Florist Bellingham Privacy Policy

Introduction

This Privacy Policy outlines how Florist Bellingham ('we', 'our', 'us') collects, uses, stores, and protects the personal data of customers placing orders in Bellingham and surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring your information remains secure and confidential at all times. By using our services or placing an order with us, you agree to the terms described in this Privacy Policy.

Scope of Policy

This policy applies to all individuals who place orders with Florist Bellingham, whether directly through our website, over the phone, or via in-person transactions, and covers data collected from Bellingham and its surrounding districts.

What Data We Collect

When you interact with Florist Bellingham to place an order or make an enquiry, we may collect the following types of information:

  • Contact Information: Such as your name, delivery address, billing address, phone number, and, where required, email address.
  • Order Details: Including products ordered, preferences, messages for recipients, and delivery instructions.
  • Recipient Details: Name, delivery address, and contact phone number of the person receiving flowers.
  • Payment Information: Transaction details (payment card data is processed securely by our payment processor and is not stored on our systems).
  • Correspondence: Any communications you have with us, such as customer service enquiries, feedback, or reviews.
  • Technical Data: IP address, browser type, device information, and cookies (when you visit our website).

Lawful Basis for Processing

Under the GDPR, we rely on the following lawful bases to collect and process your personal data:

  • Performance of a Contract: We collect and use your information to process and deliver your order as contractually agreed.
  • Legal Obligation: To comply with legal or regulatory requirements, such as record-keeping for accounting and tax purposes.
  • Legitimate Interests: To improve our products and services, prevent fraud, and ensure the security of our operations. We always balance our interests against your rights and freedoms.
  • Consent: Where required, for example, when you sign up for marketing communications. You may withdraw consent at any time.

How We Use Your Data

We use the data we collect for the following purposes:

  • To process, fulfill, and deliver your orders, including communicating updates and resolving any issues.
  • Processing payments through a secure payment gateway.
  • Managing customer enquiries and providing support.
  • Improvements to our services, products, and user experience.
  • Complying with legal, regulatory, and tax obligations.
  • With your consent, to send you marketing offers and updates (you can opt out at any time).

Data Processors and Third Parties

To provide our services, we may share your data with third-party processors. These may include:

  • Payment Processors: For secure payment handling and fraud prevention. These providers comply with strict security obligations and do not retain your payment details beyond processing your transaction.
  • Delivery Partners: Couriers delivering your orders are given only the data needed to complete deliveries.
  • IT and Website Hosting Services: To ensure functionality, maintenance, and security of our website and systems.
  • Professional Advisors: Such as accountants or legal professionals when required for compliance.

All third-party service providers are required to respect the confidentiality of your information and comply with data protection regulations. We do not sell or rent your personal information to any third parties for marketing purposes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order and Transaction Data: Typically kept for up to 7 years to comply with accounting and legal obligations.
  • Marketing Data: Held until you withdraw consent or opt out of communications.
  • Customer Service Records: Retained for up to 3 years after your last contact with us, for quality assurance and dispute resolution.

After these periods, your data is securely deleted or anonymised so that it can no longer be associated with you.

User Rights Under GDPR

You have specific rights in relation to your personal data under the GDPR:

  • Right to Access: You can request confirmation of what personal data we hold about you and access to that information.
  • Right to Rectification: Request that inaccurate or incomplete data be corrected.
  • Right to Erasure: Also known as 'the right to be forgotten'; you can ask us to delete your data where there is no good reason for us to continue to hold it.
  • Right to Restrict Processing: Ask us to suspend processing under certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used format and transfer it to another provider.
  • Right to Object: Object to our processing of your data where we rely on legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before that withdrawal.

If you wish to exercise any of these rights, please contact us through our usual channels. We will respond to all legitimate requests promptly.

Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Such measures include secure hosting, encryption protocols, regular system updates, and staff data protection training.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our processing practices. Any updates will be posted on our website, and, where appropriate, you will be notified of significant changes.

Contact and Complaints

If you have any questions regarding this Privacy Policy, your data, or your rights, please reach out to us using the contact methods provided on our website or other official communication channels. If you remain dissatisfied, you have the right to lodge a complaint with your local data protection authority.