Flower Delivery Hammersmith Privacy Policy

Introduction

This Privacy Policy details how Flower Delivery Hammersmith (‘we’, ‘our’, ‘us’) collects, uses, stores, and protects your personal data when you place an order for flower delivery within Hammersmith and the surrounding districts. We are committed to respecting your privacy and complying with the General Data Protection Regulation (GDPR).

Scope of Policy

This policy applies to all customers who place orders with Flower Delivery Hammersmith in Hammersmith and neighboring areas. It describes our practices concerning your personal data, the legal grounds for processing it, your rights, and the measures we take to keep it safe.

What Data We Collect

To process your flower order, we collect the following categories of personal data:

  • Identity Data: Name (customer and recipient)
  • Contact Data: Delivery address, billing address, and any provided telephone numbers
  • Order Data: Product details, order date and time, delivery instructions, and payment status
  • Payment Data: Payment confirmation details (but not your full card or bank information—these are processed securely by payment processors)
  • Technical Data: IP address, browser type, device information, and order history (for online orders)

We do not knowingly collect or process special categories of personal data or data regarding children under the age of 16.

Lawful Basis for Processing

Our legal grounds for collecting and processing your personal data are as follows:

  • Contractual Necessity: We process your data to fulfil floral delivery orders, handle payment, and communicate order status.
  • Legal Obligation: We retain transaction data as required for accounting, taxation, and compliance with applicable laws.
  • Legitimate Interests: We use data to improve our services, address queries, and prevent fraud, provided your rights are not overridden.
  • Consent: For certain marketing activities, we will obtain your explicit consent if required. You may withdraw consent at any time.

How We Use Your Data

Your personal data is used strictly for the following purposes:

  • Processing and delivering your order as requested
  • Verifying identity and payment
  • Communicating order confirmations, delivery updates, and customer service responses
  • Improving our website and customer experience (using aggregated or anonymised data)
  • Fulfilling our legal and contractual obligations
  • Sending marketing communications, but only if you have opted-in

How We Share Your Data

Your personal data may be shared only as necessary with third parties who support our operations, including:

  • Payment Service Providers: To process secure payments for your order
  • Delivery Partners or Couriers: Who deliver the flowers to the specified address
  • IT and Website Support Providers: Who enable website functionality and data security
  • Legal and Regulatory Authorities: When disclosure is mandated by law or regulation

All processors are required to process your data only as instructed, follow GDPR standards, and ensure data security. We do not sell or trade your personal information to unrelated third parties.

International Data Transfers

Generally, your data is stored and processed within the UK or the European Economic Area (EEA). If data must be transferred outside these territories, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your privacy rights to EU standards.

Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected:

  • Order and transaction data: retained for up to 7 years for accounting and legal purposes
  • Customer service and correspondence data: retained for up to 3 years following your last communication
  • Marketing contact details: kept until you unsubscribe or withdraw consent

After the applicable period, data is securely deleted or anonymised.

How We Protect Your Data

We implement a range of security measures to protect your personal information, including secure website technology (encryption), restricted access, regular security reviews, and ensuring all third-party service providers adhere to strict GDPR-compliant practices.

Your Rights under GDPR

As a data subject under the GDPR, you have the following rights:

  • Access: Request a copy of your personal data held by us
  • Rectification: Ask for corrections to inaccurate or incomplete information
  • Erasure (‘right to be forgotten’): Request your data be deleted where retention is not lawfully required
  • Restriction: Ask us to limit the processing of your data in certain circumstances
  • Data Portability: Obtain and reuse your personal data for your own purposes across different services
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Where consent is relied upon, you may withdraw it at any time

To exercise any of these rights, please contact us using the details provided on our website. We strive to respond to all requests within one month, although this may be extended for complex or numerous requests.

Changes to this Policy

We may occasionally update this Privacy Policy to reflect changes in our operations or legal obligations. Any substantial alterations will be communicated clearly on our website. We encourage you to review this page regularly to stay informed.

Contact and Concerns

If you have concerns about how your data is handled, you can raise them directly with us via the contact page on our website. You also have the right to contact the UK Information Commissioner’s Office (ICO) if you believe your data rights have not been upheld.