Addington Flowers GDPR Privacy Policy

About This Policy

This Privacy Policy describes how Addington Flowers (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you place an order with us. This policy applies to all customers placing orders for flowers and related goods or services from Addington Flowers, whether you reside in Addington or the surrounding districts. We are committed to safeguarding your privacy and ensuring your rights under the UK General Data Protection Regulation (GDPR).

What Data We Collect

When you interact with us, we collect only the data necessary to process your order and provide you with the best possible experience. The categories of data we may collect include:

  • Identity Data: Name, title
  • Contact Data: Delivery address, billing address, telephone number, and other contact information you provide
  • Order Data: Details of items ordered, delivery instructions, and customisation requests
  • Payment Data: Payment method details (note: we do not retain or process card details directly; see further details under ‘Processors’ below)
  • Communication Data: Correspondence sent to us via online forms, in person, or by post
  • Technical Data: When you use our online services, such as browser type, IP address, device information, and usage analytics (if applicable)

We do not intentionally collect special categories of personal data (such as health or biometric data) unless required for the fulfilment of specific products and only with your explicit consent.

Lawful Basis for Processing Your Data

All personal data is processed lawfully, fairly, and transparently. The lawful bases under the UK GDPR under which we process your data are:

  • Contract: We need your personal data to fulfil our contract with you, processing your flower orders and delivering the items you request.
  • Legal Obligation: For compliance with legal requirements, such as accounting, tax, or fraud prevention.
  • Legitimate Interests: Where necessary for the legitimate interests of our business, such as internal record keeping and improving our service, provided these do not override your rights or interests.
  • Consent: We may ask for your consent for optional services, such as direct marketing or special requests, and you have the right to withdraw your consent at any time.

How We Use Your Information

Your data is used strictly for the purposes for which it was provided:

  • Processing your booking and delivering your goods or services.
  • Communicating order confirmations, updates, and customer support.
  • Complying with our legal obligations.
  • Internal business analysis and improvement (on an anonymised basis where possible).
  • Sending you marketing information only if you have opted in to receive such communications.

How Long We Retain Your Data

We retain your personal data only for as long as is necessary for the purposes outlined in this policy or as required by law. In general:

  • Order and delivery details are retained for up to six years for tax and record keeping purposes.
  • Contact and correspondence data may be retained for up to two years after your last contact with us, unless you request deletion where applicable.
  • Marketing preferences are retained until you withdraw your consent or opt out, whichever is sooner.
  • Technical and analytics data collected via online tools is retained as per our service provider’s retention policies but is generally anonymised where possible.

Our Data Processors

We use carefully vetted third-party processors to help us deliver our products and services efficiently and securely. These may include:

  • Payment Processors: Trusted companies that handle card payments and process transactions securely. Addington Flowers does not store your card details; these are encrypted and processed directly by our payment partners in line with industry standards.
  • Delivery Partners: Reputable courier services to deliver flowers to your specified address.
  • IT Service Providers: Providers supplying website hosting, scheduling, and customer communications platforms.

All third-party processors are contractually bound to ensure the security and confidentiality of your data and are compliant with all relevant data protection laws. Your data is never sold or shared for third-party marketing purposes.

Your Rights Under GDPR

You have a number of important rights under data protection law. In summary, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct any inaccuracies or incomplete data.
  • Erasure (‘Right to be Forgotten’): Request deletion of your personal data where there is no longer a lawful reason for us to retain it.
  • Restriction: Ask us to restrict processing of your data under certain circumstances.
  • Portability: Receive your data in a structured, commonly used format and ask for it to be transferred to another controller where technically feasible.
  • Objection: Object to the processing of your data where we rely on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

If you wish to exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond to legitimate requests within one month, though complex requests may take longer.

Security of Your Data

We take the protection of your personal data seriously. All appropriate technical and organisational measures are implemented to safeguard your information against unauthorised access, alteration, disclosure, or destruction. Access to your personal data is limited to staff and processors on a need-to-know basis, subject to confidentiality obligations and training.

Changes to This Policy

We review our Privacy Policy regularly to ensure it continues to comply with current laws and best practices. Updates to this policy will be posted here so you always know what information we collect, how we use it, and under what circumstances it is disclosed.

Contact and Complaints

If you have any questions regarding this Privacy Policy, your personal data, or if you wish to exercise your rights, please reach out to us via the contact methods stated on our website or in your order documentation. If you are dissatisfied with our response, you are entitled to lodge a complaint with the UK Information Commissioner’s Office (ICO).

This policy is effective from 18 June 2024 and applies to all Addington Flowers customers placing orders from Addington and surrounding districts.