Privacy Policy for Flowers Kenton Customers

Introduction

At Flowers Kenton, we are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you place an order with us—whether online, over the phone, or in person. Our policy complies with the UK General Data Protection Regulation (GDPR) and applies to all customers who place orders with Flowers Kenton from Kenton and the surrounding districts.

What Personal Data We Collect

When you place an order with Flowers Kenton, we may collect and process the following types of personal data:

  • Identity Data: Your full name and, if applicable, the recipient's name.
  • Contact Data: Address for delivery, billing address (if different), and postal code. We also record your contact preferences and communication history.
  • Order Details: Information about the requested products, special instructions, and any notes provided in relation to your order.
  • Payment Data: Payment method and transaction details. Note that Flowers Kenton does not store any full card details; payments are processed via our third-party payment processors.
  • Correspondence Data: Any communications or queries you make with us regarding your order or our services.
  • Technical Data: Limited information such as IP addresses, browser type, and device for website optimisation and security monitoring if you order online.

Lawful Basis for Processing Your Data

Flowers Kenton processes your personal data only when we have a lawful basis as specified under Article 6 of the GDPR. The lawful bases for our processing are:

  • Performance of a contract: We process your data to fulfil your flower order and necessary related communications.
  • Compliance with legal obligations: We retain some data as required for accounting, tax, and legal compliance purposes.
  • Legitimate interests: For improving our services, managing our relationship with customers, and maintaining security, provided these interests do not override your rights.
  • Consent: Occasionally, we may ask for your consent to send you marketing communications. If you consent, you can withdraw at any time.

How We Use Your Personal Data

Your personal data is only used for the purposes for which it was collected. Specifically, your information may be used to:

  • Process and deliver your flower order accurately and efficiently
  • Respond to enquiries or complaints
  • Maintain accurate internal records for auditing and legal compliance
  • Prevent fraud and secure our systems
  • Send updates about your order status or delivery
  • If you have consented, inform you about future offers or updates related to Flowers Kenton

Who Processes Your Data

Flowers Kenton staff involved in handling your order have access to necessary personal data. In addition, we use certain third parties, known as data processors, who provide services on our behalf. These may include:

  • Payment processing companies
  • IT and website hosting providers
  • Delivery partners (if relevant)
  • Accountants and legal advisors (for compliance purposes)

We ensure that all our third-party processors comply with GDPR standards and process your data securely and only as instructed by us. No data is sold or shared for marketing purposes outside our organisation.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes it was collected for, including the satisfaction of any legal, accounting, or reporting requirements. Typically, we retain order information for up to 7 years to comply with legal obligations. Data used for marketing (with your consent) is held until you unsubscribe or withdraw consent. At the end of the retention period, your data is securely deleted or anonymised.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. Measures include data pseudonymisation, access controls for staff, secure storage, and regular system security testing. Only authorised personnel or processors have access to your data as necessary.

Your Rights Under GDPR

If you are a customer of Flowers Kenton ordering from Kenton and surrounding districts, you have certain rights under GDPR:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can have incorrect or incomplete data corrected.
  • Right to erasure: In certain cases, you can request your data be deleted (unless we have lawful grounds to retain it).
  • Right to restriction of processing: You can ask us to temporarily or permanently stop using your data under certain circumstances.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to data portability: Where applicable, you may request your data be sent to another provider in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details provided on our website or in your order confirmation.

International Data Transfers

Your data is stored and processed within the United Kingdom. If, in exceptional circumstances, data is transferred outside the UK, we ensure that adequate protection is in place and that transfers comply with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Please regularly check this policy for updates. Major changes will be notified to you when appropriate.

Contact Information and Complaints

If you have any concerns or wish to exercise your data protection rights, contact us using the methods provided on our website or in your order confirmation. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

This Privacy Policy was last updated on 1 June 2024.