Privacy Policy for Thamesmead Florist Customers

Introduction and Scope

This Privacy Policy describes how Thamesmead Florist collects, uses, stores, and safeguards the personal information of its customers, in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Thamesmead Florist, covering the Thamesmead area and surrounding districts. Understanding how we handle your data ensures transparency and your confidence in our services.

What Personal Data We Collect

When you place an order or make an inquiry with Thamesmead Florist, we collect and process the following categories of personal data:

  • Contact Information: Such as your name, delivery address (including recipient’s name and address, if different), and your contact telephone number.
  • Order Details: The contents of your order, including delivery dates, special instructions, and any personalized messages for bouquets or gifts.
  • Payment Information: Details necessary to process payments, such as payment card information, which is handled securely via our payment processors (we do not store full card numbers).
  • Correspondence: Any written communication you have with us, including online forms, feedback, or queries.
  • Technical Data: Usage data such as IP address, browser type, and cookies when you interact with our website or digital services.

Lawful Basis for Processing

We process your personal data in line with the principles of GDPR under the following lawful bases:

  • Contractual Necessity: We need your personal information to process and deliver your order, including contacting you regarding your order status or delivery issues.
  • Legal Obligation: In some situations, we may be required to process data for compliance with taxation or other regulatory law.
  • Legitimate Interest: For quality assurance, fraud prevention, and improving our services, we may process data in ways that do not override your privacy rights.
  • Consent: Where you have given explicit permission, for example, subscribing to our newsletter or marketing communications (you can withdraw your consent at any time).

How We Use Your Data

We use the data collected for the following purposes:

  • To process orders, payments, and deliveries efficiently.
  • To communicate with you regarding your order, including confirmations, dispatch, and feedback requests.
  • To comply with legal and accounting obligations.
  • To enhance and improve our website and customer service, such as using aggregated data for analysis and service improvement.
  • With your consent, to send you promotional offers or updates about our products and services.

Retention of Personal Data

Your personal information is retained only as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, accounting, or reporting requirements. Typically, order and transaction information is kept for up to seven years to satisfy tax and record-keeping obligations, after which it is safely deleted or anonymized. Correspondence not related to transactions is retained for a short period until resolved, unless further retention is necessary for record keeping or legal compliance.

Third-Party Processors and Data Sharing

Thamesmead Florist only shares necessary personal data with selected third-party processors essential for fulfilling orders and processing payments. These may include:

  • Payment providers, for the secure handling of your payment transactions.
  • Delivery service partners, to ensure your order reaches the intended recipient.
  • IT service providers, to maintain the security and functionality of our website and digital systems.

All third-party processors operate under strict contractual requirements to process your data securely and only in accordance with our instructions, and they must comply with GDPR obligations.

We do not sell, rent, or share your data with third parties for marketing or unrelated purposes. Data may be disclosed to government or regulatory authorities only as required by law or where necessary for fraud prevention and detection.

Your Data Protection Rights

As a data subject, you have comprehensive rights under GDPR regarding your personal information:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete information.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your data where it is no longer necessary for processing, subject to certain legal exceptions.
  • Right to Restrict Processing: You can ask us to restrict how we use your data under specific conditions.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format and, where feasible, have it transferred to another data controller.
  • Right to Object: You may object to our processing of your data in certain situations, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

Should you wish to exercise any of these rights, please contact us using the details provided on our website. You also have the right to lodge a complaint with your national supervisory authority if you believe your data has been handled improperly.

Security of Your Personal Data

We implement physical, technical, and organizational safeguards to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes secure payment technologies, staff training, and strict access controls. However, while we strive to protect your data, absolute security cannot be guaranteed, and we encourage you to contact us immediately if you suspect any misuse of your information.

Changes to This Privacy Policy

Thamesmead Florist may review and update this Privacy Policy from time to time to reflect changes in legal requirements or our operational practices. The most current version will always be available on our website. We recommend checking this page periodically to remain informed about our information practices.

Contacting Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please reach out to us using the contact details listed on our website. We are committed to addressing your privacy concerns and ensuring your rights are respected fully.