Flowers Stevenage Privacy Policy

Our Commitment to Your Privacy

Flowers Stevenage is dedicated to safeguarding the personal data of every customer who places flower orders within Stevenage and its surrounding districts. We understand the importance of your privacy and are committed to handling your data responsibly and transparently in accordance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

Scope of this Policy

This Privacy Policy outlines how Flowers Stevenage collects, uses, processes, retains, and protects the personal information of individuals who place orders with us in Stevenage and nearby areas. The policy applies to all orders made through our platform, regardless of the order channel used (website, phone, or in person).

What Data We Collect

To fulfil your flower orders and provide excellent customer service, we may collect and process the following types of personal data:

  • Contact Information: Your name, delivery address, billing address, and phone number.
  • Order Details: Information about the products you purchase, delivery instructions, and other order-specific notes.
  • Payment Data: Payment card details or transaction references, processed securely through our payment processors; we do not store full card details on our servers.
  • Email Address: Collected for order confirmations, delivery updates, and essential communications.
  • Recipient Information: Name, address, and (when provided) contact number of the person receiving your order.
  • Correspondence: Records of enquiries, complaints, feedback, and communication history with our customer service.
  • Technical Data: Information automatically collected by our website or online services, such as IP address, browser type, device information, and usage analytics.

Lawful Basis for Processing Your Data

Under the GDPR, we process personal information only when permitted by law. The main lawful bases we rely on include:

  • Contractual Necessity: Processing is necessary to enter into or perform our contract with you, for instance, to process your order and arrange delivery.
  • Legal Obligation: Compliance with laws or regulations that require us to retain certain transaction records.
  • Legitimate Interests: For purposes such as customer service improvement, fraud prevention, and enhancing our services, provided these interests do not override your fundamental rights and freedoms.
  • Consent: We may ask for your explicit consent for certain processing, such as direct marketing, which you can withdraw at any time.

How We Use Your Information

Your data is used for the following business purposes:

  • Processing and delivering your flower orders, including communicating with you about order status or delivery updates.
  • Managing payments and addressing any issues with payment processing.
  • Responding to requests, queries, or feedback you submit.
  • Improving our products, services, and customer experience.
  • Complying with legal and financial record-keeping requirements.
  • Protecting our business from fraud and misuse.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including fulfilling orders, complying with legal obligations, resolving disputes, or establishing legal rights. In general:

  • Order and transaction records are retained for up to 7 years for accounting and tax purposes.
  • Customer enquiry and communication records are typically maintained for up to 2 years.
  • Marketing consent records are kept until you withdraw consent or unsubscribe.
  • Technical and analytical data is retained only as long as necessary for service improvements and security monitoring.

Once data is no longer needed, it is securely deleted or anonymised.

Data Processors and Third Parties

Flowers Stevenage employs carefully selected third-party service providers (data processors) to assist in fulfilling your order and maintaining our services. We only share your data with these processors when absolutely necessary, and only under strict contractual agreements that ensure your data remains protected. Examples of processors include:

  • Payment processing companies to handle your transactions securely.
  • IT cloud solution providers for website hosting, data storage, and email delivery.
  • Delivery partners who arrange the shipment or hand-delivery of your flowers.
  • Customer support platforms for managing enquiries and communication.

Your data will not be sold or shared with other organisations for marketing purposes unless you provide explicit consent. If required by law, such as by a court order or government regulation, we may disclose your data to the relevant authorities.

Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. These include secure data storage, encryption of sensitive information, regular system monitoring, and employee training in data protection best practices.

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

  • The right to access: You can request a copy of the personal data we hold about you.
  • The right to rectification: You may ask us to correct or update inaccurate or incomplete personal data.
  • The right to erasure: Also known as the ‘right to be forgotten,’ you may request deletion of your data in certain circumstances.
  • The right to restriction: You may ask us to limit the processing of your data, for example, while a complaint is being investigated.
  • The right to object: You can object to certain types of processing, such as direct marketing.
  • The right to data portability: You may request a copy of your data in a machine-readable format to transfer elsewhere.
  • The right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
  • The right to lodge a complaint: You have the right to complain to the UK Information Commissioner’s Office if you believe your rights have been infringed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or company structure. Updates will take effect as soon as they are published. We encourage customers to review this policy regularly to stay informed of any updates.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact the Flowers Stevenage team. We are committed to responding to your queries promptly and transparently.