Florist Thamesmead Privacy Policy Overview

Scope of this Privacy Policy

This Privacy Policy describes how Florist Thamesmead—serving customers in Thamesmead and the surrounding districts—collects, uses, retains, and safeguards your personal data when you place an order with us. We are committed to operating in accordance with the General Data Protection Regulation (GDPR) and ensuring the protection of your personal information at every stage.

What Personal Data We Collect

When you place an order with Florist Thamesmead, the following categories of personal data may be collected:

  • Identity Data: Your full name and, where relevant, the name of the recipient.
  • Contact Data: Address details (billing and delivery), and sometimes your postcode or recipient’s postcode for delivery purposes.
  • Order Information: Details of your order, such as the product selected, card message, and delivery instructions.
  • Payment Data: Payment card details or payment transaction status (processed via secure, third-party payment processors; we do not store your card details).
  • Communication Data: Any correspondence between you and us, including queries, feedback, and complaints.
  • Technical Data: IP address, browser type, and device identifiers automatically collected via our website.

Lawful Basis for Processing Your Data

We process your personal data only where it is lawful to do so under GDPR. The primary lawful bases relevant to your relationship with Florist Thamesmead include:

  • Contractual Necessity: Processing is required to fulfil our contract with you, such as processing payments and delivering your order.
  • Legal Obligation: Where we must process personal data to comply with legal and regulatory obligations (such as tax and accounting laws).
  • Legitimate Interests: It may be in our legitimate interest to use your data to improve our services, prevent fraud, or provide customer support, provided such use does not override your rights and interests.
  • Consent: In specific situations (such as marketing communications or promotional offers), we rely on your explicit consent, which you may withdraw at any time.

Retention of Personal Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements:

  • Order Records: Typically retained for up to 6 years to address post-order queries, honor guarantee policies, and comply with legal obligations.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from our communications.
  • Technical Data: Stored for a shorter period, generally no longer than 1 year, unless necessary for security or analytics.

At the end of the applicable retention period, your personal data is securely deleted or anonymised.

Processors and Third Parties

Florist Thamesmead uses carefully selected third-party service providers (“processors”) to help operate our business and fulfill your orders. These processors may process your data strictly in accordance with our instructions. Examples include:

  • Payment Processors: Third-party payment service companies process your payments securely; payment details are not stored by Florist Thamesmead.
  • IT and System Providers: Companies who host our website, manage customer relationship software, or provide email and marketing automation services.
  • Delivery Partners: Service providers who deliver your floral orders may be given address and recipient details solely for fulfilment purposes.

All processors are contractually obliged to protect your data to GDPR standards and are prohibited from using your personal data for their own purposes.

Your Rights Under GDPR

As a customer of Florist Thamesmead, you have several rights regarding your personal data:

  • Right of Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You can ask us to correct or update inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: You can restrict the use of your data in certain circumstances.
  • Right to Data Portability: You can ask for your personal data to be provided to you or another provider in a machine-readable format.
  • Right to Object: You may object to our processing of your personal data, particularly with regards to marketing or legitimate interests.
  • Right to Withdraw Consent: Where we process data based on your consent, you may withdraw this at any time.

To exercise any of these rights, please contact us using the methods listed on our website’s contact page. All requests will be handled in accordance with applicable law.

Data Security

We have implemented suitable physical, technical, and organisational measures to ensure your data is protected against unauthorised access, loss, alteration, or disclosure. Access to your information is limited strictly to those employees, agents, and processors who require it for legitimate business needs.

Policy Updates

This Privacy Policy will be reviewed periodically and updated as required to comply with changes to the law or our data processing practices. The most recent version will always be available via our website. We recommend reviewing this policy regularly to stay informed of how we safeguard your personal data.

Contact and Complaints

If you have questions about how your data is handled, or are dissatisfied with our responses, you may contact the appropriate supervisory authority for data protection in your jurisdiction.