Our Commitment to Your Privacy at Flower Delivery Totteridge

Introduction

This Privacy Policy describes how Flower Delivery Totteridge (“we,” “us,” or “our”) processes your personal data in connection with the sale, payment, and delivery of flower orders placed by customers (“you,” “your”) from Totteridge and surrounding districts. We are committed to protecting your privacy and ensuring the lawful and transparent processing of your personal information in accordance with the UK General Data Protection Regulation (GDPR) and other relevant data protection laws. By placing an order with Flower Delivery Totteridge, you agree to the practices as described in this policy.

Who Does This Policy Apply To?

This policy applies to all individuals who interact with Flower Delivery Totteridge as customers or recipients of orders within Totteridge and neighbouring districts. It outlines our responsibilities and your rights regarding personal data collected during the ordering and delivery of flowers.

What Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity information: Name (customer and recipient, if different)
  • Contact details: Delivery address, billing address, and phone number (where required for delivery), and any notes you provide at the time of ordering
  • Order information: Product selections, messages for recipients, and delivery instructions
  • Payment data: Details required to process payments (we do not store full card numbers)
  • Technical information: IP address, browser type, and timestamps collected during online ordering for security and analytics purposes

Lawful Basis for Processing Personal Data

Under the GDPR, Flower Delivery Totteridge must have a lawful basis for processing your personal data. Our legal bases include:

  • Contractual necessity: To process and deliver your order as requested by you. Without your data, we could not fulfil your order.
  • Legitimate interests: To manage and improve our services, prevent fraud, and process customer service enquiries, provided our interests do not override your rights.
  • Legal obligation: To comply with legal and regulatory requirements, such as record-keeping for tax purposes.
  • Consent: Where required, for example, if you opt in to receive marketing communications (which you may revoke at any time).

How We Use Your Information

We use your personal information for the following purposes:

  • Processing your orders and arranging delivery
  • Communicating order updates or resolving queries
  • Managing payments and issuing receipts
  • Improving the quality and security of our services
  • Fulfilling legal and regulatory obligations
  • Sending marketing or promotional material, only where you have given your explicit consent

Retention of Personal Data

We only retain your personal data for as long as necessary to fulfil the purposes described in this policy. This typically means:

  • Order and delivery data are retained for up to seven years, to comply with legal, accounting, and tax obligations.
  • Marketing contact details are kept until you withdraw your consent or unsubscribe from communications.
  • Other information is deleted or anonymised when no longer needed for the purposes for which it was collected.

After these timeframes, your data is securely deleted or anonymised so that you can no longer be identified.

Sharing and Processing of Your Information

We sometimes use third-party service providers ("processors") to help us deliver our services. Examples of these processors include:

  • Payment processors who securely handle your payment details
  • Courier or delivery service providers who require delivery and contact information
  • Technology providers who host our ordering platform or provide email communications

All our processors are contractually required to safeguard your data in compliance with GDPR and to use it only for the purpose of providing their services to Flower Delivery Totteridge. We do not sell your personal data or share it with third parties outside our service delivery process, except as required by law.

International Transfers

Where any of our processors are based outside the UK or European Economic Area, we ensure that adequate protections are in place, such as data processing agreements and reliance on appropriate safeguards as set out under GDPR (for example, Standard Contractual Clauses).

Your Data Protection Rights

Under GDPR, you have the following rights concerning your personal data:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate information about you.
  • Right to erasure (‘the right to be forgotten’): You may request the deletion of your personal data, unless we are required to retain it for legitimate business or legal reasons.
  • Right to restrict processing: You have the right to ask us to suspend the processing of your data in certain circumstances.
  • Right to object: You can object to our processing of your data, where our legal basis is legitimate interests.
  • Right to data portability: Where applicable, you can ask us to provide your data in a machine-readable format for transfer to another service provider.
  • Right to withdraw consent: If we rely on your consent to process your data, you have the right to withdraw this at any time.
  • Right to complain: You may raise a complaint with a supervisory authority if you believe your data protection rights have been infringed.

If you wish to exercise any of these rights, please contact us via our website or in writing. We may need to verify your identity before fulfilling your request.

How We Protect Your Information

We implement appropriate technical and organisational measures designed to safeguard your personal data against unauthorised access, loss, or misuse. These measures include secure storage, encryption of payment details, staff training, and regular review of our data handling practices.

Changes to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes in our practices or legal obligations. Any such updates will be posted on our website, and significant changes will be communicated to you appropriately.

Contact and Further Information

If you have any questions, concerns, or would like further information about how we process your personal data, please contact us through the details provided on our website. We are committed to resolving any issues or queries regarding your privacy rights promptly and transparently.