Flower Delivery Epping Privacy Commitment

Introduction

This Privacy Policy explains how Flower Delivery Epping ("we", "us", "our") collects, uses, and protects your personal information when you place an order with us. The policy applies to all individuals making use of our flower delivery services in Epping and surrounding districts, in line with the requirements of the General Data Protection Regulation (GDPR).

Scope of Policy

This Privacy Policy applies to all data collected from individuals who place flower delivery orders through Flower Delivery Epping, whether via our website, phone, or in-person, for delivery in Epping and nearby areas. By placing an order, you acknowledge that you have read and understood this policy.

What Personal Data We Collect

To fulfill your orders and provide a seamless delivery experience, we collect and process the following personal data:

  • Identity Data: Name, title (if provided).
  • Contact Data: Delivery address, billing address, contact phone number, and (where relevant) any additional delivery instructions.
  • Order Data: Details of the product(s) ordered, delivery date, and payment status.
  • Recipient Data: Name, address, and optional contact number of the recipient (as provided by the sender).
  • Payment Data: Payment method and transaction details. Note: Sensitive payment details (e.g. card numbers, security codes) are processed securely by compliant third-party payment processors and are not stored by us.
  • Communications: Any correspondence you have with us regarding your order, feedback or queries.
  • Technical Data: Device and session data (such as IP address, browser type, device type) where orders are placed via our website, which helps in service improvement and fraud prevention.

Lawful Basis for Processing

We process your personal data for the following lawful reasons under GDPR:

  • Contractual Necessity: Most data is collected and processed because it is necessary to perform our contract with you—specifically, to accept, process, and deliver your flower order as requested.
  • Legal Obligation: We may retain certain data as required by law, for example record-keeping for tax or regulatory purposes.
  • Legitimate Interests: We use order and technical data to improve our services, maintain security, and handle customer queries effectively. Where we rely on legitimate interests, we ensure that your rights are balanced and that the use is not overridden by your own fundamental rights and freedoms.
  • Consent: For optional matters such as direct marketing, you will only receive communications if you have explicitly opted-in, and you can withdraw consent at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically:

  • Order and customer data are retained for up to 6 years, to meet legal and accounting requirements.
  • Recipient data is retained only as long as necessary to complete the delivery and address any immediate service issues.
  • Communications with customers are stored for up to 2 years, unless required longer for dispute resolution or compliance.
  • If you have consented to marketing, your data will be held until you withdraw your consent or opt out.
    • >

Data Processors and Sharing

To provide our services effectively, we may share your data with trusted third-party processors. These include:

  • Payment Processors: Securely handle your payment information and process transactions.
  • Delivery Partners: Couriers who deliver your order may receive details necessary for the successful delivery of your floral arrangement.
  • IT Service Providers: Companies providing web hosting, communications, and technical support.
    • >

All third-party service providers are contractually obligated to use your data only for the specified purpose and in accordance with GDPR requirements. Your data is not sold or shared for unrelated commercial purposes.

How We Protect Your Data

We implement suitable technical and organisational measures to safeguard your personal information against accidental loss, unauthorised access, alteration, or disclosure. These include using secure servers, encrypting data in transit where appropriate, and restricting access to only those employees and partners who need data to perform their duties.

Your Rights Under GDPR

As a data subject under GDPR, you have several important rights:

  • Right of Access: Obtain a copy of your personal data and information on how it is processed.
  • Right to Rectification: Request correction of data that is inaccurate or incomplete.
  • Right to Erasure: Ask for deletion of your data, subject to legal obligations to retain certain information.
  • Right to Restrict Processing: Request a halt to data processing under certain circumstances.
  • Right to Data Portability: Receive your data in a structured format and transmit it to another controller if technically feasible.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, or if you have concerns about how your data is handled, please contact us using the details on our website or in your order confirmation. We will respond within one month of your request, as required by GDPR.

Policy Updates

We reserve the right to update this Privacy Policy to reflect changes to our practices or for legal reasons. The latest version will always be available on our website or upon request. We encourage customers to review this policy periodically to stay informed about our practices.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your data rights, please reach out to us using the contact details provided on our website or as shown on your order confirmation. We value your trust and are committed to upholding the highest standards of privacy and data protection.