Florist Nine Elms Customer Privacy Policy

Privacy Policy Overview

This Privacy Policy outlines how Florist Nine Elms ("we", "us", or "our") collects, processes, stores, and protects your personal data when you order our services from Nine Elms and surrounding districts. We are committed to handling your information responsibly and in compliance with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. Please read this policy carefully to understand your rights and how we manage your data.

Scope of This Policy

This policy applies to all individuals who place an order with Florist Nine Elms, either as customers or recipients, for delivery or collection within Nine Elms and nearby districts. By placing an order or using our services, you acknowledge and agree to the practices described in this Privacy Policy.

What Data We Collect

In order to fulfil your order and provide the best possible service, we may collect and process the following categories of personal data:

  • Identity Data: Name, surname, and title.
  • Contact Data: Delivery address, billing address, email address, and telephone number.
  • Order and Transaction Data: Details about the products and services you order, including delivery instructions and transaction history.
  • Payment Data: Payment method details. (Note: We do not store your card details; payment is processed securely through our payment processor.)
  • Recipient Data: Name, delivery address, and – where provided – contact details for recipients of your gift orders.
  • Preference and Communication Data: Records of your communications with us, preferences for marketing, or special order notes.
  • Technical Data: If you visit our website, information such as your device type, IP address, and browser may be collected via cookies (see our separate Cookie Policy).

Lawful Basis for Processing Your Data

We only process personal data when we have a lawful basis to do so under the GDPR. The lawful bases we rely on include:

  • Contractual Necessity: We process your data as necessary to enter into and fulfill the contract for products or services you request (e.g., to process and deliver your order).
  • Legal Obligations: Some data processing is required by law (such as keeping financial records for tax purposes).
  • Legitimate Interests: We may process data to pursue our legitimate business interests, such as managing orders, improving our services, and addressing customer queries – provided these interests do not override your rights.
  • Consent: For marketing communications or where your consent is needed by law, we will only process such data if you have given explicit permission. You may withdraw consent at any time.

How We Use Your Information

Your personal information is used for the following purposes:

  • Processing and fulfilling your order, including payment and delivery.
  • Communicating with you about your order or responding to your enquiries.
  • Providing customer support and resolving problems.
  • Complying with legal and regulatory obligations.
  • Improving our products and customer experience.
  • Sending you marketing, promotions, or updates only if you have opted in.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Typically, order-related data is retained for up to six years to comply with legal and accountancy obligations. After this period, your personal data will be securely deleted or anonymized.

Processors and Data Sharing

We may share certain parts of your data with trusted third-party service providers ("processors") who assist us in fulfilling orders, delivering flowers, payment processing, or maintaining our website. These processors are only allowed to process your data on our instructions and are required to keep your information secure and confidential.

We may share your data with:

  • Payment processors for secure transactions.
  • Delivery partners to fulfil and track your delivery.
  • Website and IT support providers if you order online.
  • Professional advisors and legal authorities, where required by law.

We do not sell, rent, or trade your personal data with any third parties for marketing purposes.

User Rights Under GDPR

As a data subject residing in the UK or EU, you have the following rights regarding your personal information:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal information where there is no longer a legal reason for us to retain it.
  • Right to Restrict Processing: Ask us to temporarily or permanently stop processing all or some of your data.
  • Right to Data Portability: Receive a copy of the personal data we have about you in a commonly used format.
  • Right to Object: Object to our processing of your data where our lawful basis is legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where your consent is required, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: You may lodge a complaint with the Information Commissioner’s Office or your local supervisory authority if you believe your rights are being infringed.

Data Security

We implement a range of technical, administrative, and physical safeguards designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes secure payment handling, encrypted storage, and regular review of security procedures.

International Data Transfers

Your data is primarily processed within the UK or European Economic Area (EEA). If it is necessary to transfer your data outside of these jurisdictions, we will take all steps necessary to ensure an adequate level of data protection in accordance with GDPR requirements, such as implementing appropriate safeguards or standard contractual clauses.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect regulatory, legal, or operational changes. Updated versions will be posted on our website and become effective upon publication. We recommend reviewing this policy periodically for any changes.

Contact Us About Privacy

If you have any questions about this Privacy Policy, the data we hold, or would like to exercise any of your rights, please contact us using the contact form on our website or by post. We are committed to responding promptly and addressing your concerns in accordance with applicable data protection laws.