GDPR-Compliant Privacy Policy at Queen's Park Florist

Introduction

This Privacy Policy explains how Queen's Park Florist collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Queen's Park Florist from Queen's Park and the surrounding districts. By using our services, you consent to the collection and use of your data as described in this policy.

What Data We Collect

Queen's Park Florist collects and processes various categories of personal data from our customers in order to provide you with exceptional service and fulfill your orders. This includes:

  • Identity Data: Name, title, and order reference numbers.
  • Contact Data: Delivery address, billing address, phone number (if provided), and other applicable contact details.
  • Order Data: Details of flower and gift orders, recipient’s name and address, notes or card messages provided for deliveries.
  • Payment Data: Payment method and transaction details (but please note, we do not store full card details; these are processed securely by our payment provider).
  • Technical Data: IP address, browser type, access times, device type, and website usage data (when you use our website).
  • Customer Interaction Data: Records of communications you have with us, including complaints, compliments, and order inquiries.

Lawful Basis for Processing

Under the GDPR, Queen's Park Florist must have a lawful basis for processing personal data. We rely on the following bases:

  • Contractual Necessity: Most of our processing is necessary for fulfilling your flower or gift order, delivering products to you or the recipient, and handling payment and support.
  • Legal Obligation: We may process and retain some data as required by law, for example in relation to tax or accounting regulations.
  • Legitimate Interests: We may use your data to improve or develop our services, prevent fraud, or communicate service-related updates – always in ways that don’t override your privacy rights.
  • Consent: Where required (for example for certain marketing communications), we seek your explicit consent, and you can withdraw this at any time.

How We Use and Share Your Data

Your information is used exclusively for the purposes of processing your orders and enhancing your experience with Queen's Park Florist. Specifically, we use your data to:

  • Confirm, process, and deliver your orders
  • Communicate with you about your orders or queries
  • Handle payment and billing
  • Send relevant service updates or, if you have opted-in, marketing communications
  • Comply with legal obligations

Data may be shared with trusted third-party processors (see below), but only to the extent necessary for the fulfillment of your order or the operation of our business. We never sell your data to other organisations.

Our Data Processors

We work with selected third-party processors who assist us in delivering and managing orders, payment processing, and our website. These third parties include:

  • Payment Providers: To securely process card payments on our behalf.
  • IT and Website Service Providers: To manage our website, systems, and customer relationship tools.
  • Delivery Partners: Where relevant, to deliver flowers and gifts to you or your intended recipient.

All processors act under strict contractual obligations to handle data only as instructed, to protect your information, and never to use it for their own purposes.

Data Retention

We retain your personal data only for as long as necessary for the purpose it was collected, including to satisfy legal, accounting, or reporting requirements:

  • Order Data: Typically retained for up to 6 years to enable customer service and for legal compliance (including tax and warranty issues).
  • Marketing or Consent-Based Data: Retained until you withdraw consent or opt out.
  • Technical Data: Retained for a shorter period, as needed for analytics and troubleshooting.

After the retention period expires, your personal data is securely deleted or anonymised for statistical purposes where permissible.

Your Rights Under GDPR

You have several key rights regarding your personal data under GDPR, including:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct incomplete or inaccurate information.
  • Right to Erasure: In certain circumstances, you may request your data be erased.
  • Right to Restrict Processing: You may object to or restrict how we process your data under certain conditions.
  • Right to Data Portability: Where applicable, you can request we transfer your data to another provider.
  • Right to Withdraw Consent: If we rely on your consent, you can withdraw it at any time without affecting previous processing.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing.

To exercise your rights, please contact us using the details provided at the end of this policy. We will respond in accordance with GDPR requirements and aim to resolve any concerns promptly and transparently.

How We Protect Your Data

We are committed to safeguarding your personal information through administrative, technical, and physical measures to ensure its confidentiality, integrity, and availability. This includes secure payment processing, encryption, regular system reviews, and limiting access to staff who require data to fulfil their roles.

Policy Scope and Updates

This Privacy Policy applies to all customers placing Queen's Park Florist orders from Queen's Park and the surrounding districts. We may update this policy from time to time to reflect legal or business changes. Please review it periodically. Continued use of our services indicates agreement to the current version of our policy.

Contact Information

If you have questions about this privacy policy, your data, or how we process your information, please get in touch with us using our website's contact details. We are happy to assist with data access requests or any privacy concerns you may have.