Ilford Flowers Privacy Policy

Introduction

This Privacy Policy outlines how Ilford Flowers ("we", "us", or "our") collects, uses, stores, and protects your personal data when you place an order with us. This policy is specifically applicable to all customers located in Ilford and the surrounding districts who engage with our flowers and gifting services. Our commitment is to respect your privacy and comply with the European General Data Protection Regulation (GDPR) and relevant UK data protection legislation.

Personal Data We Collect

Depending on your use of our services, we collect various types of personal data. This may include:

  • Contact Details: Name, delivery address, billing address, and telephone number.
  • Order Information: Details about your order, purchase history, and delivery preferences.
  • Payment Information: While we use third-party payment processors, we may receive confirmation of payment status. We do not store your card details.
  • Customer Communications: Correspondence with us via our website, phone, or other channels.
  • Technical Data: IP address, browser type, device information, and cookies as part of our website analytics and to enhance user experience.

Our Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract: We process your data as necessary to fulfill your order and provide our services, including processing payments and arranging deliveries.
  • Legal Obligations: Certain data may be required to meet our legal or regulatory duties, such as tax records.
  • Legitimate Interests: We may process data to improve our services, communicate order updates, or prevent fraud, provided these interests are not overridden by your data protection rights.
  • Consent: Where applicable, we may seek your consent, for example for marketing activities. You can withdraw consent at any time.

How We Use Your Data

Your personal information is used only for the purposes for which it is collected, and specifically to:

  • Process and deliver your flower and gift orders.
  • Communicate order updates and respond to your enquiries.
  • Maintain records for financial and legal requirements.
  • Enhance and personalise your experience on our website.
  • Improve our services based on customer feedback and purchasing trends.
  • Send marketing or promotional communications when consent has been provided.

Data Retention

We retain personal data only as long as necessary for the purposes it was collected, including to satisfy legal, accounting, or reporting requirements. Our general retention periods are as follows:

  • Order and Contact Data: Retained for up to 7 years to meet financial and tax obligations.
  • Correspondence: Usually retained for up to 3 years after your final interaction with us.
  • Marketing Consent: Retained until you choose to withdraw consent or unsubscribe.
  • At the end of the retention period, data will be securely deleted or anonymised.

Data Sharing and Processors

We value your privacy and will never sell your data. We may share your information with trusted third parties who provide services on our behalf, only as necessary. These third parties act as processors under GDPR and include:

  • Payment Processing Services: To securely handle payments for your orders.
  • Delivery Partners or Couriers: To deliver your flowers to the specified address.
  • IT and Website Support Providers: To maintain and secure our website and databases.
  • Professional Advisors: Such as accountants or legal advisors, where relevant to our legitimate business interests.

All processors are obliged to maintain the security and confidentiality of your personal data and are not permitted to use it for other purposes.

How We Protect Your Data

We implement a range of technical and organisational measures to keep your data secure. This includes secure web hosting, data encryption where appropriate, and restricting data access to authorised personnel only. We regularly review our data protection policies and procedures to ensure ongoing compliance.

Your Rights Under GDPR

As a customer, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct any inaccurate or incomplete information.
  • Right to Erasure: Request the deletion of your data where there is no legal reason for us to continue processing it.
  • Right to Restrict Processing: In certain circumstances, you can ask us to restrict processing of your data.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing.
  • Right to Data Portability: Request transfer of your data to another service provider.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw this at any time.
  • Right to Lodge a Complaint: If you believe your rights have been infringed, you may contact the UK supervisory authority for data protection.

To exercise any of these rights, please use the contact mechanisms detailed on our website.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, data processing practices, or legal obligations. The revised policy will be published on our website and is effective from the date of publication.

Applicability and Contact Information

This Privacy Policy applies to all orders placed by customers based in Ilford and the surrounding districts. For questions or concerns related to this Privacy Policy or your personal data, please get in touch with us using the contact details available on our website.