Florist Purley Privacy Policy

Introduction

This Privacy Policy explains how Florist Purley collects, uses, processes, and protects your personal data. It applies to all customers who place orders with Florist Purley from Purley and surrounding districts. We are dedicated to complying with the General Data Protection Regulation (GDPR) and ensuring your personal information is handled in a secure, fair, and transparent manner.

What Data We Collect

To provide our floral products and services, we may collect and process the following categories of personal data:

• Identity Data: Your name, title, and, if applicable, the recipient’s name.
• Contact Data: Delivery address, billing address, telephone number, and any contact details you provide for order fulfillment or customer support.
• Order Data: Details of your order, including product selection, delivery instructions, purchase history, order notes, and messages for recipients.
• Payment Data: Partial payment information (such as payment confirmation or reference number) processed via secure third-party payment processors. (We do not store your full payment card details.)
• Communication Data: Emails, messages, or call logs related to your order and support requests.
• Technical Data: Data such as IP address, device type, and browser information collected through our website for analytics and improving user experience.

Lawful Basis for Processing Your Data

We process your personal data in accordance with one or more of the following lawful bases under the GDPR:

• Contractual Necessity: To fulfill your order for products and services, process payment, deliver your order, and provide customer support.
• Legitimate Interests: For business administration, analytics, security, and to improve our products and services where these interests are not overridden by your rights.
• Legal Obligation: To comply with applicable legal and regulatory requirements (e.g., maintaining transaction records for tax purposes).
• Consent: In certain situations, we may ask for your explicit consent (for example, for marketing communications). Where consent is present, you are entitled to withdraw it at any time.

How We Use Your Data

Your data is used to process and fulfill your orders, communicate with you regarding your purchases, respond to your queries, and enhance your overall customer experience. Technical and analytics data help us improve our services and website functionality.

Data Retention

Florist Purley only retains your personal data for as long as is necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Typically, we retain order-related data for up to six years from the date of purchase to comply with legal obligations and resolve disputes. After the retention period, your data is securely deleted or anonymised unless longer retention is required by law.

Data Processors and Third Parties

We may share your information with selected third-party processors solely to facilitate our services. These include:

• Payment Processors: To handle payments securely and without retaining plain card details on our systems.
• Delivery Partners: For the delivery of your order to the specified address.
• IT, Hosting, and Support Providers: To maintain the security and functionality of our digital infrastructure.
• Professional Advisors: For auditing, legal, or business administration purposes where legally required.

All third-party processors are required by contract to safeguard your data and only process it according to our instructions, not for their marketing or unrelated purposes.

Security of Your Data

We take the security of your data seriously and implement appropriate measures to prevent unauthorised access, disclosure, or loss. These include secure data storage, restricted access controls, and regular staff training in data protection practices. Where possible, your personal data is stored and processed within the European Economic Area (EEA) or in countries directed by the European Commission as offering adequate protection.

Your Rights Under GDPR

You have the following rights regarding your personal information:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Request corrections to inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data (where legal obligations do not require its retention).
• Right to restrict processing: Request to limit the processing of your data in specific circumstances.
• Right to object: Object to our processing of your data for direct marketing or based on legitimate interests.
• Right to data portability: Request your data be transferred to you or another provider in a structured, commonly used, machine-readable format.
• Right to withdraw consent: Where consent is the basis for processing, you may withdraw it at any time.

To exercise any of these rights, please contact us using the methods described in the "Contact" section of our website or at our physical shop.

Children’s Privacy

Florist Purley does not knowingly collect or process data from individuals under the age of 16 without parental or guardian consent. If you believe we have unintentionally collected such information, please notify us to ensure its prompt deletion.

Policy Updates

We may update this Privacy Policy to reflect changes to our practices or for operational, legal, or regulatory reasons. Any changes will be posted on this page. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

Contact and Complaints

If you have questions about this Privacy Policy, your personal data, or if you wish to exercise any of your GDPR rights, please contact us through our website or by visiting our shop in Purley. You are also entitled to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has not been handled in accordance with the law.