Privacy Policy for Customers of Denmark Hill Flowers

Introduction

This Privacy Policy explains how Denmark Hill Flowers collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws. This policy applies to all individuals placing orders with Denmark Hill Flowers from Denmark Hill and the surrounding districts. We are committed to safeguarding your privacy and ensuring transparency about how your information is handled.

What Personal Data We Collect

To process your flower orders and provide our services, Denmark Hill Flowers may collect the following categories of personal data:

  • Identification Data: Your name and, if you are ordering on behalf of someone else, the recipient's name.
  • Contact Information: Email address, billing address, delivery address, and telephone number.
  • Order Details: Details about the products you order, special delivery instructions, messages or notes, and transaction dates.
  • Payment Information: Relevant information to process payments (e.g., payment card details), though payment processing may be handled by approved third-party processors and not stored by Denmark Hill Flowers.
  • Communication Records: Correspondence with you regarding order confirmation, customer support, or pre-/post-sale inquiries.
  • Technical Data: Information about your use of our website, including IP address, browser type, and device information, collected via cookies or similar technologies for site functionality and security.

Lawful Basis for Data Processing

We process your personal data only when permitted by law. The main lawful bases on which we rely are:

  • Contractual Necessity: Most data is processed to fulfill your order and provide related services (e.g., delivery, customer support).
  • Legal Obligation: In certain cases, we are required to retain specific data to comply with tax, accounting, or other regulations.
  • Legitimate Interests: We may use your data to improve our services, prevent fraud, or manage business operations, provided our interests do not override your fundamental rights.
  • Consent: Where legally required, we will seek your consent for specific uses, such as email marketing or collecting cookies beyond those necessary for the website operation.

How We Use Your Data

Your personal data may be used for the following purposes:

  • Processing and fulfilling your flower orders, including delivery updates and order confirmations.
  • Communicating with you about your order or related requests.
  • Managing payments and refunds via secure payment processors.
  • Ensuring compliance with applicable laws and regulations.
  • Improving our services or website based on user interactions and feedback.
  • Sending promotional materials or service updates only if you have consented to receive them.

Data Retention

Denmark Hill Flowers will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specifically:

  • Order and transaction data is generally stored for up to seven years, in line with tax and financial regulations.
  • Communications related to customer service are kept for up to three years after your last contact, unless longer retention is required for legal purposes.
  • Technical data collected for analytics or security purposes is typically retained for a shorter period, usually up to two years.

Once data is no longer required, it will be securely deleted or anonymized.

Data Sharing and Processors

We may share your personal data with reputable third-party service providers (data processors) strictly for the purpose of delivering our services:

  • Payment Processors: To securely handle payments and process refunds.
  • Delivery and Courier Partners: To deliver your flowers to the specified address.
  • IT and Support Services: For web hosting, technical support, and data security.
  • Professional Advisors: Such as accountants and auditors, but only as necessary for business compliance.

All third-party processors are contractually bound to keep your data secure, process it only on our instructions, and comply with GDPR requirements. Denmark Hill Flowers does not sell or rent your personal data to any third parties.

Your Rights Under GDPR

Your privacy matters to us. As a customer, you have the following rights over your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your personal data under certain circumstances (the "right to be forgotten").
  • Right to Restrict Processing: Request that we limit processing of your data, for example if you contest its accuracy.
  • Right to Data Portability: Request to have your data transferred to another service provider in a commonly used format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time, without affecting processing already carried out.
  • Right to Lodge a Complaint: Raise concerns with the relevant supervisory authority if you believe your data has been mishandled.

To exercise any of these rights, you may contact us using the details provided on our website.

How We Protect Your Data

Denmark Hill Flowers takes data security seriously. We implement appropriate technical and organizational measures to safeguard your personal information from unauthorized access, loss, misuse, or disclosure. These measures may include encryption, secure storage, regular system monitoring, staff training, and strict access controls.

Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in our business processes, legal requirements, or data protection best practices. When we make changes, the updated policy will be posted on our website, highlighting any material modifications where appropriate. We advise customers to review the policy periodically.

Contact and Queries

If you have any questions about this Privacy Policy or how we handle your personal data, please visit our website for further information or use the available contact methods to reach our team. We are committed to addressing your concerns promptly and transparently.