Uxbridge Flowers Privacy Policy

Introduction

This Privacy Policy outlines how Uxbridge Flowers ('we', 'us', 'our'), as the data controller, process the personal data of our customers. This policy applies to all individuals placing orders with Uxbridge Flowers from Uxbridge and the surrounding districts. We are committed to complying fully with the General Data Protection Regulation (EU) 2016/679 (GDPR) and any applicable UK data protection legislation.

What Data We Collect

We collect various types of personal data required to process your order and deliver our services. The data we collect includes:

  • Personal Identification Information: Full name, delivery address, billing address, and, where provided, titles.
  • Contact Information: Telephone number and, where applicable, other contact details such as postal addresses.
  • Order Information: Details of products ordered, delivery preferences, messages to recipients, and any special instructions.
  • Payment Information: Payment status and transaction history, but not card numbers or security codes (which are processed by our payment providers).
  • Correspondence: Records of enquiries, complaints, and feedback related to your orders.

We do not knowingly collect or process any special categories of sensitive personal data as defined under GDPR.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. For our activities, we rely on the following lawful bases:

  • Contractual Necessity: Your data is required to process and deliver your orders, including order confirmation, addressing, and fulfilment.
  • Legal Obligation: We may process and retain your data to comply with statutory obligations (for example, financial record-keeping and tax requirements).
  • Legitimate Interests: For purposes such as improvement of our services, fraud prevention, and to respond to queries or complaints.
  • Consent: In some circumstances, we may request your explicit consent for processing, for example, if you opt-in to receive marketing communications. Such consent can be withdrawn at any time.

Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected or as required by law. Typically, order and contact details are retained for a period of seven years to meet record-keeping and legal requirements. We regularly review our data retention periods and securely erase or anonymise data when it is no longer needed.

Data Processors and Third-Party Service Providers

We may share your data with trusted third parties who act as data processors on our behalf. These parties help us deliver our services efficiently and securely. Examples of such processors include:

  • Payment Providers: Process debit or credit card transactions for your orders.
  • Delivery Partners: Assist with the handling and delivery of your floral orders.
  • IT and Web Hosting Providers: Support our website and data storage systems.
  • Professional Advisors: Such as accountants or legal advisors, but only where required for our legitimate business operations and compliance.

All data processors are required to process your data in accordance with our instructions and the requirements of the GDPR. We do not sell your personal data to third parties and only disclose information as necessary for the purposes outlined above or as required by law.

Your Rights Under GDPR

As a data subject, you have rights under the GDPR in relation to your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You are entitled to request corrections to any inaccurate or incomplete data we hold about you.
  • Right to Erasure: In certain circumstances, you may ask us to delete your data, for example, when it is no longer needed for the purpose collected.
  • Right to Restrict Processing: You can request that we limit the way we use your data.
  • Right to Data Portability: Where applicable, you may receive your data in a commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw this at any time.

If you wish to exercise any of these rights, please contact us using the contact details available on our website. We will respond to your request in accordance with the applicable data protection legislation.

Data Security

We take data security seriously. Appropriate technical and organisational measures are implemented to protect your data against unauthorised access, loss, alteration, or disclosure. These include secure storage, restricted access, regular staff training, and encrypted communications where applicable.

International Data Transfers

Uxbridge Flowers generally stores and processes data within the UK or European Economic Area (EEA). Should your data be transferred outside the UK or EEA, we ensure appropriate safeguards are in place as required by law to ensure your data is treated securely and in accordance with this policy.

Privacy Policy Updates

This policy is kept under regular review and may be updated from time to time to reflect legal, technical, or business developments. Should material changes occur, we will notify you in advance where appropriate.

Contact and Complaints

For any questions or concerns regarding your personal data or to exercise your rights, please refer to our contact details provided on the Uxbridge Flowers website. If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.