Chingford Flowers Privacy Policy

Introduction

At Chingford Flowers, we are committed to protecting your privacy and handling your personal data transparently and fairly. This Privacy Policy describes how we collect, use, store, share, and safeguard your information in compliance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Chingford Flowers in Chingford and the surrounding districts.

What Data We Collect

When you place an order or interact with our services, we may collect the following categories of personal data:

  • Identity Data: Full name, title.
  • Contact Data: Delivery address, billing address, and occasionally location information relevant to fulfilling orders.
  • Communication Data: Preferences and correspondence with our staff regarding orders, deliveries, or feedback.
  • Order Data: Details of products ordered, recipient details if you are sending flowers to someone else (including their name, address, and message), and any personalized notes.
  • Technical Data: IP address, browser type, and usage data when you browse our website, if applicable.
  • Payment Data: Payment card details and transaction records. We do not store card details after processing your payment.

Lawful Basis for Processing Your Data

Chingford Flowers only collects and processes personal data when there is a valid legal basis to do so under Article 6 of the GDPR. These include:

  • Contractual Necessity: Most of our data collection is to fulfil your order, including receiving, processing, and delivering your floral arrangements.
  • Legal Obligation: To comply with legal requirements, such as maintaining appropriate financial and tax records.
  • Legitimate Interests: To handle customer enquiries, manage business operations, and improve our services, provided that those interests are not overridden by your privacy rights.
  • Consent: Any marketing communications or customer satisfaction surveys will only be sent to you if you have actively opted in. You may withdraw consent at any time.

How We Use Your Data

Your data is used to process your orders, arrange deliveries, respond to requests or complaints, and—only with your consent—to send you updates or offers relevant to Chingford Flowers’ services. We use anonymized data for business analytics to enhance our products and customer experience.

How We Share Your Data (Processors)

We respect your privacy and will never sell your data. We may share your personal data with strictly selected third-party processors and suppliers when necessary for order fulfilment:

  • Delivery agencies or couriers responsible for delivering your flowers.
  • Payment processing companies that securely handle your transactions.
  • IT and hosting providers who maintain our website and ordering systems.
  • Professional advisors (such as accountants or legal advisors) for compliance purposes.

All third-party processors are carefully vetted for GDPR compliance, act only on our instructions, and are prohibited from using your data for their own purposes.

International Transfers

Your data is generally processed within the UK or European Economic Area (EEA), ensuring that the same high standards of data protection apply. If we must transfer data outside those regions, we will implement appropriate safeguards (such as international data transfer agreements) to protect your information.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying legal, accounting, and reporting obligations. Typically:

  • Order and transaction data are retained for up to seven years as required by tax and accounting rules.
  • Contact and correspondence data are held for up to two years after your last interaction unless you request earlier deletion or continued correspondence is necessary for other lawful reasons.
  • Data collected for marketing purposes is held only until you withdraw your consent or unsubscribe.

Your Data Protection Rights

Under the GDPR, you have important rights regarding your personal data, including:

  • Right to Access: You can request information about what personal data we hold about you and how it is processed.
  • Right to Rectification: You may request corrections to your data if it is incomplete or inaccurate.
  • Right to Erasure: In certain cases, you may request the deletion of your data ('the right to be forgotten').
  • Right to Restrict Processing: You may request limits on how we use your data.
  • Right to Data Portability: You can request a digital copy of your data to reuse elsewhere.
  • Right to Object: You may object to processing when based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these or any other data protection rights, please refer to our website or contact us using the details provided at the end of this policy.

Security of Your Data

We employ appropriate technical and organisational measures to protect your personal data against loss, misuse, alteration, or unauthorised access. This includes secure payment processing and regular staff training on data protection and confidentiality.

Changes to this Policy

Chingford Flowers may update this Privacy Policy occasionally to ensure ongoing compliance with legal requirements and best practices. The latest version will always be available on our website, with the effective date clearly indicated.

Contact and Further Information

If you have any questions, concerns, or requests about your personal data or this Privacy Policy, please contact Chingford Flowers directly. Additional information on your data protection rights can also be obtained from the Information Commissioner's Office (ICO).