Privacy Policy for Customers of Flower Delivery St Luke's

Introduction

This Privacy Policy explains how Flower Delivery St Luke's collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). It applies to all customers placing orders for flower delivery services in St Luke's and surrounding districts. We value your privacy and are committed to handling your personal information with transparency, security, and care.

What Data We Collect

When you use our flower delivery services, the following categories of personal data may be collected:

  • Contact Information: Your name, address, telephone number, and recipient’s delivery address.
  • Order Details: Products ordered, delivery instructions, personalized card messages, and order history.
  • Payment Information: Payment methods and transaction details (note: we do not store full credit/debit card details).
  • Communication Records: Correspondence with us relating to orders, feedback, or customer service requests.
  • Website Usage Data: Information about your activity on our website, such as IP address, browser type, device information, and cookies (for analytics and service improvement).

Lawful Basis for Processing Your Data

Flower Delivery St Luke's processes your personal data under the following lawful bases as set out by the GDPR:

  • Performance of Contract: Most of the information collected is necessary to fulfill our contract with you to process, deliver, and communicate about your order.
  • Legal Obligation: Certain data is required to comply with applicable tax, accounting, and consumer protection laws.
  • Legitimate Interests: Some processing (such as customer service improvement and fraud prevention) is based on our legitimate business interests where these are not overridden by your rights.
  • Consent: Where required, such as for marketing communications, we will only process your data on the basis of your explicit consent, which you can withdraw at any time.

How We Use Your Data

We use your data to:

  • Process and deliver your flower orders accurately and timely.
  • Communicate with you regarding your order status or customer support enquiries.
  • Improve our products, services, and website experience.
  • Comply with legal obligations and protect against fraudulent transactions.
  • Send you marketing and promotional material only if you have granted explicit consent.

Retention of Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Generally:

  • Order and delivery data: Retained for up to 7 years, in line with statutory tax and accounting requirements.
  • Contact and communication records: Stored for no longer than necessary for customer service and legal compliance.
  • Marketing consents: Retained until you withdraw your consent or request erasure.
  • Technical and website usage data: Kept for up to 2 years for analytical and service improvement purposes.

When data retention is no longer required, your personal information will be securely deleted or anonymized.

Processors and Data Sharing

To provide an efficient and secure service, we work with selected third-party processors who handle data on our behalf. These include:

  • Payment Service Providers: To process secure payments and refunds.
  • Delivery Partners: For fulfilling and delivering your orders to St Luke's and surrounding districts.
  • IT Service Providers: For hosting our website, data storage, and technical support.
  • Marketing Platforms (if consented): For managing consented communications and promotions.
  • Professional Advisers: Such as legal and accounting services where required by law.

All processors are contractually bound to handle your data in compliance with the GDPR and must implement robust data protection and security standards. We do not sell or rent your personal data to third parties for commercial purposes.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal information:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): You may request that we delete your personal data under certain conditions.
  • Right to Restrict Processing: You have the right to limit how we use your data in specific situations.
  • Right to Data Portability: You can ask for your data to be provided to you or another service provider in a structured, machine-readable format.
  • Right to Object: You have the right to object to data processing based on legitimate interests, or to withdraw consent for marketing communications.
  • Right to Lodge a Complaint: If you feel your data rights are not being respected, you can contact the appropriate supervisory authority.

To exercise any of your data protection rights, please contact us using the details provided on our website or within your order confirmation.

Data Security Measures

Your data’s protection is of utmost importance to us. We implement appropriate organizational and technical measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data. This includes encryption, access controls, regular security audits, and staff training on data protection best practices.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal obligations. Updates will be posted on our website, and where appropriate, changes will be communicated directly to customers.

Contact Information

If you have any questions, concerns, or wish to exercise your data protection rights, please get in touch using the contact details available on our website or in your order documentation.

This Privacy Policy is effective as of June 2024 and applies to all orders placed with Flower Delivery St Luke's in St Luke's and surrounding districts.