity: to take steps at your request before and after entering into a contract, and to fulfil your order.
  • Legal Obligation: to comply with applicable laws and regulations (such as keeping certain records for tax purposes).
  • Legitimate Interests: to provide and improve our products and services, and to prevent fraud or misuse of our services.
  • Consent: where you have provided specific consent, for example, to receive marketing communications (you may withdraw this at any time).

How We Use Your Data

Your data is used primarily to process and fulfil your flower orders, arrange deliveries, and provide customer support. We may also use it to:

  • Communicate regarding your orders or respond to your queries;
  • Improve our services and customer experience;
  • Send you information about promotions or events, if you have opted in;
  • Maintain financial and tax records as required by law.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations. Typically, we retain order-related information for a period of six years, in line with accounting and tax requirements. Where data is based on your consent, such as marketing preferences, it will be retained until you withdraw that consent.

Third-Party Data Processors

To provide our services efficiently, we sometimes use trusted third-party service providers (data processors), such as:

  • Payment processing companies for secure transaction handling;
  • Courier or delivery partners for delivering your orders;
  • IT and website support providers who assist with service maintenance and security;
  • Accounting or bookkeeping services for financial record-keeping;
  • Marketing service providers, if you have opted in to communications.

All third-party processors act only on our instructions and are required to maintain the confidentiality and security of your data in accordance with GDPR requirements. We do not sell or rent your information to third parties for their marketing purposes.

Data Security

We implement a range of technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or disclosure. This includes secure payment gateways, encrypted data transmission, and restricted access protocols. Our staff are trained in data protection and privacy standards as part of our commitment to safeguarding your data.

Your Data Protection Rights

Under the GDPR, you have several rights regarding your personal data:

  • Right of Access: You may request confirmation and a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your data, subject to legal or contractual restrictions.
  • Right to Restriction: You can request we restrict processing of your data under certain circumstances.
  • Right to Data Portability: You are entitled to receive your data in a commonly used, machine-readable format.
  • Right to Object: You may object to processing of your data, particularly for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
  • Right to Lodge a Complaint: You may contact your local supervisory authority if you believe your data has been mishandled.

Children’s Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect data from children under this age. If we become aware that personal information from a child has been collected, we will take appropriate steps to delete it promptly.

Policy Updates and Contact

This Privacy Policy may be updated from time to time to reflect changes in our practices or applicable laws. Please review this page regularly to stay informed about how we handle your data.

If you have questions or wish to exercise your data protection rights, please contact us using the details provided on our website or at our shop.