Walthamstow Florist Privacy Policy

Scope of the Policy

This Privacy Policy explains how Walthamstow Florist collects, uses, stores, shares, and protects your personal data when you place orders with us. The policy applies to all customers making purchases from Walthamstow Florist, whether residing in Walthamstow or surrounding districts. Our commitment is to handle your information in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws.

What Personal Data We Collect

When you place an order with Walthamstow Florist, we may collect the following personal data:

  • Identity Data: Name, title.
  • Contact Data: Delivery address, billing address (if different), contact telephone number, and in some cases, limited recipient details (for flower delivery purposes).
  • Transaction Data: Details about the floral goods and services you have ordered or inquired about, including payment and delivery information.
  • Technical Data: When you visit our website, we may automatically collect technical data such as Internet Protocol (IP) address, browser type, time zone setting, and device information.
  • Correspondence Data: Records of your communication with us, including enquiries and customer service interactions.

Walthamstow Florist does not knowingly collect special category (sensitive) data such as health, ethnicity, or biometric information from customers. We also do not solicit personal data from children under the age of 16.

Lawful Basis for Processing

Under GDPR, we are required to have one or more lawful bases for processing your personal information. Walthamstow Florist commonly relies on the following bases:

  • Performance of a Contract: Processing your personal data is necessary to fulfill orders you place, manage payments, and arrange for floral delivery.
  • Legitimate Interests: We process information to communicate with you about your order or our services, manage customer support, improve our offerings, and protect our business (e.g., fraud prevention).
  • Legal Obligation: We may process data to comply with legal requirements, such as tax or accounting regulations.
  • Consent: Where required, we request your consent for specific uses, such as direct marketing (if applicable).

How We Use Your Personal Data

Your personal information may be utilized for the following purposes:

  • Processing and delivering your floral orders to the requested address.
  • Sending order confirmations, updates, and delivery notifications.
  • Managing payments and preventing payment fraud.
  • Responding to your enquiries or customer service requests.
  • Improving our products, website, and customer experience.
  • Complying with relevant legal or regulatory obligations.

How We Share Your Data

Walthamstow Florist takes the confidentiality of your information seriously. We only disclose personal data as necessary:

  • Service Providers: We use vetted third-party processors for deliveries, payment processing, IT support, and website hosting. These providers are bound by confidentiality and data protection agreements.
  • Legal Authorities: We may share your data with law enforcement or regulatory bodies where required by law or to protect our legal rights.
  • Professional Advisors: Where necessary, with auditors, accountants, or legal professionals, under obligations of confidentiality.

We do not sell your personal data to any third parties for marketing or any other purposes.

Data Processors

Where we engage external organizations to process your data on our behalf (for example, payment service providers or delivery couriers), we ensure these processors comply with GDPR requirements, maintain appropriate security measures, and process your data solely under our instructions and for the agreed purpose.

Data Retention

We only retain your personal information for as long as is necessary to fulfil the original purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. Our typical retention periods are as follows:

  • Order Records: Up to seven years for tax, financial, and legal purposes.
  • Customer Service Correspondence: Up to three years from the date of communication.
  • Recipient and Delivery Data: Retained for the duration necessary to complete the delivery and address any related queries, after which it is securely deleted or anonymized.

After expiration of the retention period, personal data will be confidentially destroyed or rendered anonymous so that it can no longer be linked to you.

Your Rights under GDPR

As a data subject in the UK or EU, you have the following rights in relation to your personal information:

  • Right of Access: You may request details about the personal data we hold about you and how it is used.
  • Right to Rectification: If the information we hold about you is inaccurate or incomplete, you have the right to have it corrected.
  • Right to Erasure: You may request deletion of your personal data when it is no longer necessary, or where processing is based on consent and you withdraw consent.
  • Right to Restrict Processing: In certain circumstances, you may request that we restrict how your information is used.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format and to transfer it to another provider (where applicable).
  • Right to Object: You can object to data processing based on our legitimate interests or for direct marketing purposes.

You also have the right to lodge a complaint with a supervisory authority if you believe your data has not been handled appropriately. We encourage you to contact us first, so we can address your concerns.

Data Security

We implement appropriate technical and organizational controls to safeguard your personal information and protect it against unauthorized access, loss, or alteration. This includes secure servers, encryption technology for online transactions, regular staff training, and restricted access to personal data.

International Transfers

In general, we store and process your data within the UK and European Economic Area (EEA). If it becomes necessary to transfer personal data outside these regions (for example, if using subcontracted services), we ensure suitable safeguards, such as Standard Contractual Clauses, are in place.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or relevant legislation. The most recent version will always be available for customers to review.

Contact and Further Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through our designated customer service channels. Walthamstow Florist is committed to responding promptly and transparently to any queries about personal data or privacy.