Florist Shadwell Privacy Policy

Introduction

This Privacy Policy sets out how Florist Shadwell collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws. This policy applies to all customers placing orders from Shadwell and its surrounding districts. We are committed to handling your data with transparency, security, and respect for your privacy rights.

What Data We Collect

When you place an order with Florist Shadwell—either through our website, by telephone, or in person—we collect and process certain personal information. The types of data we may collect include:

  • Contact Information: Name, delivery address, billing address, and contact number
  • Order Details: Items ordered, order value, delivery instructions, recipient information, and messages provided for orders
  • Payment Data: Payment card details (processed securely), payment confirmation, and receipts
  • Communication Records: Information you provide when you communicate with us via customer service requests, feedback, or queries
  • Website Usage Data: IP address, browser type, device information, and anonymized usage statistics for site analytics and security

Lawful Basis for Processing

We process your personal data only when we have a lawful basis. Under GDPR, we rely on the following bases:

  • Performance of Contract: Processing is necessary to fulfil your order, process payments, arrange deliveries, or respond to your queries related to our services.
  • Legal Obligation: We may process your data to comply with accounting, taxation, and other legal requirements.
  • Legitimate Interests: We may process your data for security, fraud prevention, improvement of our services, or for sending essential customer service communications. We always balance our interests against your rights and freedoms.
  • Consent: Where required, such as for marketing communications, we will seek your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data is used only as necessary to provide and improve our services, including:

  • Processing your orders and arranging deliveries
  • Communicating with you regarding your order or service requests
  • Handling payments securely
  • Conducting analytics and improving website functionality
  • Preventing fraud and ensuring data security
  • Complying with legal obligations

Data Retention

We retain your personal data for only as long as necessary to fulfill the purposes for which it was collected, including:

  • Customer Orders: Data associated with orders is retained for up to 6 years after the transaction, in line with UK tax and accounting requirements.
  • Marketing Preferences: Data for marketing purposes is retained until you withdraw consent or unsubscribe.
  • Communication Records: Customer service records are kept for up to 3 years for quality assurance and dispute resolution.

Once the applicable retention period expires, your data will be securely deleted or anonymized.

Processors and Data Sharing

We treat your personal data confidentially. We never sell your information to third parties. However, to facilitate our services, we use reputable third-party processors who act on our instructions, including:

  • Payment Service Providers: To process payments securely on our behalf
  • IT and Hosting Services: For secure website operation, storage, and backup
  • Delivery Partners: For local fulfilment and delivery arrangements

All data processors are required to handle your information safely and only according to the purposes instructed by Florist Shadwell. Where required, we may share data with legal and regulatory authorities in order to comply with the law.

Your Rights Under GDPR

You have a number of important rights under data protection law. Subject to the conditions provided by law, these include:

  • Right to Access: You may request a copy of your personal data held by Florist Shadwell.
  • Right to Rectification: You may ask us to correct or update inaccurate data.
  • Right to Erasure: In certain circumstances, you may request that your data is deleted, such as when it is no longer necessary for the purpose it was collected.
  • Right to Restrict Processing: You may ask us to restrict the processing of your data under certain conditions.
  • Right to Data Portability: Where we process your data based on consent or contract and by automated means, you can request your data in a machine-readable format to transfer to another provider.
  • Right to Object: You have the right to object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw this at any time.
  • Right to Lodge a Complaint: If you are dissatisfied with how we handle your data, you may lodge a complaint with the UK Information Commissioner’s Office (ICO).

How We Protect Your Data

We maintain appropriate technical and organizational measures to safeguard your personal data against unauthorized access, accidental loss, destruction, or disclosure. This includes the use of secure servers, encrypted connections, periodic audits, and staff training on data privacy. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authority without undue delay.

Policy Updates

This Privacy Policy may be reviewed and updated from time to time to reflect changes to our practices or legal requirements. The latest version will always be available on our website. We encourage you to review this policy regularly.

Contacting Us

If you have any questions, concerns, or would like to exercise your rights regarding your data, please contact us using the contact form or postal address found on our website. We will respond to your request as soon as possible and in line with GDPR requirements.