Privacy Policy for Flowers Islington Customers

Introduction: Our Commitment to Your Privacy

This Privacy Policy explains how Flowers Islington ('we', 'us', 'our') collects, uses, shares, and protects the personal data of customers who place orders for goods or services from Islington and surrounding districts. Your privacy is paramount to us, and we strive to operate respectfully and transparently in accordance with the General Data Protection Regulation (GDPR).

Scope of this Policy

This policy applies to all individuals who place orders with Flowers Islington, whether these transactions are completed via our website, by telephone, or in person. By placing an order, you acknowledge that you have read and understood this Privacy Policy.

Data We Collect

In the process of fulfilling your order and providing our services, we collect and process the following categories of personal data:

  • Contact Details: Name, delivery address, billing address, and contact telephone number.
  • Order Information: Details about the products you order, preferences, and delivery instructions.
  • Payment Details: Payment card information or transactional banking data (processed securely via our payment processor; we do not store full payment card details).
  • Communications: Records of correspondence, feedback, or enquiries you make about your order.
  • Technical Data: IP address, browser type and version, and information about your usage of our website (collected via cookies and similar technologies).

Lawful Basis for Processing Your Data

We only process your personal data where we have a lawful basis under the GDPR. The main lawful bases applicable to Flowers Islington are:

  • Contractual Necessity: We process personal data to perform our contract with you, e.g., to accept and deliver your order and to process payment.
  • Legitimate Interests: We may use your data for the legitimate interests of improving our services, preventing fraud, and keeping our records accurate and up to date, provided your rights and freedoms are not overridden.
  • Legal Obligations: We may need to process and retain certain data to comply with applicable laws such as tax, accounting, or consumer protection requirements.
  • Consent: Where required (e.g., for certain types of marketing), we will seek your consent and you can withdraw this at any time.

How We Use Your Data

We use your personal information primarily to process and fulfill your orders, respond to your enquiries, and deliver excellent customer service. Specifically, your data may be used to:

  • Manage and fulfil your orders, including delivery and invoicing;
  • Communicate with you regarding your purchase or in response to your queries;
  • Process payments securely via trusted third-party payment processors;
  • Comply with our legal obligations and exercise or defend legal claims;
  • Improve and personalise your customer experience, and ensure technical accuracy and security for our services;
  • Send service-related notifications, such as order confirmations or delivery updates.

Retention of Your Data

Your personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Generally, we retain customer and transaction records for up to seven years after your last order, in line with legal and regulatory obligations. After this period, your data is securely deleted or anonymised.

Our Use of Data Processors

To facilitate our business operations, we may engage third-party service providers ('processors') who process data on our behalf. Common examples include:

  • Payment processors for secure card and online payments;
  • Delivery and logistics providers for dispatching orders;
  • IT and cloud service companies who support our website, ordering, and record-keeping systems;
  • Accountants and regulatory authorities (where required by law).

All processors are required to comply with data protection legislation and provide appropriate security measures. Where data is transferred outside the UK or European Economic Area (EEA), we ensure it is protected by appropriate safeguards as required by law.

Your Rights Under GDPR

You have the following rights in relation to your personal data under the GDPR:

  • Right of Access: Request a copy of your personal data held by us.
  • Right to Rectification: Ask for correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data when there is no lawful reason for us to continue to hold it.
  • Right to Restrict Processing: Ask us to stop processing your data in certain circumstances.
  • Right to Data Portability: Receive your data in a commonly used electronic format and have it transmitted to another controller.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where you have given consent, you can withdraw it at any time, though this will not affect prior processing.
  • Right to Lodge a Complaint: Make a complaint to a supervisory authority if you believe your rights have been infringed.

To exercise your rights, please contact us using the details provided when you placed your order or via the secure online form on our website. We may need to verify your identity before fulfilling your request for security reasons.

Security of Your Data

Flowers Islington has implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. We regularly review our data protection policies and security procedures to ensure continued compliance and effectiveness.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data handling practices. Updates will be posted on this page, and we encourage you to review this policy periodically.

Contacting Us

If you have any questions or concerns about how your data is processed by Flowers Islington, or wish to exercise your GDPR rights, please refer to the communication details received with your order or contact us using our official website’s secure form. We will respond to your requests as soon as reasonably possible and in accordance with applicable law.