Privacy Policy for Customers of Earls Court Flowers

Introduction

This Privacy Policy explains how Earls Court Flowers collects, processes, and protects your personal information when you place orders from Earls Court or the surrounding districts. We are committed to safeguarding your privacy and ensuring your rights under the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

Scope of this Policy

This policy applies to all customers who place orders with Earls Court Flowers, whether you order online, by telephone, or in-person within Earls Court and neighbouring districts. By placing an order, you acknowledge and agree to the practices outlined in this policy.

What Personal Data We Collect

When you interact with Earls Court Flowers to place an order, we may collect the following categories of data:

  • Contact Details: Name, billing and delivery addresses, and telephone number.
  • Order Information: Details of your order, including products purchased, messages for flower cards, delivery instructions, and corresponding dates.
  • Payment Information: Payment method used and transaction records. Please note: we do not store or have access to your full payment card information; payment processing is undertaken via secure third-party payment processors.
  • Communication Records: Any communication you have with us, including order queries, feedback, or complaints.
  • Technical Data: When visiting our website, we may collect certain technical data such as your IP address, browser type, and cookie data to ensure website functionality and improve your experience.

Lawful Basis for Processing Your Personal Data

We process your personal data according to lawful grounds established by GDPR, including:

  • Contract Performance: Processing necessary to fulfil your flower order and provide associated customer services.
  • Legal Obligation: Retaining transaction records for accounting, taxation, and regulatory requirements.
  • Legitimate Interests: Where processing enables us to manage our operations effectively, ensure service quality, and improve our offerings, provided such interests do not override your fundamental rights and freedoms.
  • Consent: If we seek to send you marketing communications unrelated to your order, we will do so only with your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data is used only for the purposes relevant to processing your flower order and providing a high standard of service, including:

  • Accepting, confirming, and delivering your orders
  • Communicating order status, confirmations, and relevant updates
  • Handling payments and refunds
  • Responding to your queries and resolving any complaints
  • Meeting our legal and regulatory obligations
  • If consented, sending you relevant promotional communications

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes it was collected for, including for order fulfilment, after-sales support, accounting, and compliance with our legal obligations. Typically, order and transaction data is held for a minimum of six years in accordance with UK legal requirements. Communication records may be retained for up to two years following the resolution of your query or complaint. We regularly review our data retention periods to ensure they remain appropriate.

Sharing Your Data with Third Parties

In order to deliver our services to you, we may share your personal data with trusted third-party service providers, known as data processors, who act on our behalf. These include:

  • Delivery Partners: Couriers that handle the delivery of your flowers to the specified address.
  • Payment Processors: Securely processed transactions via recognised payment platforms; your card details are not stored or accessed by us.
  • IT Service Providers: Companies that maintain our website, point-of-sale, and order management systems.
  • Accountants and Legal Advisors: Professionals assisting us in meeting financial and statutory obligations.

All third-party processors are required to adhere to strict confidentiality and data security standards and are prohibited from using your personal information for purposes outside those stated in this policy. We do not sell or rent your personal data to any third parties for marketing or any other purposes.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Measures include secure storage, encryption, regular staff training, and restricting access to personal data to only those employees and processors with legitimate need.

Your Rights Under GDPR

You have the following rights concerning your personal data:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Ask us to correct any incomplete or inaccurate information.
  • Right to Erasure: Request deletion of your data in certain circumstances, provided there is no overriding legal requirement for us to retain it.
  • Right to Restrict Processing: Restrict the processing of your data in specific situations.
  • Right to Data Portability: Obtain a copy of your data in a structured, machine-readable format for yourself or another provider.
  • Right to Object: Object to processing of your data for specific purposes, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

If you wish to exercise any of these rights or have concerns about how your data is handled, please contact us using the details published on our website or available at the point of purchase.

Children's Privacy

We do not knowingly collect or process personal data relating to children under the age of 16. If you become aware that a child has provided us with their personal data without parental consent, please contact us and we will take appropriate steps to remove that information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal or operational changes. The latest version will always be displayed at our place of business and on our website. We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact and Complaints

If you have any questions regarding this Privacy Policy or your data protection rights, please refer to our published business contact details. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.