Flowers Charlton Privacy Policy

Introduction

This Privacy Policy applies to all customers placing orders with Flowers Charlton from Charlton and the surrounding districts. Flowers Charlton is committed to protecting your privacy and managing your personal data in accordance with the General Data Protection Regulation (GDPR) and all applicable privacy laws within the United Kingdom.

What Personal Data We Collect

When you interact with Flowers Charlton—such as placing an order, making an enquiry, or browsing our website—we may collect and process the following personal data:

  • Contact details: Name, delivery address, billing address, and telephone number.
  • Order details: Product selections, special instructions, and occasion details (e.g., birthday, anniversary).
  • Payment information: Partial data required for transaction processing (we do not store full credit/debit card details).
  • Communication data: Messages or notes provided during order process, and any correspondence with our customer support.
  • Technical data: IP address, browser type, device information, and cookies (where applicable for enhancing website functionality and security).

Lawful Basis for Processing Personal Data

Flowers Charlton processes your personal data only when there is a lawful basis to do so under GDPR. These bases include:

  • Contractual necessity: Information required to fulfil your flower order, deliver products, or provide customer service related to your order.
  • Legal obligation: We may be required to process and retain data to comply with UK tax and accounting laws or other regulatory requirements.
  • Legitimate interests: For certain limited purposes, such as improving our services, preventing fraud, or ensuring website security, provided these do not override your fundamental rights.
  • Consent: With your explicit consent, for example, if you choose to receive marketing communications from us. You have the right to withdraw consent at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing, fulfilling, and delivering your flower orders.
  • Communicating with you regarding your order, enquiries, or customer service requests.
  • Complying with legal and regulatory requirements.
  • Improving our website, products, and services.
  • Sending direct marketing emails, with your consent.

Data Retention

Flowers Charlton retains your personal data only for as long as necessary to fulfil the purposes for which we collected it, and to satisfy legal, accounting, or regulatory obligations. Typically, we retain:

  • Order and transaction data: Retained for up to seven years for tax and accounting compliance.
  • Customer correspondence: Retained for up to three years for customer service record purposes.
  • Marketing consent records: Maintained until you withdraw your consent or unsubscribe.
  • Technical and cookie data: Retention periods vary based on the specific purpose indicated in our cookie disclosures, if applicable.

When data is no longer needed, we securely delete or anonymise it.

Processors and Third Parties

We may share your personal data only when necessary, for the purpose of providing our services, complying with legal obligations, or as otherwise required or permitted by law. This includes sharing with:

  • Payment processors: Reputable payment gateways to facilitate secure transactions (full payment data is not stored by us).
  • Delivery partners: Local couriers involved in delivering your order within Charlton and surrounding districts.
  • Professional advisers: Accountants, legal advisers, or IT consultants, under confidentiality agreements, when required for business operations.
  • Service providers: IT service companies or cloud storage providers for hosting and maintaining our website and order processing systems.

All third-party processors acting on our behalf are contractually obligated to safeguard your information and comply with data protection regulations. We do not sell your personal data to third parties.

User Rights Under GDPR

As a customer of Flowers Charlton, you have the following rights under GDPR regarding your personal data:

  • Right of access: Obtain confirmation as to whether we process your data, and request a copy of the information we hold about you.
  • Right to rectification: Request correction if your personal information is inaccurate or incomplete.
  • Right to erasure: Request deletion of your data where there is no valid reason for us to continue processing it.
  • Right to restrict processing: Request suspension of processing while we consider your request or objection.
  • Right to data portability: Request transfer of your data to you or another data controller in a structured, commonly used format.
  • Right to object: Object to processing of your data for direct marketing or based on legitimate interests, under certain circumstances.
  • Right to withdraw consent: If processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to complain: Lodge a complaint with the relevant supervisory authority if you believe your data rights have been violated.

Security of Your Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our processes include encryption of sensitive data, secure storage solutions, access controls, and staff training in data protection requirements.

Updates to Our Privacy Policy

Flowers Charlton reserves the right to update this Privacy Policy periodically to reflect changes in legal requirements, our business practices, or technology. Updated versions of this policy will be made available through our website, and significant changes will be communicated appropriately.

Contacting Us

If you have questions about this Privacy Policy, how we process your personal data, or if you wish to exercise your GDPR rights, please contact us in writing at our business address or via our contact form. We are committed to responding promptly and upholding your privacy rights in accordance with applicable laws.