Flowers Emerson Park: Privacy Policy

Introduction

This Privacy Policy explains how Flowers Emerson Park collects, uses, stores, and shares your personal data when you place an order with us. We are committed to upholding your privacy, and we adhere to the standards set out in the General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Flowers Emerson Park, whether from Emerson Park itself or any of the surrounding districts.

What Data We Collect

When you interact with Flowers Emerson Park, we may collect the following categories of data:

  • Personal identification information: Name, address, delivery address, and contact details such as telephone number (if provided).
  • Order information: Details of products ordered, recipient information (such as recipient’s name and address, if different from your own), and card messages.
  • Payment details: Payment confirmation (we do not store complete card numbers, but payment processors may process certain payment information as required for transaction purposes).
  • Correspondence: Any communication or feedback you provide to us regarding your order (including emails, forms, and reviews).
  • Technical data: IP addresses, browser type, and information about your device, captured via website cookies and similar technologies when you use our online ordering service.

Lawful Basis for Processing Data

Under the GDPR, we must have a lawful basis to process your information. The lawful bases that apply in our processing activities include:

  • Contract: We need your personal data (such as name, address, and contact information) to process and deliver your order, and to fulfill our contractual obligations to you.
  • Legitimate Interests: We may process your data for legitimate business purposes, such as improving our services, preventing fraud, or defending legal claims, provided these interests are not overridden by your fundamental rights and freedoms.
  • Legal Obligation: We may be required to process your data to fulfill legal or regulatory requirements, such as tax and accounting obligations.
  • Consent: If we wish to send you marketing communications, we will rely on your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data may be used for the following purposes:

  • To process, fulfil, and deliver your orders.
  • To communicate with you regarding your order status, delivery, or any issues arising from your purchase.
  • To respond to your queries and provide customer support.
  • To process payment and prevent fraudulent transactions.
  • To maintain our business records and comply with legal requirements.
  • To improve our products, services, and customer experience.
  • If you have provided consent, to send you relevant marketing information regarding our offerings.

How Long We Keep Your Data

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including for accounting, legal, or reporting requirements. Generally, we keep order records and related customer data for up to seven years, as required by accounting and tax regulations. After this period, your data is securely deleted or anonymised, except in cases where we are required by law to retain it for a longer period, or where it is needed for legitimate legal purposes.

Sharing Your Data: Processors and Third Parties

Your personal data may be shared in the following limited circumstances:

  • Service Providers: We work with trusted third-party processors to facilitate order processing, delivery, payment, and IT infrastructure. These may include payment gateway providers, delivery partners, and IT service providers. Each processor is contracted to use your data only as necessary to provide the agreed service and to adhere to GDPR requirements.
  • Legal and Regulatory Authorities: If required, we may share information with law enforcement or regulatory authorities to comply with legal obligations or to protect our rights and property.
  • Professional Advisors: When necessary, we may share data with professional advisors such as accountants, auditors, or insurers.

We do not sell your personal data to any third parties for marketing purposes.

International Transfers

We strive to ensure that your data remains within the UK and European Economic Area (EEA) to the greatest extent possible. Where service providers or processors are located outside the EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to protect your data in accordance with GDPR.

Your Rights Under GDPR

As a data subject, you have several key rights under the GDPR:

  • Right of Access: You can request confirmation of whether we hold your personal data and obtain a copy of that information.
  • Right to Rectification: You have the right to request that any incomplete or inaccurate data we hold about you is corrected.
  • Right to Erasure: In certain circumstances, you may request that we erase your personal information, for example, where it is no longer needed for the purpose it was collected.
  • Right to Object: You may object to our processing of your data where we rely on legitimate interests or for marketing purposes.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to request a copy of the data you have provided to us in a machine-readable format, or for us to transmit it to another data controller.
  • Right to Withdraw Consent: Where we rely on consent for any processing (such as marketing), you may withdraw your consent at any time.
  • Right to Lodge a Complaint: If you believe your data protection rights have been breached, you can raise a complaint with the relevant supervisory authority.

Data Security

We have implemented appropriate technical and organisational measures to ensure the security of your personal data. Access to personal data is restricted to necessary employees and trusted partners who are subject to strict confidentiality and security obligations. We regularly review and update our practices to prevent loss, misuse, or unauthorised access of your data.

Policy Updates

This Privacy Policy may be revised from time to time to reflect changes in our processes, legal requirements, or for any other operational, legal, or regulatory reasons. Updates will be posted on our website with the effective date of change. We encourage customers to review this policy periodically.

Contact and Further Information

If you have any questions about this policy, your data, or how we use it, please get in touch with us using the contact details provided on our website. We are committed to upholding your privacy and are happy to discuss any concerns or requests you may have regarding your personal data.