Spitalfields Florist Privacy Policy

Introduction

This Privacy Policy outlines how Spitalfields Florist ('we', 'our', or 'us') collects, uses, stores, processes, and protects personal data from our customers. This policy applies to all individuals placing Spitalfields Florist orders, whether residing in Spitalfields or the surrounding districts. Our commitment is to handle your information in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

What Data We Collect

When you place an order with Spitalfields Florist, we collect various pieces of information necessary for fulfilling your order, communicating with you, and improving our customer service. The types of personal data we collect may include:

  • Contact information: Your name, delivery address, billing address, and telephone number.
  • Order information: Details about the products you purchase (flowers, gifts), special instructions, recipient's name and delivery details.
  • Payment information: Card payment data (processed securely via third-party payment processors; we do not store your full card details).
  • Communication data: Any correspondence you have with us, such as queries, complaints, or feedback.
  • Technical information: Data collected through cookies or similar technologies (e.g., IP address, browser type, and device information) when using our website, for analytical or functionality purposes.

Lawful Basis for Processing Personal Data

Under GDPR, we must have a valid lawful basis to process personal data. The primary lawful bases that apply to our processing activities are as follows:

  • Performance of a contract: Most of the data is processed in order to fulfill our sales contract with you, such as processing orders, payments, and deliveries.
  • Legal obligation: We may need to process or retain information for accounting, tax, or regulatory purposes as required by law.
  • Legitimate interests: We may use your information for our legitimate business interests, such as improving our services, fraud prevention, and maintaining security, provided your fundamental rights do not override these interests.
  • Consent: In certain cases (such as sending you marketing communications where not otherwise permitted), we will obtain your consent before processing your data and you can withdraw your consent at any time.

How We Use Your Data

We use your personal data for the following purposes:

  • To process your flower or gift orders, payments, and deliver products.
  • To communicate with you about your order, answer your queries, and provide customer support.
  • To keep records required by law, including for accounting and tax purposes.
  • To improve the functionality, security, and performance of our website and services.
  • To send important notifications and, with your consent, marketing or promotional updates.

Retention of Personal Data

We retain your personal information only as long as necessary for the purposes it was collected, including satisfying any legal, accounting, or reporting requirements. Generally:

  • Order and transaction information is retained for up to seven years to meet legal and financial obligations.
  • Contact information used for marketing is retained until you unsubscribe, opt-out, or request deletion.
  • Correspondence or feedback may be kept for up to two years for quality control and training.
  • Website analytics data is held in accordance with our cookie policy and typically anonymised where possible.

Once your data is no longer required, it is securely deleted or anonymised.

Data Processors and Sharing Information

We may use third-party service providers (data processors) to help with delivering products, processing payments, managing our website, and analysing customer feedback. These providers may include:

  • Payment processors (for secure online card payments).
  • Delivery or courier services (for delivering your floral orders).
  • Website analytics and hosting providers.

All third-party processors we engage operate under written agreements, ensuring they handle your information as required by GDPR and only for specified purposes. We do not sell or rent your personal data to any third parties. We may share data where required for legal reasons or in response to lawful requests by public authorities.

Your Rights

As a customer, you have rights over your personal data under GDPR, including:

  • Right of access: Request a copy of your personal data held by us.
  • Right to rectification: Ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).
  • Right to restrict processing: Ask us to pause processing your data in specific circumstances.
  • Right to data portability: Request your personal data be transferred to you or another service provider in a structured, commonly-used format.
  • Right to object: Object to our processing of your data based on legitimate interests or direct marketing.
  • Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time.

To exercise your rights or if you have concerns about our handling of your data, please contact us using the contact details published on our website or in-store. We will respond to your request within one month, though may extend this period in complex cases.

Security of Your Data

We use appropriate technical and organisational measures to safeguard your personal information. This includes secure storage, restricted access, encryption of payment data, and staff training on data protection. While no method of transmission or storage is completely secure, we strive to protect your data to the highest standard.

International Data Transfers

We primarily store and process your personal data within the United Kingdom and European Economic Area (EEA). If it becomes necessary to transfer data outside the EEA, we ensure adequate safeguards are in place in accordance with data protection laws.

Changes to This Privacy Policy

We may update this privacy policy from time to time in response to operational, legal, or regulatory changes. Any significant modifications will be posted on our website and, where appropriate, notified to you directly. Please check this policy periodically to stay informed about how we protect your data.

Contacting Spitalfields Florist

If you have any questions regarding this privacy policy or wish to exercise your data protection rights, please contact Spitalfields Florist using the channels displayed on our website or in store. Your privacy matters to us, and we are committed to addressing any concerns promptly and effectively.