Privacy Policy for Shooter's Hill Florist Customers

Introduction

At Shooter's Hill Florist, protecting your personal information is of paramount importance to us. This Privacy Policy outlines how we collect, use, store, and safeguard your personal data when you place an order with us, whether in Shooter's Hill or in the surrounding districts. Our practices are fully compliant with the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

Scope of Policy

This Privacy Policy applies to all customers placing orders with Shooter's Hill Florist via any means, including in-person, over the phone, or through our website, for delivery or collection within Shooter's Hill or the surrounding districts. By placing an order, you acknowledge the practices described in this policy.

What Data We Collect

We collect different types of personal data from you in order to process your order and provide our floral services. The categories of data that may be collected include:

  • Contact Information: Your name, delivery address, telephone number, and occasionally instructions related to your order.
  • Recipient’s Information: Name, delivery address, and phone number of your chosen recipient, if different from yourself.
  • Payment Details: Transaction information such as payment method (we do not hold full card details, as payments are processed securely through a payment processor), and purchase history.
  • Order Details: Products ordered, messages or cards to accompany orders, order notes, and delivery preferences.
  • Technical Data: When using our website, technical information such as IP address, browser type, and device information may be collected for security, analytics, and functionality.

Lawful Basis for Processing

Under GDPR, we must process your data under a lawful basis. Our lawful bases for processing your personal data are:

  • Contractual Necessity: We process your data to fulfil your order and provide you with services requested.
  • Legal Obligation: In some cases, we are required by law to process certain data, such as for accounting and tax purposes.
  • Legitimate Interests: We may use your contact details for customer service, handling queries, and improving our services. Any marketing communications sent (if you have opted in) are done in line with your preferences and legal requirements.
  • Consent: Where we rely on your consent (for example, for direct marketing), you will always be given a clear choice, and consent can be withdrawn at any time.

Data Retention

We hold your personal data only for as long as is reasonably necessary for the purposes for which it was collected, and to comply with any applicable legal or regulatory requirements. Typically:

  • Order and transaction information may be retained for up to 7 years, in accordance with UK tax and accounting law.
  • Contact and marketing information is retained until you withdraw consent or request deletion, at which point it will be removed from our active marketing lists.
  • Technical website data is retained for a shorter period, typically no longer than 12 months, unless legally required for security or fraud investigations.

Data Processors and Sharing

We may share your information with trusted third-party data processors who help provide aspects of our service, including:

  • Payment Processors: Securely handle card transactions and purchases.
  • Delivery Partners: Couriers or florists involved in completing your delivery.
  • IT Service Providers: Who enable website functionality, hosting, and technical support.
  • Accountants and Auditors: For compliance with financial and legal obligations.

All processors are contractually bound to keep your information secure, confidential, and to process it only under our instructions. Your personal data is never sold to any third parties.

International Data Transfers

We strive to keep your data within the United Kingdom and the European Economic Area (EEA). Where a processor is located outside these jurisdictions, we ensure adequate safeguards, such as standard contractual clauses, are in place to protect your information according to the GDPR.

Your Rights as a Data Subject

Under the GDPR and UK law, you have the following rights over your personal data:

  • Right to Access: You can request a copy of personal data we hold about you.
  • Right to Rectification: You can have inaccurate or incomplete data corrected.
  • Right to Erasure: You can, in certain circumstances, request deletion of your data.
  • Right to Restrict Processing: You may limit how your data is used in some circumstances.
  • Right to Data Portability: Request a copy of your data in a commonly used, machine-readable format.
  • Right to Object: Object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw this at any time.

To exercise any of these rights, please contact us using the methods provided on our website or in-store. We will endeavour to respond to all requests within one month.

Data Security

We are committed to securing your personal information and have put suitable physical, electronic, and managerial procedures in place to protect it against misuse, loss, or unauthorised access. Our staff and partners only access data they need to fulfil their tasks.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or customer feedback. The most recent version will always be available for review on our website or in-store. Significant changes will be communicated to you as appropriate.

Contact and Complaints

If you have any questions, concerns, or complaints regarding your personal data or this Privacy Policy, please contact us using the options available on our website or visit us in person. You may also contact the Information Commissioner's Office (ICO) should you wish to lodge a complaint.