Flowers Norbury Privacy Policy for Order Customers

Introduction

Flowers Norbury is committed to safeguarding your privacy and ensuring that your personal data is protected in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy applies to all customers placing orders with Flowers Norbury from Norbury and the surrounding districts. In this document, we describe what information we collect, the purposes and basis for collecting it, how it is used, your rights as a data subject, and our data retention and processing practices.

What Personal Data We Collect

When you place an order or interact with Flowers Norbury, we may collect and process the following categories of personal data:

  • Identity data: name, surname
  • Contact data: delivery address, billing address, telephone number, and (if provided) email address
  • Order information: details of products ordered, delivery instructions, order preferences, payment records (excluding full payment card details)
  • Transaction data: partial payment card details (e.g. last 4 digits), order reference numbers, transaction history related to your interactions with us
  • Correspondence data: any feedback, inquiries, or complaints submitted to us

We do not collect or process sensitive personal data (such as health or special category data) as part of our standard ordering process.

Lawful Basis for Data Processing

Your personal data is processed based on one or more of the following lawful grounds in accordance with Article 6 of the GDPR:

  • Performance of a contract: We process your data because it is necessary for us to fulfill our contract with you and deliver your orders.
  • Legal obligation: We may process data to comply with legal and regulatory requirements (e.g., record-keeping for accounting or tax purposes).
  • Legitimate interests: We have a legitimate business interest in processing contact and transaction data to improve our services, maintain accurate records, and respond to inquiries or disputes, provided such interests are not overridden by your rights and interests.
  • Consent: Where we request your consent (for example, if you ask to receive direct marketing), you may withdraw this consent at any time.

How We Use Your Data

Flowers Norbury will only use your personal data for the purposes for which it was collected, unless reasonably considered compatible with another purpose. Typical uses include:

  • Processing and fulfilling your flower orders
  • Communicating order status, delivery details, or resolving any issues or requests
  • Managing payments and invoices
  • Handing any feedback, complaints, or customer service issues
  • Improving our products and service quality based on aggregated data
  • Meeting legal, accounting, and regulatory requirements

Data Retention

We will retain your personal data only for as long as is necessary to fulfill the purposes outlined above, including the satisfaction of any legal, accounting, or reporting requirements. The standard retention periods are as follows:

  • Order and transaction data: retained for up to seven years to comply with legal obligations
  • Customer profiles and contact records: kept for up to three years from the date of last interaction, unless there is an ongoing customer relationship or dispute
  • Correspondence and feedback: retained for one year or as required to address and resolve issues

At the end of relevant retention periods, your data will be deleted or anonymised so it can no longer be associated with you.

Processors and Data Security

To provide our services, Flowers Norbury may employ trusted third-party processors for functions such as payment processing, booking or delivery logistics, accounting software, or IT hosting. We ensure that all processors are contractually bound to comply with GDPR requirements, process your data only as instructed, and implement appropriate security measures.

Your data is stored securely with access restricted to authorised personnel only. Administrative, physical, and technical safeguards are utilised to protect against unauthorised access, disclosure, alteration, or destruction of personal data.

Your Rights as a Data Subject

Under the GDPR, you have a range of rights in relation to your personal data held by Flowers Norbury:

  • Right to access: You are entitled to request access to the personal data that we hold about you.
  • Right to rectification: You may ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You can request deletion of your personal data under certain circumstances.
  • Right to restrict processing: You can ask us to restrict our use of your data in specific situations.
  • Right to data portability: You are entitled to request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to our use of your data based on legitimate interests, particularly for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw this at any time.

To exercise any of these rights, please contact us through the channels provided in your order confirmation or by writing to our office address. We will respond within one month of receipt of your request and may ask for proof of identity to fulfil certain requests.

International Data Transfers

As a local business, Flowers Norbury generally processes and stores customer data within the UK and European Economic Area (EEA). Should data ever be transferred outside the EEA, we will ensure it is protected by appropriate safeguards, such as adequacy decisions or standard contractual clauses approved by the European Commission or UK Information Commissioner.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We recommend reviewing this page periodically to stay informed about how we protect your data.

Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact us using the details provided on your receipt or via our official correspondence address. For unresolved concerns, you also have the right to lodge a complaint with the UK Information Commissioner’s Office.