GDPR Privacy Policy for Flower Delivery Mitcham

Introduction

This Privacy Policy explains how Flower Delivery Mitcham ('we,' 'our,' or 'us') collects, uses, stores, and protects your personal data when you place orders with us. This policy applies to all customers making purchases from Flower Delivery Mitcham within Mitcham and surrounding districts. We are committed to ensuring that your privacy is protected and that your personal data is processed lawfully, fairly, and transparently, in accordance with the UK General Data Protection Regulation (GDPR).

What Personal Data We Collect

When you interact with Flower Delivery Mitcham, we may collect and process the following personal data:

  • Identity Data: Full name, title, and (if provided) date of birth.
  • Contact Data: Delivery address, billing address, recipient address (if different), telephone number, and postal code.
  • Order Data: Details of your order, including product selection, personalised message, delivery instructions, and payment status.
  • Payment Data: Limited payment details required to process transactions. We do not store your full card details; payments are processed securely through approved payment processors.
  • Communication Data: Your correspondence with us, including order confirmation, complaints, or feedback.
  • Technical Data: IP address, browser type, device information, and cookie data collected when you use our website.

Lawful Basis for Processing Your Data

We process your personal data strictly in accordance with the lawful bases permitted under the GDPR:

  • Contractual Necessity: Data is processed to fulfil your flower delivery order, including processing payment, arranging delivery, and providing customer service.
  • Legal Obligation: Data may be processed to meet regulatory, tax, or accounting requirements.
  • Legitimate Interests: We may process your data to improve our products and services, prevent fraud, or respond to your enquiries. Our interests never override your rights and freedoms.
  • Consent: Where required, such as direct marketing, we seek your explicit consent to process your data. You have the right to withdraw your consent at any time.

Use of Your Personal Data

We use your information for the following purposes:

  • Processing, fulfilling, and delivering your orders.
  • Communicating with you about your order status, delivery, or modifications.
  • Responding to your enquiries or feedback.
  • Processing payments and refunds through secure payment providers.
  • Improving our services and website experience.
  • Fulfilling our legal and regulatory responsibilities.
  • Sending marketing communications when you have opted in.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting obligations. Typically, we retain customer order data for up to seven years in line with accounting regulations. After this period, your data will be securely deleted or anonymised. If you have requested to receive marketing communications, your data will be retained for that purpose until you withdraw your consent or opt out.

Processors and Data Sharing

We engage the following categories of third-party processors to support our services and maintain GDPR compliance:

  • Payment Service Providers: Securely process credit/debit card transactions. Only necessary payment data is shared; we do not store your full card details.
  • Delivery Partners: Assist in fulfilling orders and delivering your flowers. Only relevant delivery information is shared (e.g., recipient name and address).
  • IT and Website Support: Maintain our website and secure infrastructure, ensuring the safety of your data.
  • Professional Advisors: Assist us with audit, legal, or accountancy services as required by law.

All third-party processors are subject to strict confidentiality and data protection agreements, ensuring your data is used only for specified purposes and in accordance with this privacy policy.

Your Data Protection Rights

Under the GDPR, you have a range of rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of any incomplete or inaccurate data we hold about you.
  • Right to Erasure: In certain circumstances, you can request the deletion or removal of your personal data (the ‘right to be forgotten’).
  • Right to Restriction: You can ask us to suspend the processing of your personal data in specific situations.
  • Right to Data Portability: You may request transfer of your data to you or another provider in a structured, commonly used format.
  • Right to Object: You can object to processing based on legitimate interests or to direct marketing at any time.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw this at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us using the details provided on our website. We will respond to all legitimate requests within one month and will not charge a fee unless a request is manifestly unfounded or excessive.

International Data Transfers

Your data is generally processed and stored within the UK or the European Economic Area (EEA). If any data is transferred outside these regions, we ensure appropriate safeguards and protections are in place in accordance with GDPR requirements.

How We Keep Your Data Secure

We are committed to keeping your personal data safe and secure. We implement suitable technical and organisational measures to prevent unauthorised access, loss, disclosure, or alteration of your data. Our website uses SSL encryption, and staff are trained on GDPR best practices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and the date of the last update will be indicated at the top of the policy. We encourage you to review this policy regularly to stay informed about how we protect your data.

Contact and Further Information

If you have any questions, concerns, or wish to exercise your rights under this policy, you can find our contact details on the Flower Delivery Mitcham website. We are committed to helping you resolve any privacy-related issues promptly and transparently.