Covent Garden Florist Privacy Policy

Introduction

At Covent Garden Florist, we are committed to maintaining the trust and confidence of all our customers, especially in relation to the data you share with us. This Privacy Policy details how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Covent Garden Florist from Covent Garden and the surrounding districts.

What Data We Collect

When you place an order or interact with our services, we collect only the data necessary to process your order and provide an excellent service. The types of personal data we collect may include:

  • Identity Information: such as your name and, if applicable, the recipient’s name.
  • Contact Information: including your address, delivery address, and phone number.
  • Order Details: including the flowers or products ordered, delivery notes, and special instructions.
  • Billing Details: payment information needed to process transactions (handled securely via external payment processors).
  • Correspondence: records of communications with you, including order confirmations, delivery updates, and customer service enquiries.

Lawful Basis for Data Processing

We process your personal data under several legal grounds, as detailed under GDPR:

  • Contractual Necessity: Processing is required to fulfil your order and deliver products as agreed.
  • Legal Obligations: We may process data to comply with legal requirements, such as accounting and tax record-keeping.
  • Legitimate Interests: We may use data to improve our services, ensure security, or respond to your enquiries, provided these interests are not overridden by your rights and interests.
  • Consent: Where we are not able to rely on another legal basis (such as sending marketing communications), we will seek your explicit consent. Consent can be withdrawn at any time.

How We Use Your Data

Your data is used solely for the purpose of fulfilling your orders, providing customer service, managing your account, and complying with legal or regulatory requirements. We may also use information to:

  • Provide updates on your order status and delivery.
  • Respond to your queries and feedback.
  • Improve and develop our services and website.
  • Where permitted, send newsletters or promotions relating to Covent Garden Florist’s products or services (only if you opt in).

Third-Party Processors

We partner with selected, GDPR-compliant third-party service providers to help deliver our services. These include:

  • Payment Processors: To securely process payments; card details are not stored by Covent Garden Florist, but handled directly by the payment processor.
  • Delivery Partners: To deliver your orders efficiently to the intended recipient.
  • IT and Web Service Providers: For website hosting, maintaining online security, and data storage.

All third-party providers are vetted to ensure your data remains safeguarded. They are only permitted to use your data to provide services to us and under our instruction.

Data Retention

We retain your personal data only for as long as necessary for the purposes stated above, or as required by applicable laws and regulations. Typically, we retain order and transaction records for up to 7 years to comply with tax and accounting obligations. Data related to customer service and correspondence is kept for a reasonable period to manage ongoing queries, after which it is securely deleted or anonymised.

Your Rights Under GDPR

Under GDPR, you have several important rights regarding your personal data. These include:

  • The right to access: Request a copy of the personal data we hold about you.
  • The right to rectification: Ask us to update or correct inaccurate or incomplete data.
  • The right to erasure: Request deletion of your data when it is no longer necessary for us to keep it, subject to any legal requirements for retention.
  • The right to restrict processing: Ask us to limit how we use your data in certain circumstances.
  • The right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • The right to data portability: Receive your data in a structured, commonly used format.
  • The right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, please contact us using the details on our website or through your usual communication channel with us.

Data Security

We take the security of your personal information seriously. Covent Garden Florist uses appropriate organisational and technical measures to protect your data from unauthorised access, misuse, or loss, including encryption, secure servers, and regular security reviews.

International Data Transfers

Your data is primarily stored and processed within the UK and European Economic Area. Should data be transferred outside this area, we ensure that appropriate safeguards and agreements are in place to ensure your data remains protected as required by GDPR.

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please notify us promptly.

Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Please review this policy periodically; significant changes will be brought to your attention where appropriate.

Contacting Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please reach out to Covent Garden Florist via the contact options on our website or your usual means of communication. We will respond to all legitimate requests promptly and in accordance with applicable laws.