Privacy Policy – Florist Richmond upon Thames

Introduction

This Privacy Policy explains how Florist Richmond upon Thames ('we', 'us', or 'our') collects, manages, and protects your personal data when you place an order with us from Richmond upon Thames or its surrounding districts. We are committed to safeguarding your privacy and ensuring the security of your information in accordance with the General Data Protection Regulation (GDPR) and all other applicable UK data protection laws.

Scope of this Policy

This Privacy Policy applies to all customers who place orders with Florist Richmond upon Thames, whether through our website, via telephone, or in person, when ordering from Richmond upon Thames and neighboring localities. By requesting our services, you consent to the collection and processing of your personal data as described in this policy.

Information We Collect

To process your orders and provide enhanced customer service, we may collect the following types of personal data:

  • Contact Information: Name, address, delivery address, phone number, and other details necessary for delivering orders.
  • Order Details: Information about products purchased, delivery instructions, gift messages, and recipient information.
  • Payment Data: Partial payment information as processed through secure third-party payment providers. We do not store your full payment card details.
  • Communication Records: Enquiries, feedback, and correspondence received by telephone, online forms, or in person.
  • Technical Data: IP address, browser type, and access time, which may be collected automatically via our website to support its functionality.

Lawful Basis for Processing Personal Data

We process your personal data only where the law allows us to. The principal lawful bases under GDPR relevant to our activities are:

  • Contractual Necessity: Most information we collect is necessary to fulfill our contract with you—accepting, processing, and delivering your order.
  • Legal Obligation: We may be required to retain and disclose certain information to comply with financial, accounting, or other legal requirements.
  • Legitimate Interests: For purposes such as improving our services, handling customer queries, or sending necessary communications related to your order.
  • Consent: For any non-essential processing not covered above, we will ask for your clear consent and give you the right to withdraw it at any time.

How We Use Your Data

Your data is used strictly for the following purposes:

  • Processing and fulfilling your floral orders and deliveries
  • Communicating with you regarding your order or customer service enquiries
  • Managing and improving our products and services
  • Complying with applicable laws and regulations
  • Addressing your complaints and resolving disputes

Third-Party Processors and Data Sharing

We may share your personal data with trusted third-parties necessary to fulfill your order or maintain our business operations. These may include:

  • Payment service providers for secure card processing (we do not retain full card details)
  • Delivery and courier partners responsible for delivering your items
  • IT and systems support providers for maintaining our business infrastructure
  • Professional advisers, such as accountants or legal consultants, only when necessary for compliance

Each third-party processes personal data solely as required to deliver their service to us and under strict confidentiality agreements in compliance with GDPR.

Data Retention – How Long We Keep Your Data

Your personal data is retained only as long as it is necessary for the purposes it was collected, or as required by law. Typically:

  • Order and transaction records are kept for up to seven years to meet legal and tax compliance obligations.
  • Customer account details are retained as long as your account remains active, or until you request deletion.
  • Enquiries and communications may be retained for up to two years for quality assurance and to respond to follow-up queries.
  • Data used for marketing purposes (only if you have provided consent) will be held until you unsubscribe or request removal.

After the relevant retention period, your data is securely deleted or anonymised.

Your Rights Under GDPR

You have a number of rights under GDPR regarding your personal data. These include:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, provided there is no legal reason for us to continue holding it.
  • Right to Restrict Processing: In certain circumstances, you can ask us to limit how we use your data.
  • Right to Data Portability: You may request that we transfer your data to another provider in a structured, commonly used format.
  • Right to Object: You can object to our processing of your data where we rely on legitimate interests as the legal basis.
  • Right to Withdraw Consent: Where we process data based on consent, you may withdraw consent at any time.

Requests to exercise any of these rights will be responded to in accordance with applicable laws. We may need to confirm your identity before processing requests for your protection.

Data Security

We take appropriate technical and organisational measures to secure your personal data and to prevent loss, misuse, unauthorised access, disclosure, or alteration. Only employees and agents who need access to your data to process orders or provide support are permitted to do so, and they do so under strict confidentiality obligations.

Children’s Privacy

We do not knowingly collect or store personal data relating to children under 16 years unless the information is provided with parental or guardian consent for order purposes.

Changes to this Privacy Policy

This policy may be updated to reflect changes in our practices or legal requirements. Please check back periodically for updates. Where applicable, significant changes will be communicated to you directly.

Contact and Further Information

If you have any questions about this Privacy Policy or how your data is handled, please contact us through our usual customer service channels. You also have the right to lodge a complaint with the supervisory authority if you believe your data rights have been infringed.