Florist Southgate Personal Data Privacy Policy

Scope of This Privacy Policy

This Privacy Policy outlines how Florist Southgate collects, processes, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Florist Southgate from Southgate and surrounding districts.

Data We Collect

Florist Southgate gathers personal information when you interact with us, primarily for order fulfillment purposes. The types of data we collect include:

  • Identity Data: Your name and, when necessary, the recipient’s name.
  • Contact Data: Address (for delivery), telephone number, and any contact details you provide for order communication.
  • Order Data: Details of the products purchased, delivery instructions, and order preferences.
  • Payment Data: Payment details such as card information provided to our payment processor. We do not store full card numbers or security codes.
  • Correspondence Data: Records of communications, including notes from calls and messages about your order.
  • Technical Data: Information collected through cookies or our website, including IP address, browser type, and device identifiers (where applicable).

Lawful Basis for Data Processing

Under the GDPR, we process your personal data on the following lawful grounds:

  • Performance of a Contract: Your data is necessary for us to fulfill your order, coordinate deliveries, and provide related customer support.
  • Legal Obligations: Certain record-keeping or tax requirements necessitate retaining specific details relating to transactions.
  • Legitimate Interests: We may use your data to enhance our service quality, prevent fraud, or for internal record-keeping, provided this does not override your rights.
  • Consent: Where required (such as for optional marketing communications), we will clearly request your consent and allow you to withdraw it at any time.

How Your Data Is Used

Your information allows Florist Southgate to:

  • Process, confirm, and deliver flower orders as requested;
  • Contact you or the recipient regarding orders or delivery issues;
  • Manage payments via our secure third-party payment processors;
  • Respond to your queries or complaints;
  • Comply with legal and accounting obligations;
  • Improve our products and customer service, based on anonymised data and feedback.

Data Sharing and Processors

We may share your data with trusted third parties ("processors") solely for the purposes described above, including:

  • Payment Services Providers: For secure handling of payments, our selected payment processor receives payment details directly. We do not retain full payment card information.
  • Delivery Partners/Couriers: For fulfilling delivery of floral products to you or recipients as specified.
  • IT Service Providers: Who host and maintain our website and order management systems.

All our processors are vetted for GDPR compliance. They are permitted to process your data only as necessary and are prohibited from using it for their own purposes. We do not sell or rent your personal data to any third parties.

Data Retention

Florist Southgate retains your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Typically, personal and transactional data are held for up to 7 years following the completion of your order to comply with accounting and tax obligations. Data used for marketing (with your consent) will be kept until you unsubscribe or withdraw consent. After these periods, data is securely deleted or anonymised.

Your Data Protection Rights

Under the GDPR, you have the following rights with regard to your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where applicable (for example, once it is no longer necessary for the purposes it was collected).
  • Right to Restrict Processing: In certain circumstances, ask us to limit processing of your data.
  • Right to Object: Object to processing based on legitimate interests, or direct marketing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another organisation.
  • Right to Withdraw Consent: Where we rely on your consent for data processing, you can withdraw it at any time.

You also have the right to lodge a complaint with your local supervisory authority should you believe your data has been processed unlawfully.

Data Security

We take the security of your information seriously. Florist Southgate uses industry-standard measures and protocols to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. This includes secure servers, restricted access, and regular review of our data processing and storage practices.

International Transfers

Your data is generally stored within the United Kingdom or European Economic Area. Where any data is processed by a partner or processor outside these jurisdictions, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other lawful transfer mechanisms.

Changes to This Privacy Policy

This policy may be updated from time to time to reflect changes in our operations or changes in the law. The most current version will always be available through our website and, where appropriate, we will notify you of substantial changes.

Contact and Queries

If you have questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact Florist Southgate through the methods provided on our website or in our shop. We will respond to all queries regarding your rights or data within the timeframes required by law.