Our Commitment to Protecting Your Personal Information

Introduction

This Privacy Policy explains how Flowers Tooting collects, uses, stores, and protects your personal information in compliance with the UK General Data Protection Regulation (GDPR). We are dedicated to safeguarding the privacy of all customers who place orders with Flowers Tooting in Tooting and the surrounding districts. Please review this policy to understand how your personal data is managed when interacting with us.

Scope of Policy

This policy applies to all individuals who place orders with Flowers Tooting, whether via our website, by phone, or in person, within Tooting and neighbouring areas. It addresses how we manage personal data throughout the order process and related customer service activities.

What Data We Collect

In order to process your order and provide excellent customer service, Flowers Tooting collects a range of personal data. The types of information we may collect include:

  • Contact Details: such as your full name, delivery address, billing address, and phone number.
  • Order Information: details regarding your flower choices, delivery instructions, card messages, and purchase history.
  • Payment Information: payment card details or other relevant payment information. Note that payment details are processed securely by our payment processors and not stored by Flowers Tooting unless specifically required for refunds or complaint resolution.
  • Communications: correspondence between you and Flowers Tooting, such as queries, feedback, or complaints.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The primary grounds upon which we rely include:

  • Contractual necessity: We process your information to fulfil our contract with you, such as processing your order and arranging delivery.
  • Legal obligations: We may need to retain and process certain data for tax, accounting, or regulatory purposes.
  • Legitimate interests: We use your information for business purposes that do not override your privacy rights, such as improving our services, handling queries, or notifying you about order updates.
  • Consent: In some circumstances (for example, for certain marketing communications), we may ask for your explicit consent before processing your data. You can withdraw consent at any time where it was provided.

How We Use Your Data

Your personal data is used to provide our products and services, enhance your customer experience, and comply with legal obligations. Specifically, this may include:

  • Processing and delivering your orders
  • Contacting you about your order status or delivery arrangements
  • Dealing with your requests, queries, or complaints
  • Handling payments, refunds, or returns
  • Improving our products and customer services

Data Processors and Third Parties

To deliver our services, Flowers Tooting may share your personal data with trusted third-party service providers (data processors) who assist us in fulfilling orders and operating our business efficiently. These may include:

  • Payment processors: Securely handle payment transactions on our behalf.
  • Delivery or courier partners: Help deliver your orders to the correct address.
  • IT service providers: Maintain and support our website or electronic communications infrastructure.

We require all data processors to comply with high standards of security and confidentiality and they are only permitted to use your data for specified purposes as instructed by us. We do not sell, rent, or share your personal information with unconstrained third parties for their own marketing purposes.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Typically, this means:

  • Order and account information: kept for up to six years to comply with tax and record-keeping obligations.
  • Correspondence and query records: retained as long as necessary to resolve your query or dispute, then deleted or anonymised.
  • Payment information: processed securely at the point of sale and not stored directly by us, except in specific and lawful circumstances (e.g., processing refunds).

At the end of the retention period, your data is securely deleted or anonymised so that it can no longer be associated with you.

Your Rights as a Data Subject

As a valued customer and data subject, you have specific rights under the GDPR, including:

  • The right to access: Request confirmation of whether we hold your data and receive a copy of that data.
  • The right to rectification: Request correction of inaccurate or incomplete data.
  • The right to erasure ("right to be forgotten"): Ask us to delete your personal data where there is no legal reason for us to continue processing it.
  • The right to restrict processing: Request that we limit the processing of your data, under certain circumstances.
  • The right to data portability: Request the transfer of your data to another service provider, where relevant.
  • The right to object: Object to certain types of processing, such as direct marketing.
  • The right to withdraw consent: If you have given consent to processing, you have the right to withdraw that consent at any time.

If you wish to exercise any of these rights, please contact us using the details provided when you placed your order or as available on our website or premises. We will respond to your request within a reasonable time frame, as required by law.

Data Security

Flowers Tooting employs appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. Measures include secure systems for handling orders and only granting data access to authorised staff and processors with a legitimate need to know. We regularly review our procedures to ensure your data remains protected.

Policy Updates

From time to time, we may update this Privacy Policy to reflect changes in our practices or to comply with legal or regulatory requirements. The most current version is always available at our business premises and on our website. Updates take effect as soon as they are published, and your continued use of our services constitutes acceptance of any changes.

Contact and Complaints

If you have any questions about this policy or wish to make a complaint regarding the handling of your data, please contact us via the channels available on our website or provided with your order. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has not been handled in accordance with the law.

We are committed to upholding your rights and to providing transparency and security in all our data processing activities as we serve customers across Tooting and the surrounding districts.