Flower Delivery Limehouse Privacy Policy

Introduction

This Privacy Policy explains how Flower Delivery Limehouse ("we", "our", "us") collects, uses, shares, and safeguards personal data from all customers placing orders within Limehouse and its surrounding districts. We are dedicated to protecting your privacy and complying fully with the UK General Data Protection Regulation (GDPR) and other relevant regulations.

What Data We Collect

We only collect the information necessary to process orders and provide our flower delivery services efficiently. The types of personal data collected include:

  • Identification Data: Name, surname, and title.
  • Contact Data: Delivery address, billing address, and phone number (optional).
  • Order Information: Description, quantity, and value of orders placed, payment method (no payment card details are stored), and delivery instructions.
  • Recipient Information: Name and address of the recipient if different from the customer.
  • Communication Data: Any correspondence with customer service for support or feedback purposes.

Lawful Basis for Processing

Under the GDPR, our lawful bases for collecting and processing your personal data are:

  • Contract Performance: Most data we collect and use is necessary to fulfil the sales contract established when you place an order with us.
  • Legal Obligation: Some processing is required to comply with applicable laws, such as record retention for tax purposes.
  • Legitimate Interests: Where necessary, we may use your data to improve our services, resolve disputes, or prevent fraud, provided these interests do not override your rights and freedoms.
  • Consent: In cases where explicit consent is required (such as for marketing messages), we will seek your agreement beforehand.

How We Use Your Data

Your personal data may be used for the following purposes:

  • To process and fulfill your flower delivery orders
  • To communicate delivery updates or order information
  • To handle payment processing through secure third-party payment providers
  • To provide customer support and respond to enquiries
  • To meet legal and regulatory requirements
  • To improve the quality and efficiency of our services (e.g., through customer feedback)

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, the following retention periods apply:

  • Order and transaction data: Kept for up to 7 years from the date of your order to comply with tax and accounting regulations.
  • Communications and customer service records: Retained for up to 2 years from the resolution of your query.
  • Marketing consent data: Kept until you withdraw your consent or opt-out of marketing communications, whichever is sooner.

Once the retention period expires, we securely delete or anonymise your data.

Processors, Sub-Processors, and Data Sharing

We use carefully selected third-party service providers ("processors") to assist in providing our services. These may include payment processors, IT support companies, and delivery logistics providers. We require all processors to comply with data protection standards that meet or exceed UK GDPR requirements.

Where third parties process your data on our behalf, they operate only under our instructions and may not use your personal data for their own purposes. We do not sell your personal data to any third party. Data is not transferred outside the European Economic Area (EEA) unless adequate data protection safeguards are in place.

Your Data Protection Rights

Under UK GDPR, you have extensive rights in relation to your personal data, including:

  • The right to be informed: You have the right to be told how your data is used. This Privacy Policy seeks to do that clearly and transparently.
  • The right of access: You can request confirmation of whether we hold your personal data, and obtain a copy if we do.
  • The right to rectification: You have the right to have inaccurate or incomplete data rectified.
  • The right to erasure: Also known as "the right to be forgotten," you can in certain cases request deletion of your data.
  • The right to restrict processing: You may ask us to suspend certain types of data processing in specific circumstances.
  • The right to data portability: Where technically feasible, we will provide your data in a structured, commonly used, machine-readable format to you or another data controller upon request.
  • The right to object: You may object to us processing your data where we rely on legitimate interests, including direct marketing purposes.
  • Rights in relation to automated decision making and profiling: We do not use any data for automated decision making or profiling.

Exercising Your Rights

If you wish to exercise any of your data protection rights, please contact us using the methods set out in the Contact section of our website. We may need to verify your identity to ensure your data protection rights are respected.

Data Security

We take the security of personal data seriously. Appropriate technical and organisational measures are in place to prevent unauthorised access, disclosure, loss, or destruction of your data. These measures are reviewed and updated regularly.

Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in our practices, legal obligations, or for other operational reasons. Any significant changes will be posted on our website so you remain informed of how we protect your privacy.

Applicability of This Policy

This Privacy Policy applies to all customers placing orders for flower delivery within Limehouse and the surrounding districts. By ordering with Flower Delivery Limehouse, you acknowledge that you have read and understood this Policy and consent to the use and processing of your personal data as described above, subject to your legal rights.