Flowers Wapping GDPR Customer Privacy Policy

Introduction

This Privacy Policy explains how Flowers Wapping collects, uses, stores, and protects your personal information when you place an order with us in Wapping and surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy and security of your data. By placing an order or using our services, you acknowledge you have read and understood this policy, which applies to all customers ordering from Flowers Wapping.

What Data We Collect

When you use our services, we collect and process certain personal data to fulfil your order and provide you with the best possible service. The types of data we collect may include:

  • Identity Data: Full name, billing address, and delivery address.
  • Contact Data: Telephone number and, if you provide it, your email address to communicate regarding your order.
  • Order and Transaction Data: The details of products you order, delivery instructions, transaction information (including payment confirmation but not your full card details), and order history.
  • Technical Data: Basic information on how you access our website or online services, such as IP address, browser type, and device identifiers, which may be collected via cookies or similar technologies if you use our digital services.
  • Preference Data: Delivery preferences and any personal messages relating to gifts or flowers you request.

Lawful Basis for Processing

Flowers Wapping processes your data on several legal grounds in line with GDPR:

  • Contractual obligation: Most of the personal data we collect is necessary to enter into or fulfil a contract with you (i.e., to process and deliver your order, communicate about your order, or handle related support).
  • Legitimate interests: We may process data to improve our products and services, to safeguard our business, and prevent fraud, as long as these interests do not override your rights and freedoms.
  • Consent: Where required, for example, if we send you marketing materials, we will seek your explicit consent, which you may withdraw at any time.
  • Legal obligations: In some instances, we are obligated by law to retain or disclose your data, such as for tax, accounting, or regulatory purposes.

How We Use Your Personal Data

Your data is used exclusively for the following purposes:

  • Processing and delivering your flower orders, including communicating with you about your order and handling customer support queries.
  • Personalising your experience based on preferences, where relevant.
  • Improving our website, service, and product offerings.
  • Managing payments and preventing fraudulent transactions.
  • Meeting legal, regulatory, or contractual obligations.
  • Contacting you with updates about Flowers Wapping if you have opted in to receive such communications.

Data Retention

Flowers Wapping retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Generally:

  • Order, transaction, and identity data are retained for a period of up to seven years following the completion of your last order in line with our legal obligations.
  • Contact and preference data is retained while actively managing your orders or until you request its removal, except where legal obligations require longer retention.
  • Technical and analytical data may be kept for shorter periods for website operation and security purposes.

After these retention periods, your data will be securely deleted or anonymised.

Data Processors and Sharing

We treat your data with the utmost care and confidentiality. In specific cases, we may need to share your data with trusted third-party suppliers (processors) to facilitate order processing and service delivery. These may include payment service providers, website hosting companies, delivery partners, IT support specialists, or other necessary sub-contractors involved in fulfilling your order. All processors are contractually obligated to handle your data securely, only as instructed by Flowers Wapping, and in accordance with GDPR.

We do not sell, rent, or trade your personal data to external companies for marketing or commercial purposes. Your data may be disclosed where required by law, regulation, or court order.

Your Privacy Rights

GDPR grants you several important rights regarding your personal data:

  • Right of Access: You can request a copy of your personal data we hold.
  • Right to Rectification: You may request corrections to inaccurate or incomplete data.
  • Right to Erasure: You have the right to request deletion of your data under certain circumstances ("right to be forgotten").
  • Right to Restrict Processing: You may request the restriction or suppression of your data processing in certain scenarios.
  • Right to Data Portability: You may obtain your data in a structured, commonly used format and transmit it to another controller.
  • Right to Object: You can object to our processing of your data where it is based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you are free to withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided on our website or in your order correspondence. We aim to respond to all legitimate requests within one month and may require proof of identity to confirm your request.

Data Security

Flowers Wapping implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, misuse, or alteration. Only authorised personnel and processors who need your data to fulfil orders or support our services have access to it. All personnel are bound by strict confidentiality obligations.

Policy Applicability and Updates

This privacy policy applies to all customers placing Flowers Wapping orders from Wapping and the surrounding districts. We reserve the right to update this Policy periodically to reflect changes in our practices, technology, or legal requirements. If significant changes occur, we will notify affected individuals through our website or direct communication where appropriate. We encourage you to review this Policy periodically to stay informed about how we process and protect your data.

Contact and Complaints

If you have any questions about this policy, how your data is processed, or wish to make a complaint, please contact us using the channels detailed on our website or through your order confirmation. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office or your local supervisory authority.