Florist Harlesden Privacy Policy Overview

Introduction

At Florist Harlesden, we are committed to protecting your privacy and ensuring all personal data we handle complies with the General Data Protection Regulation (GDPR). This Privacy Policy outlines how we collect, use, store, and protect personal information relating to all customers placing orders with Florist Harlesden from Harlesden and surrounding districts. Our practices ensure your information is handled lawfully, fairly, and transparently.

What Data We Collect

When you place an order or interact with Florist Harlesden, we may collect the following types of personal data:

  • Identity Data: Name, delivery address, and, if provided, company name.
  • Contact Data: Postal address, delivery address, and occasionally recipient’s address and name for gift deliveries.
  • Transaction Data: Information about your purchases and orders.
  • Payment Data: Limited card/payment method information, processed securely by third-party processors (we never store full card numbers or CVV codes).
  • Communication Data: Records of messages, order notes, or other communications between you and Florist Harlesden.
  • Technical Data: Your IP address, browser type, device type, and related metadata when using our website for statistical and security purposes.

Lawful Basis for Processing Personal Data

We process your personal data only when permitted by law. The legal bases we rely on include:

  • Contractual Necessity: We process your data to perform our contract with you, such as fulfilling and delivering your order.
  • Legal Obligations: To comply with applicable laws (e.g., tax regulations, accounting).
  • Legitimate Interests: For business management purposes such as managing our relationship with you or improving our service, provided these interests do not override your fundamental rights.
  • Consent: Where consent is required, for example, for marketing communications (where allowed), we’ll ask for it separately and clearly. You can withdraw consent at any time.

How We Use Your Data

Your data is used for the following purposes:

  • To process orders and arrange delivery of floral products or gifts.
  • To communicate with you about your order, updates, and support inquiries.
  • To manage payments and refunds securely.
  • To comply with legal requirements and prevent fraud.
  • To improve our website, products, and customer service.
  • With your consent, to send you information about promotions or updates you may find relevant.

Data Retention Policy

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements. Generally:

  • Order and customer information is kept for up to 7 years to comply with tax and accounting rules.
  • Communication and support records are kept for up to 2 years from your last contact unless required for legal purposes.
  • Data collected for marketing purposes is retained until you withdraw your consent or unsubscribe.

After the retention period, your data is securely deleted or fully anonymised.

Processors and Data Sharing

We may share your data with selected third-party processors that support our business operations. These may include:

  • Payment service providers to process your payment transactions securely.
  • Delivery and courier services to fulfil and track floral deliveries.
  • IT and web hosting providers who maintain our website and manage data storage.
  • Professional advisers such as accountants or compliance consultants as required by law.

All our processors are required to act only on our instructions, provide adequate security safeguards, and comply with GDPR. We do not sell or rent your personal data to third parties for marketing purposes.

Your Data Protection Rights

Under GDPR, you have a series of rights regarding your personal data. These include:

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You can ask us to correct data that is incorrect or incomplete.
  • Right to Erasure: You can request deletion of your personal data, where there is no lawful reason for us to continue using it.
  • Right to Restrict Processing: You may request limitation of how we use your data in certain circumstances.
  • Right to Object: You can object to processing where we rely on a legitimate interest or direct marketing.
  • Right to Portability: You can ask us to transfer your data to another organisation or to you, in a structured, commonly used electronic format.
  • Right to Withdraw Consent: Where you have consented to processing, you may withdraw this consent at any time.

If you wish to exercise any of these rights, please contact us using the details provided on our website.

International Data Transfers

Florist Harlesden primarily processes and stores data within the United Kingdom and the European Economic Area (EEA). If it is ever necessary to transfer your personal data outside of these areas, we will ensure that appropriate safeguards are in place as required by GDPR.

Security of Your Data

We have implemented suitable physical, technical, and organisational measures to protect your personal data against accidental loss, unauthorised use, access, alteration, or disclosure. These include secure servers, access controls, regular staff training, and secure destruction of records where appropriate.

Policy Updates

We may update this Privacy Policy from time to time. Any changes will be posted on our website and, where appropriate, notified to you. Please review this notice periodically to stay informed about how we protect your personal data.

Contact and Complaints

If you have questions about this Privacy Policy or how we handle your personal data, please contact us through the contact information provided on our website. If you have concerns about our data practices, you have the right to lodge a complaint with the relevant supervisory authority in the United Kingdom.