Sydenham Florist Privacy Policy

Introduction

At Sydenham Florist, we are committed to protecting the privacy and security of our customers’ personal information. This Privacy Policy outlines how we collect, use, store, and safeguard your data in compliance with the General Data Protection Regulation (GDPR). The policy applies to all individuals placing orders with Sydenham Florist from Sydenham and surrounding districts.

What Data We Collect

When you purchase flowers or related products from Sydenham Florist, we may collect the following personal data:

  • Identity Data: Your full name, title, and any necessary identification details.
  • Contact Data: Addresses for delivery and billing, telephone numbers, and payment details.
  • Order Details: Information about the products you order, delivery preferences, and messages for recipients.
  • Recipient Information: Name, address, and contact information for delivery recipients (when different to the customer).
  • Transactional Data: Payment and transaction records.
  • Communication Data: Emails, order instructions, and customer service correspondence.
  • Technical Data: Information about your device, IP address, and browser type when using our website (if applicable).

Lawful Basis for Processing Data

Sydenham Florist processes your personal data under the following lawful bases as per GDPR:

  • Contractual Necessity: We need your information to process and deliver your order, communicate order status, and respond to your enquiries. This is essential for fulfilling our contract with you.
  • Legitimate Interests: We may use your information for internal administrative purposes, to improve our services, or to prevent fraud, where these interests do not override your fundamental rights and freedoms.
  • Legal Obligation: We may process your data to comply with applicable laws and regulations, such as maintaining transaction records for tax purposes.
  • Consent: For any marketing communications or non-essential use of your data, we obtain your explicit consent. You have the right to withdraw your consent at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and delivering your floral orders
  • Communicating with you regarding your purchase or customer service matters
  • Tracking transactions and payment for accounting and fraud prevention
  • Improving our products and customer experience
  • Sending occasional marketing information (only where you have explicitly opted in)

Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, unless a longer retention period is required by law. Typically, order and transaction-related data are retained for up to seven years to comply with tax and accounting obligations. Communication correspondence may be retained for up to two years. When your data is no longer required, it will be securely deleted or anonymised.

Data Processors and Sharing

To deliver our services, Sydenham Florist may share your information with carefully selected external parties who process data on our behalf. These may include:

  • Payment service providers (to process your transaction securely)
  • Delivery partners (for order fulfilment and tracking)
  • IT and website support providers (for system maintenance and hosting)
  • Professional advisers (such as accountants and legal advisers, where required by law)

All third-party service providers are contractually required to respect the security of your data, use it only for specified purposes, and process it in accordance with our instructions and applicable data protection laws. We do not sell or rent your personal information to any third party for marketing purposes.

Your Rights Under GDPR

Under the GDPR, you have specific rights regarding your personal data. These include:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct any inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you can request the deletion of your personal data from our records.
  • Right to Restrict Processing: You have the right to request we limit how we use your data.
  • Right to Data Portability: You may request to receive your data or have it transferred to another provider, where technically feasible.
  • Right to Object: You may object to the processing of your personal data in certain cases, such as for direct marketing.
  • Right to Withdraw Consent: Where we rely on your consent for processing, you may withdraw it at any time.

To exercise any of these rights, please contact us through our usual contact channels. We may require verification of your identity before fulfilling your request, in order to protect your privacy and security.

Data Security

We take data security seriously. Appropriate technical and organisational measures are in place to safeguard your personal data from accidental loss, unauthorised use, disclosure, alteration, or destruction. All staff handling personal information receive training on data privacy and security best practices. Where data is processed by third-party providers, we ensure that their data protection measures meet our standards and legal obligations.

International Data Transfers

Sydenham Florist generally does not transfer customers’ data outside the United Kingdom or European Economic Area (EEA). Should data need to be transferred internationally (such as when using certain software providers), we ensure it is protected to GDPR standards through appropriate safeguards such as contractual clauses or data protection measures required by law.

Policy Updates

This Privacy Policy may be updated from time to time. Significant changes will be communicated to customers by appropriate means. Please check this page periodically for the most current version of our Privacy Policy.

Contacting Us

If you have any questions about this Privacy Policy, your personal information, or wish to exercise your data rights, please use our customer service channels or visit our shop for assistance. We aim to respond to all requests promptly and in accordance with GDPR requirements.