Your Privacy at Florist Morden

Introduction

At Florist Morden, we are committed to safeguarding the privacy and personal data of all our customers. This Privacy Policy explains how, why, and when we collect and process your personal data in compliance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers who place orders with Florist Morden from Morden and surrounding districts.

What Data We Collect

Florist Morden collects only the information necessary to fulfill your orders, process payments, and improve our services. The types of data we may collect include:

  • Identity Data: Name, title, and, if relevant, company details.
  • Contact Data: Delivery addresses, billing addresses, and occasionally recipient information (e.g., if you are sending flowers to another person).
  • Communication Data: Information you provide when contacting us for customer support, leaving feedback, or signing up for updates.
  • Transaction Data: Details about payments to and from you, and details of products or services you have purchased from us.
  • Usage Data: Information about how you use our website and services, such as order history and preferences.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, and other technology on your devices used to access our website.

Lawful Basis for Data Processing

We process your personal data only where we have a valid legal basis to do so. Under the GDPR, this includes:

  • Contractual necessity: We require certain personal information to fulfill our contract with you, specifically to process and deliver floral orders.
  • Legal obligation: We may process data where we are legally required to do so, for example, for tax or accounting purposes.
  • Legitimate interest: Florist Morden may process your data to improve services, manage business operations, prevent fraud, or for marketing activities, provided these do not override your individual rights.
  • Consent: Where required, we will obtain your consent for specific data processing activities, such as subscribing to marketing communications. You may withdraw your consent at any time.

How We Use Your Information

Your personal data is used for the following purposes:

  • Processing and delivering your orders.
  • Managing payment transactions and preventing fraudulent transactions.
  • Communicating order confirmations, delivery updates, and support correspondence.
  • Improving and personalizing your customer experience.
  • Fulfilling our legal and regulatory obligations.
  • Sending relevant offers or information, with your consent where required.

Data Retention

Florist Morden retains your personal information only for as long as it is necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. Our standard retention periods are as follows:

  • Order and transaction data: Retained for at least 6 years for tax and accounting compliance.
  • Marketing consent data: Retained until you withdraw your consent or until it is no longer needed.
  • Customer correspondence: Retained for up to 2 years unless a longer retention period is required by law.

When your personal information is no longer required, it is securely deleted or anonymized.

Processors and Third Parties

We may use trusted third-party service providers (“processors”) to assist with the operation of our business and delivery of your orders. These can include:

  • Payment processors for handling card payments securely.
  • Certain IT and system administration providers supporting our website or database hosting.
  • Couriers and delivery partners for fulfilling your floral orders.

All processors engaged by Florist Morden are contractually bound to comply with GDPR requirements, process your data only on our instructions, and maintain robust security measures. We do not sell or rent your personal data to third parties.

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

  • The right of access: You can request a copy of the personal data we hold about you.
  • The right to rectification: You can request correction of inaccurate or incomplete data.
  • The right to erasure: You can request that we delete your data where there is no legal reason to continue processing it.
  • The right to restrict processing: You may request we restrict how we use your data in certain circumstances.
  • The right to data portability: You may request the transfer of your data to you or another service provider in a commonly used format.
  • The right to object: You can object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision making: You have the right not to be subject to decisions made solely by automated means, unless necessary for entering into or performing a contract.
  • The right to withdraw consent: Where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the contact form or details provided on our website. We will respond to all valid requests within one month.

Security of Your Data

We implement appropriate technical and organisational measures to secure your personal data. These include encryption, access controls, and staff training to prevent unauthorised access, loss, misuse, or disclosure.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes to legal requirements or our business practices. Please revisit this policy periodically for the latest information regarding our privacy practices. Significant changes will be communicated when appropriate.

Contact and Complaints

If you have questions about this policy or the way your personal data is handled, please contact us through the details found on our website. If you have concerns about how we handle your data, you can also lodge a complaint with the Information Commissioner’s Office (ICO), the UK data protection authority.