Privacy Policy for Flower Delivery Emerson Park

Introduction

This Privacy Policy explains how Flower Delivery Emerson Park ("we", "our", or "us") collects, uses, and safeguards the personal data of customers who place orders with us in Emerson Park and the surrounding districts. We are committed to protecting your privacy and handling your data transparently and in compliance with the UK General Data Protection Regulation (GDPR).

Scope of This Policy

This Privacy Policy applies to all individuals placing flower delivery orders with Flower Delivery Emerson Park from Emerson Park and its surrounding districts. By utilizing our flower delivery services, you acknowledge and agree to the practices described in this policy.

What Personal Data We Collect

We collect various types of personal data necessary to process your orders and provide efficient service. Depending on your interaction with us, the data we may collect includes:

  • Contact Details: Name, delivery address, and contact telephone number.
  • Order Information: Details of your order, such as product selection, delivery instructions, and card messages.
  • Payment Data: Partial payment card details (we do not store full card numbers), payment confirmation, and billing address.
  • Account Information: If you create an account, email address, username, and password.
  • Communication Data: Records of correspondence with our customer service team (such as queries, feedback, or complaints).
  • Technical Data: IP address, browser type, device identifiers, and browsing activity on our website for analytics and security purposes.

Lawful Basis for Processing Data

We process your personal data lawfully and only where we have a valid reason to do so under GDPR. Our lawful bases for processing include:

  • Contractual Necessity: To process and deliver your flower orders, including processing payments and communicating with you regarding your order.
  • Legal Obligation: To comply with applicable UK laws related to transaction record-keeping and consumer protection.
  • Legitimate Interests: To improve our services, ensure the security of our platform, prevent fraud, and answer your enquiries. When relying on this basis, we carry out a balancing test to ensure your rights and interests do not override ours.
  • Consent: Where required, such as for sending marketing communications, we will request your explicit consent, which you may withdraw at any time.

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The retention periods vary depending on the type of data and the reason for its collection:

  • Order and payment records are typically retained for up to six years as required by UK tax laws.
  • Customer account details are retained for as long as your account is active. If you request account deletion, we will remove your information except for what we must keep to comply with legal obligations.
  • Communication records and feedback are kept for up to two years for quality assurance and dispute resolution purposes.
  • Technical and analytics data are stored for no more than two years, unless required for security investigations.

Data Processors and Third Parties

To provide our services efficiently, we may share your personal data with trusted third-party data processors who act on our behalf. These include:

  • Payment Processors: To securely process your payment transactions.
  • Delivery Partners: Courier and logistics companies responsible for fulfilling deliveries.
  • IT Service Providers: Companies who host our website, provide cloud storage, or maintain our systems.
  • Analytics Providers: To help us understand usage of our website and improve our services.

All third-party processors are required to comply with GDPR, act only on our instructions, and implement appropriate measures to protect your data. Your data is not sold or shared with unrelated third parties for marketing purposes.

Your Rights Under GDPR

As a data subject located in the UK or the EEA, you have the following rights regarding your personal data:

  • Right to Access: Request access to the personal data we hold about you.
  • Right to Rectification: Ask us to correct inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your data when it is no longer required, or if you withdraw consent (where consent was the basis for processing).
  • Right to Restrict Processing: Ask us to restrict use of your personal data in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used format.
  • Right to Object: Object to our processing of your data on grounds relating to your particular situation, including for direct marketing purposes.
  • Right to Withdraw Consent: Where we process data based on your consent, you may withdraw your consent at any time.

Keeping Your Data Secure

We implement and maintain security measures to protect your data from unauthorized access, alteration, disclosure, or loss. This includes encryption, regular system monitoring, restricted data access, and staff training on data protection responsibilities.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We encourage you to review this policy regularly to stay informed about how we protect your data.

Contact and Complaints

If you have any questions about this Privacy Policy, your rights, or how we use your personal data, please contact us. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local data protection authority if you believe we have not complied with applicable data protection laws.