Florist Whitechapel Privacy Policy

Introduction

At Florist Whitechapel, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your information when you place orders with us. Our policy follows the requirements set out by the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders from Whitechapel and surrounding districts.

What Data We Collect

When you interact with Florist Whitechapel, we may collect and process the following categories of personal data:

  • Identity Data: Name, surname, title.
  • Contact Data: Delivery address, billing address, telephone number, and (when provided) email address.
  • Order Details: Products ordered, delivery instructions, messages for recipients.
  • Payment Data: Payment method, transaction details (note: full card details are handled by our payment processor and not stored by Florist Whitechapel).
  • Technical Data: IP address, browser type, and related information when you use our website.
  • Correspondence: Details about any inquiries or complaints you submit to us.

Lawful Basis for Processing Your Data

Florist Whitechapel processes your personal data under one or more of the following legal bases:

  • Contractual Necessity: We require your data to process and fulfil your orders, manage payments, and provide customer support.
  • Legal Obligation: We may need to retain and process your data for financial and tax reporting obligations, as required by law.
  • Legitimate Interests: For administrative purposes, to improve our services, and to prevent fraud.
  • Consent: Where you have given us explicit permission (for example, subscribing to our marketing communications). You may withdraw consent at any time.

How We Use Your Information

Your personal data is used strictly for purposes directly related to our service, which include:

  • Processing and delivering your floral orders
  • Communicating with you regarding your purchase or inquiry
  • Managing payments and refunds
  • Complying with our legal and regulatory obligations
  • Enhancing and personalising our customer service
  • Responding to your inquiries or feedback
  • Sending important service updates or, with your consent, occasional marketing

How Long We Keep Your Data

We retain your personal data only as long as necessary for the purposes it was collected, to meet our legal obligations, and to resolve disputes. Typically, we keep order-related records for up to seven years in compliance with accounting and tax law. For marketing purposes, we will retain your contact data only for as long as you consent to receive our communications.

Who Processes Your Data (Processors)

To operate our services, we may share your data with trusted third-party processors, including:

  • Payment Processors: Securely manage financial transactions on our behalf.
  • IT Service Providers: Assist in hosting, maintaining, and improving our website and IT infrastructure.
  • Delivery Partners: Facilitate the delivery of your flowers and gifts.
  • Professional Advisors: Legal, tax, or accounting services where necessary.

All third-party processors are contractually required to handle your data securely, use it only as necessary to provide their services, and comply with GDPR obligations.

Your Rights Under GDPR

GDPR grants you several rights in relation to your personal data. You may exercise these rights at any time:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to correct inaccurate or incomplete data.
  • Right to Erasure: You may ask us to erase your data where there is no lawful reason to continue processing it.
  • Right to Restriction: You may request that we restrict the processing of your data in certain circumstances.
  • Right to Data Portability: You can request that we transfer your data to another organisation, where technically feasible.
  • Right to Object: You have the right to object to certain types of processing, especially where data is used for direct marketing.
  • Right to Withdraw Consent: Where we rely on consent to process your data, you may withdraw this at any time.
  • Right to Lodge a Complaint: If you feel your data has not been handled in compliance with GDPR, you have the right to lodge a complaint with the Data Protection Authority.

Security of Your Data

We implement physical, electronic, and managerial procedures to safeguard your personal data. This includes secure servers, data encryption, and restricted access to personal information. Despite taking appropriate precautions, no system is completely secure. We therefore cannot guarantee absolute security of your data but do everything reasonably possible to protect it.

International Data Transfers

Your information is primarily stored and processed within the UK and the European Economic Area (EEA). If any data is transferred outside of these areas, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, so you are encouraged to review it regularly. Continued use of our services after changes indicates your acceptance of the updated policy.

Contacting Us About Your Privacy

If you have any questions regarding this Privacy Policy or how your data is handled, please contact us using the details provided on our website. Our team is committed to addressing your concerns promptly and transparently.