Privacy Policy: Flowers Mile End Customer Data

Introduction and Scope

This Privacy Policy outlines how Flowers Mile End collects, uses, stores, and protects personal data provided by customers placing orders from Mile End and the surrounding districts. In adherence to the General Data Protection Regulation (GDPR), we are committed to transparency, accountability, and respecting your privacy rights. This policy details the categories of data we collect, our lawful basis for processing, retention periods, third-party processors, and your privacy rights as a customer.

What Data We Collect

To fulfil your flower orders and provide a high-quality customer experience, we may collect the following information:

  • Identification information – such as your full name and title.
  • Contact information – including your address, delivery location, and phone number if supplied.
  • Order details – including items purchased, delivery instructions, and special notes.
  • Payment details – such as transaction records (note: payment card information is processed securely and not stored by Flowers Mile End).
  • Communication records – such as feedback, complaints, or order-related enquiries.
  • Website usage information – including cookies and analytics data when you interact with our website.

We do not collect or process any special category data (such as health, ethnicity, or other sensitive categories), unless you choose to provide this information voluntarily in communications with us.

Lawful Basis for Data Processing

Under GDPR, we must use an appropriate lawful basis to process your personal data. Flowers Mile End processes your data under the following grounds:

  • Contractual necessity – Most of the data we collect is necessary to process and deliver your order, including order management, communications, and fulfilling customer requests.
  • Legal obligation – We are required by law to retain certain information for tax, accounting, and audit purposes.
  • Legitimate interests – We may use your data for business administration, service quality improvement, fraud prevention, and to resolve disputes, provided these interests are not overridden by your rights and interests.
  • Consent – In some cases, such as for marketing communications, we will only use your personal data if you have given explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data is used solely for the following purposes:

  • Processing and fulfilling your flower orders.
  • Providing customer support and addressing any queries or issues.
  • Improving our services, products, and website functionality.
  • Complying with legal and financial reporting obligations.
  • With your consent, sending you information about offers or new products.

Data Retention

Flowers Mile End does not retain personal data longer than necessary. Retention periods are determined by the purpose of processing and any mandatory legal requirements:

  • Order and transaction data – kept for a maximum of 7 years to fulfil tax and accounting requirements.
  • General enquiry and support correspondence – normally retained for up to 1 year after resolution.
  • Marketing preferences and consents – retained until you withdraw consent or request deletion.
  • Cookie and analytics data – held as specified in our cookie policy or as set by your browser preferences.

When data is no longer needed, it is securely deleted or anonymised in compliance with GDPR requirements.

Third-Party Processors

To help process your orders and improve our services, we may share your personal data with trusted third-party processors who act according to our instructions and under data protection obligations. These may include:

  • Payment service providers – process your payment securely.
  • Delivery partners – to deliver your orders to the given addresses.
  • IT and website hosting providers – who support the functionality and security of our website.
  • Professional advisors – including accountants or legal advisors, only to the extent necessary.

We do not sell, rent, or otherwise share your personal data with marketers or unrelated third parties.

Your Rights Under GDPR

As a data subject under GDPR, you have several important rights in relation to your personal data:

  • The right to be informed – about how your data is processed, as described in this policy.
  • The right of access – you can request a copy of your personal data we hold.
  • The right to rectification – to correct inaccuracies in your personal data.
  • The right to erasure ('right to be forgotten') – to request deletion of your data where appropriate.
  • The right to restrict processing – to request limits on how we use your data in certain circumstances.
  • The right to data portability – to request your data in a structured, commonly used format.
  • The right to object – to certain types of processing, such as direct marketing.
  • Rights in relation to automated decision-making and profiling – we do not carry out automated decision-making that legally or significantly affects you.

To exercise any of the above rights, please contact us using the details provided on our website or in your order confirmation. We may need to verify your identity before fulfilling your request for security reasons.

Data Security

We implement suitable technical and organisational measures to safeguard your data from unauthorised access, theft, or loss. These measures include encrypted payment processing, restricted internal access, and regular review of our security practices.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Significant changes will be communicated clearly to customers where possible. The current version of the policy will always be available on our website.

Contact and Complaints

If you have any questions, concerns, or requests in relation to this Privacy Policy or how your personal data is handled by Flowers Mile End, please contact us using the details on our website. If you are dissatisfied with our response, you may lodge a complaint with the relevant supervisory authority under GDPR.

This policy was last reviewed and updated in June 2024.