Flowers Leyton GDPR-Compliant Privacy Policy

Introduction

This Privacy Policy outlines what personal data is collected by Flowers Leyton when customers place orders within Leyton and the surrounding districts, how and why we process your data, our data retention practices, your data protection rights under the UK General Data Protection Regulation (GDPR), and details on our data processors. Protecting your privacy and handling your information transparently is extremely important to us.

Scope of this Policy

This policy applies to all individuals and customers who place orders with Flowers Leyton for deliveries in Leyton and the surrounding areas. By interacting with our services, you acknowledge the processing of your personal data as described below.

Information We Collect

We collect and process different types of information depending on how you interact with us and the services you use. The types of data we may collect include:

  • Personal Identification Information: Name, delivery address, billing address, postcode, and contact details (such as telephone number).
  • Order Information: Details of flowers and products ordered, specific instructions provided, and delivery preferences.
  • Payment Information: Partial payment details (card type, last four digits), processed securely through third-party payment providers. We do not store complete payment information.
  • Communication Data: Records of your communications with us, including any correspondence, inquiries, feedback, or complaints.
  • Technical Data: IP address, device type, browser type, and cookies used for website functionality and security (see cookies section below).

Lawful Basis for Processing

We process your personal data under the following lawful grounds as established by the GDPR:

  • Contractual Obligations: To process, deliver, and fulfil your orders, including confirmation and customer support.
  • Legal Obligations: To comply with applicable legal and regulatory requirements, such as record-keeping and tax obligations.
  • Legitimate Interests: To improve our products and services, prevent fraud, ensure network and information security, and keep customers informed about any changes regarding their orders.
  • Consent: Where applicable, your consent may be obtained for direct marketing communications or use of certain cookies. You may withdraw your consent at any time.

How We Use Your Data

Your data is used strictly for the following purposes:

  • Processing and delivering your flower orders to your chosen address.
  • Managing payments and fulfilling contractual commitments.
  • Communicating with you about your orders, deliveries, and any related services.
  • Responding to customer enquiries, feedback, and complaints.
  • Maintaining business records for accounting and legal compliance.
  • Enhancing service quality and user experience, including the use of anonymised data for analytical purposes.

Retention of Personal Data

Your personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention periods are as follows:

  • Order and delivery records: Retained for up to 6 years in line with statutory accounting and tax requirements.
  • Communication data: Kept for 2 years to assist with order queries or customer service issues.
  • Marketing preferences: Maintained only for as long as you remain opted in.
  • Technical data: Retained according to the type of cookie set (please refer to our cookie policy for specific durations).

Once personal data is no longer required, or once requested by you, we securely delete or anonymise the information.

Data Processors and Sharing

We use trusted third-party processors to support our business operations, which may involve processing your data on our behalf. This may include:

  • Payment providers: For secure processing of your payments. Only necessary information is shared, and complete card details are never accessible by Flowers Leyton.
  • Delivery partners: For order fulfilment and delivery tracking.
  • IT service providers: For hosting, maintaining, and securing our website and digital systems.

All third-party processors are selected with care to ensure they uphold adequate data protection standards in line with GDPR requirements. Your data will not be sold or disclosed to any unrelated third party without your consent, except as required by law.

International Data Transfers

Your personal data is primarily processed within the United Kingdom and the European Economic Area (EEA). Where data may be transferred outside these jurisdictions, we ensure appropriate safeguards are implemented to protect your information as required under the GDPR.

Your Data Protection Rights

Under UK GDPR, you have various rights regarding the personal data we hold about you. These include:

  • Right to access: You may request information about the data we hold and receive a copy of your personal data.
  • Right to rectification: You can request correction of inaccurate data or completion of incomplete information.
  • Right to erasure: In certain circumstances, you can request the deletion of your personal data.
  • Right to restrict processing: You may request us to suspend processing your data in limited circumstances.
  • Right to object: You may object to processing where we rely on legitimate interests or direct marketing.
  • Right to data portability: You may receive your personal data in a structured, commonly used, machine-readable format and ask us to transfer it to another provider where possible.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw this at any time.

To exercise your rights, please contact us via the methods provided upon your order or through the written communication channels available on our website or receipts.

Cookies and Website Analytics

Our website uses necessary cookies to enable core functionality and to improve your browsing experience. Non-essential cookies or analytics cookies are used only with your consent. Further details relating to cookies and your choices can be found in our cookie policy.

Data Security Measures

We employ robust security procedures and technical measures to safeguard your personal data, protect against unauthorised access, loss, or misuse, and to ensure data integrity throughout all stages of processing.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to regulatory changes or improvements to our services. Any revised policy will be published on our website with a new effective date.

Contact and Complaints

If you have any questions about this policy, your privacy rights, or if you wish to make a complaint, please contact us using the communication channels provided upon your order or available on official receipts. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).