Flowers Esher Privacy Policy

Introduction

This Privacy Policy explains how Flowers Esher (“we”, “us”, “our”) processes and protects the personal data of customers placing flower orders in Esher and the surrounding districts. Your privacy is important to us, and we are committed to complying with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand how we handle your information.

Scope of Policy

This policy applies to all individuals who order products or services from Flowers Esher in Esher and its nearby districts. By placing an order or interacting with us, you acknowledge that you have read, understood, and agree to the terms outlined in this policy.

What Data We Collect

When you interact with Flowers Esher or place an order, we collect various types of personal information, including:

  • Identification Data: Name, title, and (if relevant) company name
  • Contact Details: Delivery address, billing address, and contact telephone number
  • Communication Data: Information you provide in messages, special instructions, and communications with us
  • Order Details: Product choices, delivery dates, and payment status
  • Payment Information: Card or bank details (note: we do not retain full payment information; it is securely processed through our payment processor)
  • Technical Data: IP address, browser type, time zone setting, and device type (where relevant to website interaction)

Lawful Basis for Processing

Flowers Esher processes your personal data based on the following legal grounds as outlined in the GDPR:

  • Performance of a Contract: The majority of our data collection is necessary to fulfil your order and deliver products or services (Article 6(1)(b)).
  • Legal Obligations: We may process and retain your data to comply with legal and regulatory requirements (Article 6(1)(c)).
  • Legitimate Interests: We may use your data to improve our services, address customer complaints, or pursue our business interests, provided these are not overridden by your rights and freedoms (Article 6(1)(f)).
  • Consent: Where required (such as for marketing communications), we will collect and process your data based on your explicit consent (Article 6(1)(a)).

How We Use Your Data

We may process your personal information for the following purposes:

  • To process and fulfil your flower orders, including arranging deliveries
  • To communicate with you about your order and respond to enquiries
  • To handle payments and refunds securely
  • To comply with legal and tax obligations
  • To improve our products and customer service
  • With your consent, to send you special offers or updates

Data Sharing and Processors

We only share your personal data with third parties where necessary for the purposes outlined in this policy. These may include:

  • Payment Processors: Secure third parties who manage card and payment processing on our behalf. We do not store complete payment card details.
  • Delivery Partners: Trusted courier or delivery services who deliver your flowers.
  • Service Providers: IT support, website hosting, and data storage providers who help us run our business securely and efficiently.
  • Regulatory or Law Enforcement: If required by law, we may disclose relevant data to governmental bodies or authorities.

All processors and third-party service providers are required to maintain appropriate levels of data protection, security, and confidentiality, and are not permitted to use your information for their own purposes.

International Transfers

Your personal data is stored and processed within the United Kingdom or within the European Economic Area (EEA) whenever possible. Should it be necessary to transfer data outside the EEA, we ensure such transfers meet the protection standards required by data protection laws.

How Long We Keep Your Data (Retention)

We retain your personal information only as long as is necessary for the purposes it was collected for, including to satisfy any legal, accounting, or reporting requirements. Typically, we retain order data for up to seven years to comply with tax and business record-keeping obligations. Marketing consents are reviewed periodically and you may withdraw consent at any time. When personal data is no longer required, we take steps to securely delete or anonymise it.

Your Rights

Under the GDPR, you have various rights regarding your personal data, including:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete information.
  • Right to Erasure: In some cases, you may ask for your information to be deleted where we have no legal basis to continue processing it.
  • Right to Restriction of Processing: You can request a pause on data processing under certain circumstances.
  • Right to Data Portability: You may request transfer of your data to a different service provider.
  • Right to Object: You have the right to object to our processing of your personal data when relying on our legitimate interests.
  • Right to Withdraw Consent: Where we rely on your consent (for example, for marketing), you can withdraw it at any time.

We are committed to facilitating your rights. Subject to conditions and exceptions, we will respond to your requests in accordance with applicable data protection laws.

Security

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, alteration, disclosure, or destruction.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in how we handle your information or to comply with legal or regulatory requirements. Updates will be posted to our website with the date of revision. We encourage you to review this policy periodically.

Contact and Queries

If you have any questions, concerns, or wish to exercise your data protection rights in relation to this Privacy Policy, please use the contact details provided on our website or write to us using the postal address listed on our "Contact Us" page.