Florist Perivale Customer Privacy Policy

Introduction

Florist Perivale values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you place orders with Florist Perivale, whether you are located in Perivale or the surrounding districts. It also sets out your data protection rights under the General Data Protection Regulation (GDPR).

Scope of This Policy

This Privacy Policy applies to all personal data collected from customers who place orders with Florist Perivale, for delivery within Perivale and nearby areas. By placing an order, you acknowledge and accept the practices described in this Policy.

What Personal Data We Collect

We collect the following types of personal data in order to process your order and provide our services:

  • Identification Data: Name (including recipient and sender where relevant)
  • Contact Details: Address, postcode, delivery address, telephone number (where provided)
  • Order Information: Product or bouquet selection, order notes, delivery instructions
  • Transactional Data: Purchase details, order value, payment status (please note: we do not store full payment card numbers, as payments are processed via third-party payment providers)
  • Digital Information: IP address, browser type, and device data collected automatically when you interact with our website

We do not intentionally collect special category data (such as health information), nor do we knowingly process children’s personal data.

Lawful Basis for Processing

Under GDPR, we only process your personal data when there is a valid legal basis. This includes:

  • Contractual Necessity: To fulfil and deliver your order as per the sales contract between you and Florist Perivale
  • Legitimate Interests: To improve our services, prevent fraud, and ensure the security of our operations
  • Legal Obligation: To comply with legal and regulatory requirements, such as financial record-keeping
  • Consent: Where you have opted in to receive marketing communications, we rely on your express consent (which you can withdraw at any time)

How We Use Your Data

Your personal data is collected and processed for the following purposes:

  • Processing orders and payments
  • Arranging deliveries and ensuring correct fulfilment of orders
  • Providing customer service and addressing queries or complaints
  • Maintaining business records for administrative and legal purposes
  • Improving and developing our services, including through statistical analysis and feedback
  • Sending marketing communications if you have given consent

Who Processes Your Data

Florist Perivale may share limited necessary data with selected third-party processors to deliver our services. These may include:

  • Payment processors: For secure payment transaction handling
  • Delivery partners: Couriers and logistics providers for order delivery
  • IT service providers: Systems that host or support our website and internal business operations
  • Professional advisors: Accountants, auditors, and legal consultants for regulatory purposes

All third-party processors only access your data as needed to perform their specific roles and are contractually bound to handle your data securely and in compliance with GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. As a general rule:

  • Order and transaction records are kept for up to 7 years to comply with UK tax and accounting regulations
  • Email correspondence related to orders is retained for up to 2 years for customer service purposes
  • Where you have unsubscribed from marketing communications, we will maintain a record of your opt-out request to ensure you do not receive further messages

When data is no longer required, it is securely deleted or anonymised.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete data
  • Right to Erasure: In some circumstances, you can ask for your personal data to be deleted
  • Right to Restrict Processing: You may ask us to restrict how we process your data in certain situations
  • Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format and to ask for it to be transferred to another organisation
  • Right to Object: You can object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: If we rely on your consent, you can withdraw it at any time

Data Security

We take appropriate security measures to protect your personal data against loss, misuse, unauthorised access, disclosure, or alteration. This includes physical, technical, and organisational measures such as restricted access, secure servers, and employee training.

International Data Transfers

Your personal data is processed and stored within the UK and/or the European Economic Area (EEA). If it is necessary to transfer data outside of these locations, we ensure it is protected by appropriate safeguards consistent with GDPR requirements.

Changes to This Policy

This Privacy Policy may be updated from time to time to ensure ongoing compliance with legal requirements and best practices. The revised policy will be effective from the date of publication. Please review this Policy periodically for any updates.

Contact and Complaints

If you have any questions about this Privacy Policy, your rights, or how we handle your personal data, you can contact us using the details provided on our website. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data has not been handled in accordance with the law.