Our Data Privacy Policy for All Flowers Spitalfields Orders

Introduction

At Flowers Spitalfields, we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the EU General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Flowers Spitalfields from Spitalfields and surrounding districts.

Data We Collect

We collect personal data necessary to process your order, provide our services, and improve your experience. The types of data collected depend on how you use our services and may include:

• Contact information: such as your name, delivery address, and billing address.
• Order information: including order details, delivery instructions, and correspondent recipient information provided for the order.
• Payment information: payment method details. Note: we do not store your full card details; these are processed securely by our payment processor.
• Communication data: such as your correspondence with us, feedback, or customer service queries.
• Technical data: including your IP address, browser type, device type, and information about how you use our website (collected through cookies and analytics tools).

Lawful Basis for Processing

We process your personal information only when we have a lawful basis to do so. These bases include:

• Contractual necessity: Most often, we collect and process data in order to fulfill our agreement with you when you place an order.
• Legal obligation: We may be required to process your information to comply with applicable laws (for example, tax or accounting obligations).
• Legitimate interests: For activities that help us operate and improve our business, prevent fraud, and inform you of similar products or services, provided these interests do not override your fundamental rights.
• Consent: When required, such as for marketing communications, we will seek your explicit consent before processing your data for such purposes.

How We Use Your Data

We use your personal data for the following purposes:

• To process and fulfill your flower orders, including arranging delivery and contacting you about your order when necessary.
• To respond to your queries and provide customer support.
• To manage payments and prevent fraudulent transactions.
• To comply with legal and regulatory requirements.
• To improve our services, including analysing trends and service usage.
• If you have given your consent, to send you updates or marketing information about similar products or services.

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

• Order and transaction data is retained for up to 7 years to comply with UK and EU tax and accounting laws.
• Data provided for marketing purposes is retained until you withdraw your consent or opt out of communications.
• Technical and analytical data may be retained for up to 26 months for statistical and service improvement purposes.

After expiry of applicable retention periods or upon your request, we securely delete or anonymise your personal information.

Data Processors and Third Parties

In order to provide our services, we may sometimes share your information with trusted third parties (known as processors) who process personal data on our behalf. These include:

• Payment service providers who securely handle card transactions on our behalf.
• Certain delivery and courier services to complete delivery to your specified address.
• IT and website hosting providers that support our website and data storage infrastructure.
• Analytics and customer support services that help us improve our offerings and respond to your queries.

All processors are required to adhere to GDPR-compliant data protection standards and must not use your data for their own purposes. We do not sell or rent your personal data to unrelated third parties.

Your Rights

Under the GDPR, you have a number of important rights regarding your personal data. You may:

• Access the personal data we hold about you.
• Rectify incorrect or incomplete data about you.
• Erase your data (the "right to be forgotten") when the retention of the data is no longer necessary.
• Restrict or object to the processing of your data in certain circumstances.
• Port your data to another provider where technically feasible.
• Withdraw consent at any time, where we process your data based on consent (for example, for marketing).

To exercise any of these rights, please contact us using the contact methods provided on our website. We will respond to your requests in accordance with applicable law and within one month of receiving your request.

Data Security

We take appropriate technical and organisational measures to safeguard your personal data. These include encryption, secure data storage, access controls, and regular security reviews. While we take these precautions, please note that no internet transmission is ever completely secure.

International Transfers

Where data processing involves transfers outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as approved Standard Contractual Clauses or data protection agreements with our processors.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law or our data practices. Please check back regularly to stay informed about how we protect your data. Continued use of our services after changes means you accept the updated policy.

Contact and Complaints

If you have questions about this Privacy Policy, how we process your data, or wish to exercise your data protection rights, please contact us using the contact details provided on our website. If you are not satisfied with our response, you may have the right to lodge a complaint with your national Data Protection Authority.