Surrey Florist Privacy Policy

Introduction

At Surrey Florist, we are dedicated to protecting the privacy and personal data of our customers. This Privacy Policy outlines how we collect, use, store, and process your information in accordance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Surrey Florist from Surrey and surrounding districts. Please read this document carefully to understand your rights and our obligations regarding your personal data.

What Personal Data We Collect

When you place an order or interact with Surrey Florist, we may collect the following types of personal data:

  • Identification Data: Full name, contact details (such as address and telephone number), and delivery recipient information.
  • Transaction Data: Order details (products ordered, delivery instructions, messages for recipients), payment information (processed securely by payment processors, not directly stored by us), and billing address.
  • Communication Data: Records of correspondence (such as queries, complaints, feedback) made with Surrey Florist.
  • Technical Data: IP address, browser type, and cookies collected via our website to improve user experience and maintain security.

Lawful Basis for Processing Data

We process your personal data only when there is a valid legal basis. The lawful bases on which Surrey Florist relies include:

  • Contractual Necessity: We collect and use your personal data to fulfill our contractual obligations, such as processing and delivering your order.
  • Legitimate Interests: We may process data to pursue legitimate business interests, such as improving our services, preventing fraud, and maintaining secure operations, provided this does not override your fundamental rights and freedoms.
  • Legal Compliance: In certain circumstances, we may be required to process your information to comply with legal obligations, such as taxation or record-keeping.
  • Consent: For specific purposes (for example, direct marketing), we will obtain your explicit consent before processing your data. You can withdraw your consent at any time.

How We Use Your Personal Data

We use the data we collect for the following purposes:

  • To process, confirm, and deliver your flower orders.
  • To communicate with you regarding your order, including order updates, delivery confirmations, and service-related notifications.
  • To handle customer support queries and complaints.
  • To improve our products, website, and services through aggregated data analysis and feedback.
  • To comply with legal regulations and maintain business records.
  • To send marketing communications where you have given consent.

Data Retention

Surrey Florist retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The retention periods are as follows:

  • Order and transaction information: retained for up to seven years to comply with legal and tax obligations.
  • Customer service correspondence: retained for up to three years from the date of your last contact with us.
  • Marketing consent: updated or deleted promptly if you withdraw consent or unsubscribe.
  • Technical data (such as cookies): retained according to our cookie management practices, typically up to two years.

Once your data is no longer required, it is either securely deleted or anonymised for statistical purposes.

Third-Party Data Processors

To deliver our services efficiently, Surrey Florist engages selected third-party processors. These include:

  • Payment Processing Providers: Handle secure online payments on our behalf. Your payment card details are processed securely by these providers and are not stored by us.
  • Delivery and Courier Services: Receive necessary delivery details to ensure your order reaches its destination.
  • IT Support and Website Hosting: Companies that provide secure hosting, website maintenance, and support services to ensure the operation and security of our systems.
  • Marketing Service Providers: If you have opted in to marketing, third parties may assist us in sending communications and surveys.

All processors are contractually required to adhere to GDPR standards, process your data only for the agreed-upon purposes, and implement appropriate security measures.

How We Secure Your Data

Surrey Florist implements a range of technical and organisational measures to protect your personal data from accidental loss, misuse, unauthorised access, alteration, or disclosure. Such measures include encrypted online transactions, secure web hosting, access controls, and staff training on data privacy and compliance procedures.

Your Data Protection Rights

Under the GDPR, you have the following rights over your personal data:

  • Right of Access: You may request access to the personal data we hold about you.
  • Right to Rectification: If your information is incorrect or incomplete, you may request a correction.
  • Right to Erasure: You can ask to have your data erased in certain circumstances (e.g., if it is no longer necessary for the original purpose).
  • Right to Restriction of Processing: In specific situations, you may request that we temporarily suspend processing your data.
  • Right to Data Portability: You can request that we provide the personal data you supplied to us in a structured, commonly used, and machine-readable format.
  • Right to Object: Where we process your data based on legitimate interests or for direct marketing, you may object at any time.
  • Right to Withdraw Consent: If you have given consent for a specific use, you may withdraw this consent at any time.

To exercise any of these rights, please contact us using the details provided on our contact page. We will respond to your request within one month and always act in accordance with legal obligations.

International Data Transfers

Surrey Florist primarily stores and processes your data within the United Kingdom. Should data be transferred or processed outside of the UK or European Economic Area (EEA), we ensure that adequate protections are in place in accordance with GDPR (such as standard contractual clauses or equivalent safeguards).

Updates to This Privacy Policy

We may update or amend this Privacy Policy from time to time. We encourage you to review the policy periodically for any changes. Updates will be effective immediately upon publication on our website.

Contact and Further Information

If you have any questions regarding this Privacy Policy or your data protection rights, please refer to the contact details on our website. We are committed to addressing any concerns and ensuring your data is handled with the utmost care and responsibility.