Florist Colindale GDPR Privacy Policy

Our Commitment to Your Privacy

At Florist Colindale, your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, retain, and protect your personal information when you place orders with Florist Colindale from Colindale and surrounding districts. We are dedicated to complying with the UK General Data Protection Regulation (UK GDPR) and related data protection laws to ensure your information is handled responsibly and transparently.

Who This Policy Applies To

This policy covers all individuals ("customers") who place orders for floral arrangements or related products and services from Florist Colindale, whether for themselves or on behalf of others, in Colindale and adjacent areas. Whether you order online, by phone, or in person, this policy outlines how your personal data is processed.

What Personal Data We Collect

Florist Colindale collects only the data necessary to process your order, provide customer service, and comply with legal obligations. The types of personal data we collect may include:

• Contact details: Full name, telephone number (where provided), and delivery address (including recipient's name and address, if different).
• Order information: Details of the products or services you purchase, order notes (such as delivery instructions), and payment confirmation (we do not store your full card details).
• Communication records: Records of your correspondence with us, such as messages sent through our website contact forms or by phone.
• Technical information: Limited details such as IP address and device type, collected automatically when you use our website, for security and analytics purposes.

Lawful Basis for Processing

We process your personal data only when lawful bases under the UK GDPR apply. Our main lawful bases are:

• Contractual necessity: To take steps at your request before entering into a contract or to fulfill our contract with you (such as delivering your order).
• Legitimate interests: To improve our services, ensure the security of our website, and communicate logistics relating to your order, provided that these interests are not overridden by your rights and interests.
• Legal obligations: To comply with legal requirements, such as taxation and record-keeping laws.
• Consent: Where required, we will seek your explicit consent, for example, for sending promotional communications. You can withdraw consent at any time.

How We Use Your Data

Your data is used strictly for the following purposes:

• To process, fulfil, and deliver your orders.
• To communicate with you regarding your purchase, delivery, or any queries.
• To manage payments and prevent fraud.
• To improve our products, services, and overall customer experience.
• To meet legal and regulatory requirements.

We do not sell or rent your personal data to third parties. We also do not use your details for automated decision-making or profiling related to your orders.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Typically, we will keep identifiable order and transaction data for up to six years to comply with UK tax and accounting obligations. Other non-essential communications or query records may be deleted sooner, unless we have a legitimate business need or legal requirement to retain them. Once the relevant retention period has expired, your personal data will be securely deleted or anonymised.

Data Processors and Sharing

Florist Colindale may engage reputable third-party service providers ("processors") to help deliver our services. When we do so, we ensure these processors are carefully vetted and that appropriate data protection contracts are in place:

• Payment processors: Secure third-party companies process your payment details; we do not store your card information.
• Delivery partners: To ensure successful deliveries to your chosen address.
• IT and software providers: For secure website hosting, order management, and customer communication tools.

Processors may only process your personal data on our instructions and for the purposes specified by us. We do not transfer your personal data outside the United Kingdom or European Economic Area unless adequate safeguards are in place, as per UK GDPR requirements.

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right to access: Request a copy of your personal data we hold.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Ask for your data to be erased where it is no longer necessary for us to keep it, subject to legal requirements.
• Right to restrict processing: Request limitations on how we use your data in certain circumstances.
• Right to data portability: Ask to receive your data in a structured, machine-readable format or for it to be transferred to another provider.
• Right to object: Object to specific types of processing, such as direct marketing, at any time.
• Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.

We respond to all rights requests in accordance with applicable data protection laws. Please note that while we aim to fulfil all requests, there may be circumstances (e.g., legal requirements) where we cannot comply fully, in which case we will inform you of the reasons.

Contact and Complaints

We take your privacy seriously. Should you have any questions about this policy, or wish to exercise your rights, please contact us using the methods set out on our website or at the premises. If you believe your data has not been handled in accordance with the law, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. The most recent version will always be available on our website. Please review it regularly if you use our services.