Privacy & Data Protection Policy

Introduction

This Privacy & Data Protection Policy outlines how Flowers St Luke's ("we", "us" or "our") collects, uses, and safeguards your personal information. This policy applies to all customers placing orders with Flowers St Luke's from St Luke's and surrounding districts, and explains your rights under the General Data Protection Regulation (GDPR).

What Personal Data We Collect

We are dedicated to collecting only the data necessary to process your order efficiently and provide you with the best possible service. Depending on how you interact with us, we may collect the following categories of personal data:

  • Contact Information: Such as your full name, address, and telephone number for delivery and communication purposes.
  • Order Details: Including recipient details, delivery address, order notes and specific instructions provided by you.
  • Payment Information: Limited details, such as payment method; however, sensitive payment data is processed securely by third-party payment processors and not stored by us.
  • Communication Records: Notes and records from your communication with us, including queries, feedback, and complaints.
  • Technical Data: Such as IP address, device identifiers, and browsing information if you use our website, collected through cookies and analytics tools to enhance your browsing experience.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. Flowers St Luke's relies on the following bases:

  • Contractual Necessity: We process most personal data to fulfil the contract when you make an order, deliver flowers, or provide our services as requested.
  • Legitimate Interests: Certain uses, such as improving our services, ensuring the security of our website, and handling customer service enquiries, are processed on the basis of legitimate interests, ensuring these do not override your rights and freedoms.
  • Legal Obligations: We may process or retain some data to comply with legal requirements, such as tax or regulatory obligations.
  • Consent: Where we request your consent (e.g., for marketing emails), you can withdraw this at any time.

How We Use Your Data

Your data is used only for the purpose for which it was collected, including:

  • Processing and delivering your orders
  • Communicating order updates, confirmations, and assisting you with any enquiries
  • Improving our products and customer experience
  • Fulfilling legal and regulatory obligations
  • Informing you about relevant Flowers St Luke's services, promotions, or updates if you have opted in

Data Retention

We retain your personal information for as long as necessary to fulfil the purpose for which it was collected (such as completing your order and handling any follow-up enquiries), and to comply with legal, tax and accounting requirements. Typically, customer order information is kept for up to 6 years for compliance and record-keeping. After this period, your personal data will be securely deleted or anonymised.

Sharing and Data Processors

To process your orders and deliver our services efficiently, we sometimes need to share your personal data with trusted third parties who act as data processors. These include:

  • Payment processors who handle transaction processing securely on our behalf
  • Delivery partners who assist with delivering your orders to the specified address
  • IT and hosting providers who support the operation of our website and systems

All third parties are contractually required to protect your data, act only on our instructions, and comply with GDPR. We do not sell or trade your information to other organisations for commercial purposes.

Security of Your Data

Your privacy is important to us. We implement reasonable technical and organisational measures to secure your personal data. This includes secure storage, access controls, encryption where appropriate, and procedures to deal with any suspected data breach. Only authorised personnel and service providers have access to your data, and only when necessary.

Your Rights Under GDPR

As a customer, you have a number of data protection rights under GDPR, including:

  • Right to Access: You can request confirmation that we hold your personal data, a copy of that data, and information about how it is processed.
  • Right to Rectification: If your data is inaccurate or incomplete, you may ask us to correct or update it.
  • Right to Erasure: In certain cases, you may request that we erase your personal data.
  • Right to Restrict Processing: You can request we limit the way your data is processed in some circumstances.
  • Right to Data Portability: Where applicable, you may ask us to transfer your data to another provider in a commonly used format.
  • Right to Object: You can object to processing based on our legitimate interests or direct marketing at any time.
  • Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint: If you believe your rights have been infringed, you have the right to complain to a supervisory authority.

Policy Updates

If we change our privacy practices, we will update this policy. Please review it regularly to stay informed about how we protect your information. The version date is indicated at the end of this document.

Contact and Further Information

If you require further information about this policy or wish to exercise your GDPR rights, please contact us through your usual Flowers St Luke's customer service channels. We are committed to assisting you and safeguarding your personal data.

Last updated: June 2024.