Flowers Maidenhead Privacy Policy

Introduction

At Flowers Maidenhead, we are committed to safeguarding and respecting the privacy and personal data of our customers. This Privacy Policy explains how we collect, use, store, and protect your personal information when you place orders with us. It also informs you about your privacy rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing Flowers Maidenhead orders from Maidenhead and the surrounding districts.

Who We Are

Flowers Maidenhead is a florist service based in Maidenhead, dedicated to providing beautiful floral arrangements and gifts to our valued customers. As a data controller, we determine the purposes and means of processing your personal information in line with GDPR requirements.

What Data We Collect

We only collect data necessary for fulfilling your orders and for communicating effectively with you. The types of data we collect may include:

  • Contact Information: Name, delivery address, billing address, and telephone number.
  • Order Details: Products ordered, special instructions, and recipient information (e.g., name and delivery address of the recipient).
  • Payment Information: Payment card details or payment transaction references (note: card details are processed securely by our payment provider and are not stored by us).
  • Communication Data: Records of correspondence with you, such as queries, feedback, or complaints.
  • Technical Data: IP address, browser type, and device identifiers collected through our website for security and analytics, where relevant.

Lawful Basis for Processing Your Data

We process your personal information under one or more of the following lawful bases, as defined by the GDPR:

  • Contract: Processing is necessary for us to fulfill the contract of providing flowers and related services you have requested.
  • Legal Obligation: We may need to process your data to comply with legal and regulatory obligations.
  • Legitimate Interests: We may process data to pursue our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, unless those interests are overridden by your data protection rights.
  • Consent: In scenarios where none of the above bases apply and where required by law, we will seek your explicit consent before processing your information (for example, for marketing communications).

How We Use Your Data

We use your personal information for the following purposes:

  • Processing and fulfilling orders you place with us.
  • Communicating order status, confirmations, and any updates relevant to your order.
  • Managing customer relationships, including responding to queries, complaints, or feedback.
  • Improving our products, services, and customer experience.
  • Ensuring the security and integrity of our website and systems.
  • Meeting our legal and regulatory responsibilities.
  • Conducting limited marketing activities (where you have opted in or where allowed by law).

Data Retention

We retain your personal information only for as long as necessary for the purposes for which it was collected. This is usually the duration of our relationship with you, plus a reasonable period thereafter to fulfil our legal obligations (e.g., financial record-keeping, handling complaints, or defending potential claims). Payment information is retained only as long as necessary to process your transaction. When data is no longer needed, it is securely deleted or anonymised.

Use of Data Processors

To help provide our services, we may engage third-party service providers (known as ‘processors’) to process personal information on our behalf. These typically include:

  • Payment processing providers, to securely handle card payments and transactions.
  • Delivery partners, to facilitate the delivery of your order.
  • IT support services, for website hosting, security, and data storage.

We ensure any processors we engage operate under a contract and comply with data protection laws. They are only permitted to process your data as instructed by us and for the purposes stated in this policy.

Your Rights Under GDPR

You have several important rights regarding how your personal data is used. These include:

  • The right to be informed – To know how your personal data is being used.
  • The right of access – To request a copy of the personal data we hold about you.
  • The right to rectification – To request corrections to inaccurate or incomplete data.
  • The right to erasure (‘right to be forgotten’) – To request the deletion of your data where there is no lawful reason to continue processing it.
  • The right to restrict processing – To request that we restrict how we use your data in certain circumstances.
  • The right to data portability – To request transfer of your data to another service provider.
  • The right to object – To object to certain types of processing, such as direct marketing.
  • Rights relating to automated decision-making and profiling – We do not carry out any automated profiling or decision-making based on your data.

To exercise any of these rights, you will need to provide sufficient identification so we can verify your request. We commit to responding to such requests within one month, unless an extension is required due to the complexity of your request.

Data Security

We are committed to ensuring the security and confidentiality of your personal information. We have implemented appropriate technical and organisational measures to prevent unauthorised access, alteration, disclosure, or loss of your information, including encryption, access controls, secure payment processing, and regular security reviews.

International Data Transfers

Your personal data is usually stored and processed within the United Kingdom. However, if we need to transfer data outside the UK or European Economic Area (EEA) to provide you with services, we will ensure that appropriate safeguards are in place, such as approved contractual clauses or other lawful mechanisms.

Children's Privacy

Our products and services are not aimed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal information, please contact us so we can take appropriate action.

Updates to This Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, legal obligations, or in response to customer feedback. The latest version will always be available on our website. We advise you to review the policy periodically to stay informed of how we protect your information.

Contact and Complaints

If you have any questions, concerns, or wish to exercise your rights relating to your personal data, please reach out to us using the contact details provided on our website. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are not satisfied with our handling of your data.