Florist Upton Park Data Privacy Policy

Scope and Applicability

This Privacy Policy describes how Florist Upton Park collects, uses, stores, and protects your personal information in accordance with the UK General Data Protection Regulation (UK GDPR). It applies to all customers who place orders with Florist Upton Park from Upton Park and the surrounding districts. By placing an order or communicating with us, you consent to the processing of your personal data as detailed in this policy.

The Types of Data We Collect

To fulfil your flower orders and provide our services, Florist Upton Park may collect and process the following types of personal data:

  • Contact Information: Including your name, delivery address, invoice address, and, if provided, the recipient’s name and delivery address.
  • Order Information: Details of the products you have ordered, your preferences, any relevant gift messages, and purchase history.
  • Communication Details: Records of your interactions with us such as order confirmations and correspondence via our website or other communication channels.
  • Payment Information: Information required to process payments, which may include partial payment card details (processed securely via our payment processors).
  • Technical Data: Information such as your IP address, browser type, device information, and access times when you interact with our website (if applicable).

Lawful Basis for Data Processing

Under GDPR, the processing of your personal information must be grounded in a lawful basis. Florist Upton Park relies on the following bases to process your data:

  • Performance of Contract: We process your data to fulfil your order, provide customer service, and deliver products to you or the intended recipient.
  • Legal Obligations: We retain certain data as required to comply with legal and regulatory requirements, such as tax and accounting regulations.
  • Legitimate Interests: To improve our products and services, manage bookings, and protect against fraud, we may process your data where these interests are not overridden by your fundamental rights and freedoms.
  • Consent: Where required for marketing communications, we will obtain your explicit consent before sending non-essential promotional materials.

Purpose of Data Collection

We process your personal data for a range of business purposes, including:

  • Processing and fulfilling your floristry orders
  • Managing payments and invoicing
  • Providing customer support and responding to your queries
  • Improving and personalising our services
  • Meeting legal, regulatory, and tax obligations

How We Share Your Data: Data Processors

Florist Upton Park engages with carefully selected third-party processors to help provide certain services. These may include:

  • Payment Processors: Acquire payments and process refunds. Only the necessary payment data is provided to these processors, and we do not retain or store your full card details.
  • Delivery Partners: Couriers or postal services, for the purpose of completing deliveries to you or your recipient.
  • IT Providers: Technical service partners or IT hosting providers who assist with website functionality and data storage. Access to data is provided strictly as necessary.
  • Professional Advisors: Such as accountants and legal advisors, where required for our legitimate business operations.

All third-party processors are subject to data processing agreements and must comply with GDPR requirements, ensuring your data is handled securely and confidentially.

Data Retention Periods

Florist Upton Park will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, we retain order and customer information for up to seven years to comply with tax and financial regulations. Data provided solely for marketing purposes will be retained until you withdraw your consent or request erasure.

Your Rights Under GDPR

As a data subject under GDPR, you have certain rights in relation to your personal data processed by Florist Upton Park. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure: Ask for your personal data to be deleted where there is no compelling reason for its retention.
  • Right to Restrict Processing: Request that we only process your data for certain purposes.
  • Right to Data Portability: Receive the personal data you provided to us in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise your rights or find out more about your options, you may contact us using the contact methods provided on our website or via written request. We will respond to all legitimate requests within one month.

Security and Data Protection Measures

Florist Upton Park employs appropriate organisational and technical measures to secure your personal information against loss, misuse, unauthorised access, alteration, or disclosure. These measures include secure IT systems, access controls, staff training, and the regular review of policies and procedures. Where data is processed by third parties, we require them to demonstrate equivalent levels of security and GDPR compliance.

Changes to This Policy

We may update or amend this Privacy Policy from time to time to reflect changes in the law, our practices, or for operational reasons. Where changes are material, we will make this clear on our website or via other appropriate channels.

Contact and Complaints

If you have any questions about how we handle your personal data, wish to exercise your rights, or make a complaint, you can contact us using the details available on our website. If you are not satisfied with our response, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.