Florist Bermondsey Privacy Policy
Introduction
This Privacy Policy sets out how Florist Bermondsey (“we”, “our”, or “us”) collects, uses, and protects your personal data. This policy is intended for all customers placing orders with Florist Bermondsey in Bermondsey and surrounding districts. We are committed to safeguarding your privacy and ensuring that your personal information is handled in accordance with the General Data Protection Regulation (GDPR) and applicable UK data protection law.
What Data We Collect
When you place an order or interact with Florist Bermondsey, we may collect and process the following types of personal data:
- Identification Data: Your full name and, where necessary, proof of identity if required to verify your order.
- Contact Information: Delivery addresses, billing addresses, and recipient details (if sending flowers to someone else).
- Communication Data: Your correspondence with us, requests, and feedback.
- Order Information: Details of the products you order, order dates, payment method (but not card details), and delivery instructions.
- Payment Data: While we do not store credit or debit card details, we may collect confirmation of payment via our third-party processors.
- Technical Data: IP addresses, browser types, and usage data when you navigate our website, collected via cookies or analytical tools.
Lawful Basis for Processing Your Data
We process your personal data based on one or more of the following lawful grounds:
- Performance of a Contract: To fulfil and deliver your order, communicate with you regarding your purchase, and handle payments.
- Legitimate Interests: To improve our services, prevent fraud, and protect our business interests (always balancing these interests against your rights and freedoms).
- Legal Obligations: To comply with applicable UK or EU law, such as tax and accounting requirements.
- Consent: Where we obtain your explicit permission to send you marketing communications. You may withdraw this consent at any time.
How We Use Your Data
Your personal data is used to process and deliver your orders, respond to your enquiries, verify your identity if needed, and improve our products and customer service. With your permission, we may send you special offers or updates which you may opt out of at any time.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. For order and transaction information, we typically retain records for up to 7 years to meet legal and tax obligations. Contact and identification data will be kept no longer than necessary for the processing of your order and any legitimate follow-up or customer service enquiries.
Data Processors and Third Parties
We work with carefully selected third-party service providers (processors) who help us to operate our business and provide services to you. These may include:
- Payment processing companies to securely handle your payment transactions.
- Courier or delivery partners to deliver your flowers and products.
- IT and hosting providers who support the functionality of our website and information systems.
All third-party processors are contractually bound to process your data securely and only according to our instructions, in full compliance with GDPR. We do not sell, trade, or share your personal data with third parties for their own marketing purposes.
International Data Transfers
Your personal data is processed primarily in the United Kingdom. Should any data be transferred outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your information, such as Standard Contractual Clauses or equivalent protective measures, as required by UK law.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request information about the personal data we hold about you and receive a copy.
- Right to Rectification: You may ask us to correct inaccurate or incomplete data about you.
- Right to Erasure: Also known as the “right to be forgotten,” you may request deletion of your data under certain circumstances, such as when it is no longer required for the purposes collected.
- Right to Restriction: You may request that we limit the processing of your data in specific situations.
- Right to Object: You can object to certain types of processing, including direct marketing.
- Right to Data Portability: Where processing is based on consent or contract, you may request that we provide your data in a structured, machine-readable format.
To exercise any of these rights, or for further questions about your data, please contact us using the details provided on our website. When you make a request, we may need to verify your identity to ensure your data remains secure.
Data Security
We take all reasonable steps to safeguard your personal data through organisational and technical measures, including secure servers, encryption, regular staff training, and strict access controls. However, while we endeavour to protect your information, no system can be 100% secure. If we detect a data breach that could impact your rights and freedoms, we will notify you and the relevant authorities as required by law.
Policy Updates
We may amend this Privacy Policy from time to time to reflect changes in legal requirements or our operations. Updates will be posted on our website, and where appropriate, we will notify you by other means.
Scope of Policy
This Privacy Policy applies to all customers placing orders with Florist Bermondsey from Bermondsey and the surrounding districts. By engaging with our services, you acknowledge that you have read and understood this policy.
Contact and Complaints
If you have any questions about this Privacy Policy or how your data is handled, please contact us using the details provided on our website. If you believe we have failed to comply with GDPR or your data protection rights, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.
