Herne Hill Florist GDPR Privacy Policy

Introduction

At Herne Hill Florist, we take your privacy seriously. This Privacy Policy outlines how we collect, use, store, and protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The policy applies to all customers placing orders with Herne Hill Florist from Herne Hill and surrounding districts.

By engaging our services or placing an order, you acknowledge and agree to the terms outlined herein regarding the handling of your personal data.

What Data We Collect

Herne Hill Florist may collect the following personal data:

  • Contact Information: Name, delivery address, billing address, phone number (if provided), and any contact details you choose to provide.
  • Order Details: Information about the flowers or products ordered, delivery instructions, preferred delivery date, and recipient details should an order be a gift.
  • Payment Information: Payment card details (processed securely via our payment processor) and transaction details. Note that we do not store full card details after your payment is completed.
  • Communications: Records of your correspondence with us, including emails and notes from phone communications relevant to your order.
  • Technical Data: When accessing our website, technical information such as your IP address, browser type, device identifiers, and referral URLs may be collected, as permitted by local regulations.

The Lawful Basis for Collecting and Processing Your Data

Under GDPR, we must have a lawful basis for processing your personal data. Herne Hill Florist collects and processes your information based on the following grounds:

  • Contractual Necessity: Most data collection and processing is necessary to fulfill your order, communicate with you about your purchase, and deliver our services effectively.
  • Legal Obligations: We may be required to retain certain transaction and payment records to meet financial, tax, or legal requirements.
  • Legitimate Interests: We may process your data to improve our services, prevent fraud, or respond to your queries, provided these interests do not override your rights or interests.
  • Consent: Where needed (such as for certain direct marketing or the use of specific cookies), we will request your consent and allow you to withdraw it at any time.

How Your Data is Used

Your personal data is used for the following purposes:

  • Fulfilling and delivering your orders
  • Communicating with you about your order status or queries
  • Processing payment and preventing fraudulent transactions
  • Providing customer support
  • Meeting legal and regulatory obligations
  • Improving our products and services through analysis of customer interactions (using anonymised data wherever possible)

Data Retention

Herne Hill Florist retains personal data only as long as necessary for the purposes described in this policy:

  • Order and transaction records are generally retained for up to seven years to comply with relevant financial and tax legislation.
  • Contact and communication data for customer service is retained for up to two years after the completion of your order, unless otherwise required for dispute resolution, legal obligations, or service improvement.
  • Payment information (such as card details) is not retained by us after payment processing, though basic transaction records are kept in line with legal requirements.
  • Technical data collected via website analytics may be held for up to two years for analysis and service improvement.

At the end of each retention period, data will be securely deleted or anonymised unless it is required for ongoing legal or regulatory purposes.

Data Processors and Third Parties

Herne Hill Florist may share personal data with carefully selected processors and third parties to facilitate your order and deliver our services. These may include:

  • Payment processors for secure payment handling
  • Delivery and courier services for product delivery
  • IT and website maintenance providers
  • Accountancy and legal professionals (when legally required)

We ensure all data processors we engage are GDPR-compliant and have adequate safeguards in place to protect your data. Personal data is not sold or shared for marketing purposes with third parties outside these necessary service providers.

Your Rights Under GDPR

As a customer in Herne Hill or surrounding districts, you have specific rights regarding your personal data:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You may request correction of any incomplete or inaccurate data we hold about you.
  • Right to Erasure: You have the right to request deletion of your data where there is no lawful reason for its retention.
  • Right to Restrict Processing: You may ask us to restrict the processing of your data in certain circumstances.
  • Right to Data Portability: You can request us to transfer your personal data to you or another service provider.
  • Right to Object: You may object to the processing of your personal data where we rely on legitimate interests.
  • Right to Withdraw Consent: Where we rely on consent for processing, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

If you wish to exercise any of these rights, or have a concern about how your data is handled, you can contact us using the details found on our website or via your chosen method of communication. We will respond to your request as soon as possible, and always within one month.

Data Security

We have implemented appropriate technical and organisational measures to protect your data against accidental loss, misuse, unauthorised access, disclosure, and alteration. All payment transactions are processed securely by our payment partners using encryption protocols. Access to your personal data is limited to those employees, agents, or third parties who need it to fulfil your order or provide support and is strictly controlled.

Children’s Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect or process data of children without parental consent. If you believe a child’s data has been provided to us in error, please contact us for prompt removal.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We encourage you to review this policy periodically to stay informed of how we protect your information.

Contact and Complaints

If you have any questions about this Privacy Policy or would like to exercise your rights concerning your personal data, please get in touch via the contact options provided on our website or request assistance in our shop. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).