Privacy Policy – Gants Hill Florist Orders

Introduction

This Privacy Policy outlines how Gants Hill Florist (‘we’, ‘our’, ‘us’) collects, uses, stores and protects your personal information when you place an order with us in Gants Hill or surrounding districts. Ensuring the privacy and security of our customers’ data is a top priority. We are committed to compliance with the UK General Data Protection Regulation (GDPR) and related data protection legislation.

Scope of This Policy

This policy applies to all customers placing orders with Gants Hill Florist for delivery or collection in Gants Hill and surrounding districts. By ordering from us, you acknowledge and agree to the collection and use of your personal data as described herein.

What Personal Data We Collect

When you place an order or contact us for an enquiry, we may collect the following types of data:

  • Identity Data: Your name, and in some cases, the names of recipients (in case of gift orders).
  • Contact Data: Delivery address, billing address, telephone number, and where applicable, your email address.
  • Order Information: Details of products or services ordered, payment details (excluding full card details, which are processed securely), delivery instructions, and order history.
  • Correspondence: Any communications between you and us, such as order confirmations or special requests.
  • Technical Data: IP address, time and date of order, and browser type, where necessary and collected.

Lawful Bases for Processing

We process your personal data only where a lawful basis applies. These may include:

  • Performance of a Contract: To fulfil your order, process payments, deliver flowers, and provide customer service.
  • Legal Obligation: To comply with applicable laws and accounting requirements.
  • Legitimate Interests: To improve our services, prevent fraud, and manage our business operations. We always balance our interests with your rights and freedoms.
  • Consent: In certain circumstances, for example, if you sign up for marketing communications, we’ll ask for your explicit consent.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and delivering your orders, including keeping you updated about delivery status.
  • Managing payment transactions and refunds.
  • Handling your customer service requests or complaints.
  • Maintaining our records in accordance with legal and regulatory requirements.
  • Improving our services, such as analysing order patterns or feedback (done in an anonymised manner where possible).

Retention of Personal Data

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, we retain order-related information for up to seven years after your last transaction, in compliance with UK tax and accounting laws. Data used for marketing will be retained only as long as you consent to receive communications from us, and you can withdraw this consent at any time.

Our Data Processors and Third Parties

We may share your data with trusted third parties (“processors”) where necessary for the fulfilment of your order or legal compliance. This includes:

  • Payment Service Providers: To process payments securely.
  • Delivery Partners: For delivering your flowers or gifts as instructed in your order.
  • IT and Hosting Providers: For secure storage of your data and provision of our website or ordering platforms.
  • Legal and Professional Services: For auditing, legal, or accounting needs where required.

All processors are required to act only in accordance with our instructions and in full compliance with data protection legislation. We do not sell or rent your personal information to any third parties.

Security of Your Data

We apply appropriate technical and organisational security measures to protect your data from unauthorised access, use, alteration, or disclosure. These measures include secure servers, encryption for financial data, regular review of procedures, and minimisation of data collection.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can have incomplete or inaccurate data corrected.
  • Right to Erasure: You have the right to ask us to erase your personal data in certain circumstances ('right to be forgotten').
  • Right to Restrict Processing: You can ask us to restrict how we use your data.
  • Right to Data Portability: You can request your information in a commonly used format and transfer it to another provider.
  • Right to Object: You have the right to object to certain types of processing, including for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided at the end of this policy or through any of our official communication channels. We will respond to all valid requests within one month.

Children's Data

Our services are not intended for children under the age of 16. We do not knowingly collect or process data from anyone under 16 years old.

Changes to This Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make significant changes, we will make this clear on our website or contact you directly where appropriate.

Contact and Complaints

If you have questions, concerns, or complaints regarding your personal data or this Privacy Policy, please contact us using any of our official customer service channels. If you believe your data protection rights have not been upheld, you may also lodge a complaint with the UK Information Commissioner’s Office (ICO).