Flowers Covent Garden Privacy Policy

Introduction

This Privacy Policy explains how Flowers Covent Garden ('we', 'us', 'our') collects, uses, and protects your personal data when you place an order with us from Covent Garden and the surrounding districts. We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. By placing an order with Flowers Covent Garden, you acknowledge and agree to the provisions described below.

Scope of the Policy

This policy applies to all customers who place orders for flowers or related products and services from Flowers Covent Garden, whether online, by phone, or in person, within Covent Garden and the adjoining areas. Our aim is to provide transparency regarding the personal data we collect, the purposes for which it is used, and your rights regarding that data.

What Data We Collect

When you place an order or interact with us, we collect certain personal data necessary to fulfil your order and provide an excellent customer experience. The following categories of data may be collected:

  • Identity Data: Name, title, and, if required, customer reference numbers.
  • Contact Data: Delivery address, billing address, phone number (where provided), and, if submitted, email address.
  • Order Data: Details about purchases, delivery preferences, gift messages, and special requests.
  • Payment Data: This may include payment card details or other payment method information. For security, card details are processed through secure payment providers and not stored directly.
  • Technical Data: IP address, browser type and version, device type, and information about how you interact with our website.
  • Communications Data: Records of correspondences, order confirmations, and feedback you provide.

Lawful Basis for Data Processing

Under the GDPR, we must have a lawful basis to process your personal data. Flowers Covent Garden relies on the following:

  • Contractual Necessity: The main reason we process your data is to fulfil your orders, provide customer service, process payments, and arrange delivery. This processing is necessary to enter into and perform our contract with you.
  • Legitimate Interests: We process data for certain legitimate business interests, such as improving our products and services, managing our operations, maintaining security, and preventing fraud, provided that these interests do not override your rights and interests.
  • Legal Compliance: In some instances, we are required to process your data to comply with legislative or regulatory obligations.
  • Consent: For marketing communications or where we wish to use your data beyond the described purposes, we will seek your explicit consent. You have the right to withdraw consent at any time.

How We Use Your Data

Your data may be used for the following purposes:

  • Processing and fulfilling orders, including delivery and special requests.
  • Managing payments and preventing fraudulent transactions.
  • Providing customer support and responding to enquiries.
  • Sending order confirmations and updates on delivery.
  • Improving our services via internal analysis.
  • Complying with accounting, legal, and regulatory obligations.
  • With your consent, sending marketing materials and promotions.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Generally, relevant order data is retained for up to six years, in accordance with legal and tax obligations. Technical and analytical data may be anonymised for reporting and retained in aggregated form. After the retention period, your data will be securely deleted or anonymised.

Data Processors and Third Parties

To provide our services, we may share necessary data with trusted third parties (processors), such as:

  • Payment service providers processing transaction details for secure payments.
  • Delivery partners and couriers ensuring successful and timely delivery of your order.
  • IT service providers who support the security and management of our website and systems.
  • Professional advisors (such as accountants or legal consultants) where required for compliance.

All data processors act strictly on our instructions, implement appropriate security measures, and are required to treat your data confidentially. We do not sell or rent your personal data to third parties.

International Data Transfers

Where it is necessary for technical reasons to transfer your data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms, to protect your privacy rights.

Your Rights

You have several important rights under the GDPR. These include:

  • Right of Access: Request a copy of your personal data held by us.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to certain restrictions (such as legal retention).
  • Right to Restrict Processing: Ask us to limit or halt the processing of your data.
  • Right to Data Portability: Receive your data in a commonly used format and transfer it where feasible.
  • Right to Object: Object to data processing where we rely on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw your consent where processing relies on consent, without affecting the lawfulness of any processing before withdrawal.
  • Right to Complain: Lodge a complaint with a supervisory authority if you believe your data protection rights are infringed.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from loss, misuse, and unauthorised access. These include secure systems, staff training, encryption for data in transit and at rest, and regular review of security practices.

Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in legal, regulatory, or operational requirements. We encourage you to review this policy each time you place an order or use our services to stay informed about how your personal data is protected.

Contact and Further Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please use the contact options provided via our website or your regular Flowers Covent Garden channels. We are committed to addressing your privacy concerns promptly and respectfully.