Privacy Policy for Customers of East Ham Florist

Introduction

This Privacy Policy explains how East Ham Florist (“we”, “our”, or “us”) collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). It specifically applies to all customers placing orders with East Ham Florist from East Ham and surrounding districts. Our commitment is to safeguard the privacy and rights of our customers at all stages of their interaction with us.

What Data We Collect

When you place an order, interact with us, or use our services, we may collect the following categories of personal information:

  • Contact and Identification Data: Name, postal address, delivery address, and other contact details.
  • Order and Transaction Information: Details of purchases, delivery instructions, order history, and payment confirmations (note: we do not store entire payment card details, only the last four digits per transaction and reference).
  • Communication Data: Any messages or correspondence sent to us, including queries, compliments, complaints, or feedback, whether by mail or phone.
  • Device and Technical Data: Where applicable, basic information such as your IP address, browser type, and access times, gathered through cookies or analytics tools used to help improve our website and its security.

Lawful Basis for Processing Your Data

East Ham Florist processes your data according to specific lawful bases under the GDPR:

  • Performance of a Contract: We need your personal information to accept and fulfill your orders, arrange delivery, and carry out customer service.
  • Legal Obligations: We may retain certain data to comply with local tax, accounting, and other regulatory requirements.
  • Legitimate Interests: We may use personal data to improve our services, ensure the security of our website, or for internal administrative purposes. When relying on this basis, we carefully assess your rights and expectations.
  • Consent: If we use your data for direct marketing or newsletters, we do so only when you have given your explicit consent, which can be withdrawn at any time.

How We Use Your Personal Data

Your personal information is used solely for the purposes outlined below:

  • Processing, confirming, and delivering your floral orders and any related services.
  • Responding to your customer service requests, complaints, or feedback.
  • Meeting legal and regulatory requirements, including accounting and taxation obligations.
  • Providing updates on the status of your orders, subject to your communication preferences.
  • Improving our products and services through internal analysis, using aggregated or anonymised data where possible.

Retention of Personal Data

We retain your personal data only for as long as necessary for the purposes for which it was collected and to meet our legal obligations:

  • Order and transaction records are held for up to 7 years to comply with accounting and taxation laws.
  • Customer queries and correspondence are retained for up to 2 years from the date of your last interaction unless a longer period is required for dispute resolution or legal compliance.
  • If you have explicitly consented to direct marketing, your contact information will be retained until you withdraw your consent or unsubscribe.
  • All data is securely deleted, shredded, or anonymised once the retention period ends.

Sharing Your Information: Data Processors

To provide our services, we may share certain information with trusted third-party data processors and service providers. These include:

  • Payment Service Providers: To process secure payments for your orders. We do not store your full payment card details.
  • Delivery and Logistics Partners: To ensure safe and accurate delivery of your orders.
  • IT and System Support Providers: For website hosting, security, and maintenance purposes.
  • Legal or Regulatory Authorities: Where this is strictly required by law or regulation.

All processors act only in accordance with our instructions and are required to implement suitable security measures to protect your data. We do not sell or rent your personal information to any third parties.

Your Rights Under GDPR

You have several key rights regarding your personal data, as protected by the GDPR:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal information.
  • Right to Erasure: Also known as the "right to be forgotten", you may ask us to delete your personal data where applicable.
  • Right to Restrict Processing: You can request limited use of your data under certain conditions.
  • Right to Data Portability: You may request a copy of your data in a commonly used electronic format.
  • Right to Object: You can object to the processing of your data for direct marketing or under legitimate interests.
  • Right to Withdraw Consent: Where you have given consent, you may withdraw it at any time with future effect.

If you wish to exercise any of these rights, please contact us using the contact details provided on our website or in your order documentation. We may require verification of your identity for your protection.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These include restricted access controls, encryption where suitable, and secure storage of hard copy and electronic records. All staff undergo training in the importance of data privacy and security.

Policy Updates

This privacy policy may be updated periodically to reflect changes in our practices, legal requirements, or technology. Any amendments will become effective upon publication of the revised policy on our website. We encourage you to review this policy regularly for any updates.

Contact and Concerns

If you have questions or concerns about how your data is handled, or if you would like further information on any aspect of this policy, please use the contact information provided on our website or your order confirmation. If you remain dissatisfied, you have the right to lodge a complaint with your local data protection supervisory authority.

Thank you for trusting East Ham Florist with your personal information. We are committed to protecting your data and respecting your privacy.