Flowers Penge: Privacy Policy for Customers

Introduction

This Privacy Policy explains how Flowers Penge collects, uses, and protects your personal information when you place an order with us from Penge or the surrounding districts. We are committed to complying with the UK General Data Protection Regulation (GDPR) and ensuring the confidentiality and security of your data. This policy applies to all customers of Flowers Penge orders and describes your rights and our responsibilities concerning your data.

What Data We Collect

To process your order and provide you with our services, we may collect various types of personal data, including:

  • Identity Data: Your full name and, where required, a preferred recipient's name.
  • Contact Information: Address, postcode, and delivery instructions for the recipient; your billing address, and contact details.
  • Order Details: The products ordered, message card content, and delivery date.
  • Payment Information: Payment card details (processed securely via third-party payment processors), payment confirmation, and relevant transaction information.
  • Communication Records: Any emails or communications between you and our team regarding orders, queries, or complaints.
  • Technical Data: Information about your use of our website, including IP address, device, and browser data; this data may be collected through necessary cookies for site functionality.

Lawful Basis for Processing

Under the GDPR, we must have a valid lawful basis for processing your personal data. Flowers Penge processes your data on the following bases:

  • Contractual Necessity: We collect and process your data so we can fulfill your orders, take payment, arrange delivery, and provide customer service. Without this information, we would be unable to provide our services to you.
  • Legal Obligation: In some cases, we are required by law to retain or share certain personal data, for example for tax or accounting records.
  • Legitimate Interests: We may process your data to improve our service, handle inquiries, communicate relevant information about your order, and prevent fraud. We always balance these interests with your own data protection rights.
  • Consent: Where required, such as for marketing communications or optional cookies, we seek your explicit consent. You are free to withdraw this consent at any time.

How We Use Your Data

Your data is used exclusively for the following purposes:

  • To process and deliver your orders, including handling payment and arranging delivery.
  • To communicate with you regarding your orders or queries.
  • To process refunds, returns, or resolve issues with orders.
  • To fulfill legal and regulatory obligations.
  • To improve our customer service and the functionality of our website (using anonymised, aggregated data wherever possible).

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Generally, we will keep customer order and transaction records for up to 7 years in compliance with tax and accounting laws. After this period, your data is securely deleted or anonymised. Communications and queries not related to orders may be deleted sooner, unless required for ongoing customer support or dispute resolution.

Processors and Third Parties

To provide our services, we use external processors for certain functions:

  • Payment Processing: Secure third-party payment gateways are used to handle your card transactions. We do not store your full card details ourselves.
  • Delivery Services: Your recipient’s delivery address and relevant order details may be provided to logistics or delivery partners to fulfill your order.
  • IT & Hosting Providers: To host, manage, and secure our website and systems.
  • Professional Advisors: Where necessary for legal or regulatory advice, and as required by law (e.g., HMRC, legal agencies).

We ensure that all processors are contractually obliged to adhere to appropriate data protection and security measures, and we do not permit them to use your data for their own purposes.

Your Data Rights Under GDPR

As a customer placing an order with Flowers Penge, you have the following rights regarding your personal data:

  • The right to access – You can request a copy of the personal data we hold about you.
  • The right to rectification – You may request correction of any inaccurate or incomplete information.
  • The right to erasure – In certain circumstances, you can ask us to delete your personal data.
  • The right to restrict processing – You can ask us to pause data processing while we review any concerns you raise.
  • The right to data portability – You have the right to obtain and reuse your data in a portable format.
  • The right to object – You may object to certain types of processing, such as marketing.
  • The right to withdraw consent – Where processing is based on your consent, you may withdraw it at any time.
  • The right to lodge a complaint – You can raise a complaint with the UK's Information Commissioner’s Office (ICO) if you believe your data rights are not being properly respected.

Data Security

We employ appropriate administrative, technical, and physical safeguards to secure your personal data against accidental loss, unauthorized access, alteration, or disclosure. Access is limited to employees and partners who need it for processing your orders and is only on a strictly necessary basis.

Children’s Data

Flowers Penge does not knowingly collect or process personal data from children under 16 years old. If you are a parent or guardian and believe your child has provided us with personal information, please contact us for assistance.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in legislation, internal practices, or our services. The most current version will always apply to your data. Where significant changes are made, we will, where appropriate, notify affected individuals directly or make relevant information conspicuously available on our website.

Contact and Further Information

If you would like more information about this Privacy Policy, your data, or how to exercise your rights, please get in touch with us referencing "Privacy Policy Query." Our team is committed to assisting with any questions or concerns regarding your personal data under the GDPR.