Flower Delivery Millbank Privacy Policy

Our Commitment to Your Privacy

This Privacy Policy outlines how Flower Delivery Millbank collects, processes, and retains personal data for all customers ordering floral products and related services within Millbank and the surrounding districts. We are dedicated to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

Scope of This Policy

This Privacy Policy applies to any individual or entity that places a Flower Delivery Millbank order in Millbank and the neighboring areas. By placing an order or engaging with our products and services, you agree to the collection and use of information in accordance with this policy.

What Data We Collect

We collect and process various types of information to provide our products and services. The information we collect may include:

  • Personal Identification Data: Name, address (both billing and recipient addresses), and contact details, such as telephone number, and communication preferences.
  • Order Details: Products ordered, special requests, delivery date and time preferences, and instructions relevant to the delivery or collection of your order.
  • Payment Information: Payment card details or other payment methods, processed securely via third-party payment processors (we do not retain payment card information on our own systems).
  • Correspondence: Any messages sent to us (such as notes, queries, or complaints) via our order forms or customer service channels.
  • Technical Data: Information such as IP address, browser type and version, and usage statistics through cookies or similar technologies. This helps us operate, maintain, and improve our services and website.

Lawful Basis for Processing Your Data

In compliance with the GDPR, we rely on a combination of lawful bases for processing your personal data:

  • Contractual Necessity: We process your data to fulfill your order, deliver goods, and communicate with you regarding your purchase.
  • Legitimate Interests: We may use data for service improvement, fraud prevention, and record keeping, as long as your rights and freedoms are not overridden by these interests.
  • Legal Obligation: In some circumstances, we may need to process personal data to comply with legal or regulatory requirements (for example, tax or accounting obligations).
  • Consent: For marketing communications or use of certain cookies outside core website functionality, we seek your explicit consent.

How We Use Your Data

Your personal data is used for the following purposes:

  • To receive, process, and deliver your flower order as requested.
  • To communicate with you about the status of your order or respond to your queries.
  • To improve and personalize our services based on feedback and usage patterns.
  • To comply with any applicable legal requirements and audit obligations.
  • For fraud prevention and the maintenance of security within our services.

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, including processing orders, addressing customer queries, and fulfilling legal obligations. Typical retention periods are:

  • Order-related information is retained for up to 6 years to comply with accounting and legal record-keeping requirements.
  • Customer correspondence is retained for up to 2 years from the date of last contact.
  • Technical data collected for analytics may be retained for up to 2 years, after which it is anonymized or deleted.

Once the retention period has expired, your data is securely deleted or anonymized.

Data Processors and Third Parties

We may share your information with trusted third-party processors who act on our behalf to provide, deliver, or support our services. This may include:

  • Payment processors: To handle payment transactions securely.
  • Delivery partners: To fulfill your delivery instructions.
  • IT and infrastructure providers: For website, email, and data hosting services.
  • Professional advisors: For auditing, legal, or tax purposes.

All processors are required to comply with data protection laws and are only permitted to use your data as instructed by us. We do not sell or rent your data to any third party.

International Data Transfers

We generally store and process your data within the UK or European Economic Area (EEA). If it is necessary to transfer your personal data outside of these areas, we ensure appropriate safeguards are implemented in compliance with applicable data protection laws.

Your Rights

Under the GDPR, you have a variety of rights with respect to your personal data, which may include:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right of Rectification: You have the right to request corrections of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you can request that we delete your personal data.
  • Right to Restrict Processing: You can request that we limit the processing of your data in specific situations.
  • Right to Data Portability: You may request a copy of your data in a commonly used, machine-readable format for transfer to another provider.
  • Right to Object: You can object to certain types of processing, such as direct marketing or where we rely on legitimate interests.
  • Right to Withdraw Consent: Where we process data on the basis of your consent, you can withdraw your consent at any time.

We will respond to your requests in accordance with applicable data protection legislation. Please note that some rights are subject to conditions and exceptions under law.

Protecting Your Data

We employ appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include secure servers, data encryption, access controls, and regular staff training on data privacy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Please review this notice periodically to stay informed about how we protect your personal data.

Contacting Us

If you have questions or concerns regarding this Privacy Policy or how your personal data is handled, please contact us using the details provided on our website or during your ordering process. We are committed to resolving any concerns promptly and transparently.