Florist Cranford Privacy Policy for Customers

Introduction

This Privacy Policy explains how Florist Cranford collects, uses, and safeguards your personal data when you place orders with us from Cranford or surrounding districts. We are fully committed to complying with the General Data Protection Regulation (GDPR) to ensure transparency and respect for your rights regarding your information. By ordering from Florist Cranford, you acknowledge and accept the practices described in this policy.

Scope of This Policy

This policy applies to all customers placing orders with Florist Cranford in Cranford and the surrounding areas. It details what personal data we collect, the purposes of processing, our legal basis, with whom your data may be shared, how long we retain your information, and your rights under GDPR.

Personal Data We Collect

When you engage our services or make a purchase, we may collect the following categories of personal data:

  • Identity Data: such as your full name and, if provided, the recipient’s name for delivery.
  • Contact Data: including addresses (delivery and billing), town or postcode, and, if necessary, phone numbers for delivery coordination.
  • Transaction Data: records of the products ordered, payment method details (but not card numbers, as these are handled by secure payment processors), order value, and order history.
  • Correspondence: details from your communications with us regarding orders, queries, or feedback.
  • Technical Data: such as IP address, browser type, and device information, if you use our website, gathered through cookies for security and analytics purposes.

Lawful Basis for Processing

Florist Cranford processes your personal data on the following lawful grounds under GDPR:

  • Contractual Necessity: We require certain data to process your order, manage payments, and deliver your products. Without this data, we cannot fulfill our contract with you.
  • Legal Obligation: We may process data to comply with legal duties such as tax, accounting, or fraud prevention obligations.
  • Legitimate Interest: We process limited data to improve our service (such as customer satisfaction surveys) and to ensure the security of our website. Our interests do not override your privacy rights.
  • Consent: For direct marketing (e.g., newsletters), we seek your explicit permission, which you may withdraw at any time.

How We Use Your Personal Data

Your data is used solely to:

  • Process and deliver your floral orders.
  • Handle payments and process refunds if applicable.
  • Contact you about your order status or address any issues.
  • Comply with legal and accounting obligations.
  • Enhance your customer experience and improve our services, where appropriate.
  • Send you marketing communications, only if you have opted in.

Data Retention

We keep your personal data only for as long as necessary for the purposes set out in this policy. Order and transaction data are retained for up to seven years to comply with statutory obligations relating to accounting and tax. Contact details provided for marketing are stored until you withdraw your consent or request erasure. After the relevant retention period, your data will be securely deleted or anonymized so that it is no longer associated with you.

Sharing Your Data: Processors and Third Parties

Florist Cranford shares your personal data only with trusted third-party processors where necessary to complete your order or comply with regulations. Such processors may include:

  • Payment service providers: To securely process transactions (we do not store your card details).
  • Delivery and courier companies: To deliver your orders within Cranford and surrounding areas.
  • IT and cloud service suppliers: Necessary for the secure operation and backup of our ordering system.
  • Professional advisors: Such as accountants or legal advisors when required by law.

All processors are contractually obligated to keep your data secure and to use it solely for the specified purposes. Florist Cranford does not sell your personal data or share it for unrelated marketing purposes. Data may only be transferred outside the EEA if adequate protection (such as Standard Contractual Clauses) is in place.

Your Rights under GDPR

As a data subject, you have several important rights regarding your personal information:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct or complete inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data (subject to legal retention obligations).
  • Right to Restrict Processing: Ask us to suspend processing your data in certain circumstances.
  • Right to Data Portability: Receive your data in a portable format, or request its direct transfer to another provider.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time where consent was the lawful basis.

Data Security

We have implemented technical and organizational measures to safeguard your data against loss, misuse, unauthorized access, or disclosure. These include secure servers, encrypted transactions, strict access controls, and regular security assessments. While we strive to protect your personal data, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. When we do, we will revise the update date at the top of this policy. Significant updates will be communicated to you where appropriate.

Contact and Complaints

If you have questions or concerns regarding your data or would like to exercise any of your rights, please contact us using the details provided on our website. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office or your local data protection authority.