Florist New Cross Privacy Policy

Introduction

This Privacy Policy explains how Florist New Cross collects, uses, stores, and safeguards your personal data when you place an order as a customer from New Cross or the surrounding districts. Our practices comply with the General Data Protection Regulation (GDPR). Please read this policy carefully to understand your rights and how we operate regarding your information.

Scope of This Policy

This policy applies to all customers who place orders with Florist New Cross, whether online, by phone, or in-person, provided that the orders are for delivery or collection in New Cross and its neighboring areas. By placing an order or contacting us regarding our services, you accept the practices described in this Privacy Policy.

What Personal Data We Collect

Florist New Cross collects only the data necessary to carry out our services and fulfil your orders. The types of personal information we typically collect include:

  • Contact Details: Your name, address, phone number, and, if applicable, delivery address and recipient's name.
  • Order Details: Description of floral arrangements or services requested, messages to accompany flowers, and delivery preferences.
  • Payment Information: Transaction identifiers, payment method (e.g., card type), but not full card details (which are handled securely by payment processors).
  • Communication Records: Correspondence between you and Florist New Cross, such as queries or feedback.
  • Website Usage: If you use our website, we may collect anonymised information such as IP address, device type, and browser details through analytics tools to improve our services.

Lawful Basis for Processing Personal Data

Under GDPR, we rely on the following legal bases to process your personal data:

  • Contractual Necessity: Processing information is necessary to fulfil your order, manage delivery, and provide customer support.
  • Legitimate Interests: We may process your data when it is necessary for our legitimate interests (such as quality control or fraud prevention) and does not override your rights and interests.
  • Legal Obligation: Where required, we process data to comply with legal duties, such as accounting and tax regulations.
  • Consent: For certain uses, such as optional marketing communications, we will seek your explicit consent, and you may withdraw it at any time.

How We Use Your Information

Your personal data is used for the following purposes:

  • Processing and fulfilling your flower orders
  • Communicating with you about your current or past orders
  • Customising our services in line with your preferences
  • Managing payments and refunds
  • Improving our products and services
  • Complying with legal or regulatory requirements

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order and transaction records are generally retained for up to 6 years to meet accounting, tax, and legal obligations.
  • Communications may be kept for a period that enables us to resolve queries or complaints.
  • Marketing data will be kept only as long as you have consented and will be deleted promptly upon request or when consent is withdrawn.
  • Website analytics (if applicable) are retained in an anonymised or aggregated form that does not identify individuals.

Processors and Sharing of Data

Florist New Cross does not sell your data. We may share your information with trusted third parties who act as data processors on our behalf in the following situations:

  • Payment Providers: To process your payments securely and prevent fraud.
  • Delivery Partners: Couriers or local drivers to deliver your order to the correct address.
  • Service Providers: Providers of IT, cloud, or communication services required for our business operations.

All data processors are contractually obligated to protect your information, only use it for the agreed purpose, and comply with relevant data protection laws.

Your Rights Under GDPR

As a customer, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you can request that we delete your personal data.
  • Right to Restrict Processing: You can ask us to restrict the use of your data in certain cases.
  • Right to Data Portability: You can request that we provide your personal data in a structured, commonly used format for transfer to yourself or another provider.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing, and we will respect your rights unless there is a compelling legal reason not to.
  • Right to Withdraw Consent: If we process your data for marketing or other purposes based on consent, you can withdraw this consent at any time.

If you wish to exercise any of these rights, please contact us using your preferred method. We may need to verify your identity before fulfilling your request.

How We Protect Your Data

We implement appropriate security measures—including administrative, technical, and physical safeguards—to protect your information from unauthorised access, alteration, disclosure, or destruction. While we strive to use industry-standard measures, no method of transmission or electronic storage is fully secure. We regularly review our practices to maintain the security and confidentiality of your data.

Changes to This Privacy Policy

We may update this Privacy Policy as our services or legal requirements evolve. The most recent version will always be available in our store and on our website. We encourage you to review this policy periodically for updates. Substantial changes will be communicated to you where appropriate.

Contact and Complaints

If you have any concerns about your privacy or our data protection practices, you are encouraged to contact us so we can resolve your issues. Should you remain dissatisfied, you also have the right to lodge a complaint with the appropriate data protection authority.