Privacy Policy for Flower Delivery Chase Cross Customers

Introduction

This Privacy Policy describes how Flower Delivery Chase Cross (hereafter referred to as 'we', 'us', or 'our') collects, uses, stores, and processes your personal data. Our policy applies to all individuals placing orders for flower delivery from Chase Cross and the surrounding districts. We are fully committed to safeguarding your privacy, ensuring the proper handling of your personal data in line with the United Kingdom General Data Protection Regulation (UK GDPR) and all relevant data protection legislation.

What Personal Data We Collect

When you place an order or interact with our services, Flower Delivery Chase Cross may collect and process the following types of personal data about you:

  • Contact Information: Such as your full name, delivery address, billing address, email address, and telephone number.
  • Order Information: Details of your orders, including delivery preferences, personalised messages, product selections, and payment information (handled in accordance with PCI DSS for payment security).
  • Communication Data: Records of your communication with us (e.g., enquiries, feedback, or complaints).
  • Usage Data: Information about your interaction with our website and services, such as IP address, browser type, device information, and cookies (see our Cookie Policy for details).

We only seek and process data necessary to provide our flower delivery services and to improve the quality, efficiency, and security of our operations.

Lawful Basis for Processing Your Data

Flower Delivery Chase Cross processes your personal data based on the following lawful bases under GDPR:

  • Contractual Necessity: We need your data to accept, process, and fulfill your orders.
  • Legitimate Interests: For administrative purposes, responding to enquiries, record-keeping, fraud prevention, and to ensure the ongoing security and improvement of our services.
  • Legal Obligation: Where required by law, such as for HMRC tax records or fraud prevention measures.
  • Consent: Where processing is not required for contract fulfillment or legal requirements, such as for marketing communications or the use of certain cookies. You may withdraw your consent for marketing at any time.

How We Use Your Personal Data

Your personal data is used for the following purposes:

  • To process and deliver your flower orders accurately and promptly.
  • To communicate with you about your order, delivery updates, and customer support requests.
  • To improve our products, services, and website experience.
  • For business and financial record-keeping, administrative purposes, and compliance with legal requirements.
  • With explicit consent, to send you special promotions, updates, or service announcements relevant to flower delivery in your area.

Data Retention Period

We retain your personal data only as long as necessary for the purposes for which it was collected, as required by law, or for as long as we have a legitimate business need to do so. Specifically:

  • Order and transaction data: retained for up to 7 years to comply with tax, accounting, and legal obligations.
  • Customer service and correspondence records: usually kept for up to 2 years after the last interaction, unless required for longer by law.
  • Marketing data: retained until you withdraw your consent or unsubscribe.

After this period, your personal data will be securely deleted or anonymised so it can no longer be linked to you.

Processors and Third-Party Service Providers

We only share your personal data with trusted third-party processors essential to the running of our flower delivery service. These may include:

  • Payment processing providers to securely handle transactions.
  • Delivery and courier partners to fulfill and dispatch your orders.
  • IT support, website hosting, and data storage companies to maintain and safeguard our systems.
  • Professional advisors (e.g., accountants, legal advisors) where necessary for business compliance.

All third-party processors are contractually required to comply with data protection legislation, ensuring your data is only used for the intended purpose and is kept secure. We do not sell or rent your personal data to third parties.

Your Data Protection Rights

You have the following rights regarding your personal data under the UK GDPR:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can update or correct any inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): You can request the deletion of your data in certain circumstances.
  • Right to Restrict Processing: You can request that we slow or stop the processing of your personal data.
  • Right to Data Portability: You may ask to receive your data in a structured, commonly used, and machine-readable format or for it to be transmitted to another data controller.
  • Right to Object: You may object to processing where we rely on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw this at any time.

To exercise your rights or for further information regarding your personal data, please contact us using our standard customer service channels. We will respond to your request as soon as possible and always within the timeframes set by law.

Data Security Measures

Protecting your personal data is of utmost importance to Flower Delivery Chase Cross. We implement suitable organisational and technical measures to secure your data against loss, misuse, unauthorised access, alteration, or disclosure. This includes access controls, encryption, secure data storage, and regular reviews of our data processing practices.

International Data Transfers

Your data is primarily processed within the United Kingdom and the European Economic Area (EEA). If, in rare circumstances, your personal data is transferred outside the EEA, we ensure all necessary safeguards are in place, such as standard contractual clauses or equivalent legal mechanisms to protect your privacy rights.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices or relevant laws. We recommend returning to this page periodically to stay informed of how we process and protect your data. Continued use of our services after changes are made constitutes your agreement to the updated policy.

Contact and Further Information

If you have any questions or concerns about this Privacy Policy or the way we handle your personal data, please contact us using the methods indicated on our website or via our standard customer service process. If you remain dissatisfied, you have the right to contact the Information Commissioner's Office (ICO) or your local supervisory authority.