Privacy Policy for Flower Delivery Camberley

Introduction

This Privacy Policy outlines how Flower Delivery Camberley ('we', 'us', 'our') collects, uses, stores, and protects your personal data when you place orders for flower delivery from Camberley and the surrounding districts. We are committed to ensuring the privacy and security of your information in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Scope of Policy

This Privacy Policy applies to all individual customers ('you', 'your') who order flower delivery through our services in Camberley and the nearby areas. By using our services, you acknowledge and agree to the procedures described in this policy.

Data We Collect

We collect only the personal information necessary to process your orders and provide our flower delivery services. The types of data we collect include:

  • Identity Data: Your full name and, where relevant, the recipient's name.
  • Contact Data: Delivery addresses, billing addresses, and phone numbers you provide during the ordering process.
  • Order Details: Information about the products you purchase, delivery instructions, and any messages or notes included with your order.
  • Payment Information: Details required to process your payment, such as payment card information. This data is handled securely by our payment processors and is not stored by Flower Delivery Camberley.
  • Technical Data: When you visit our website, we may collect information about your device and browsing patterns (such as IP address, browser type, and pages visited) to enhance your online experience.

Purpose and Lawful Basis for Processing Data

We only process your personal data where we have a valid legal basis to do so. Our processing activities are justified by one or more of the following lawful bases, as permitted by the GDPR:

  • Contractual Necessity: We process your data to fulfill our contractual obligations, such as accepting, managing, and delivering your orders.
  • Legal Obligation: We may need to process certain data to comply with relevant legal obligations, including accounting, tax, and regulatory requirements.
  • Legitimate Interests: We have a legitimate interest in ensuring the efficient operation of our services, improving customer experience, handling customer queries, and preventing fraud. We make sure these interests do not override your fundamental privacy rights.
  • Consent: In limited situations, where required, we will seek your consent to process your personal data, such as for direct marketing communications. You can withdraw your consent at any time.

How We Use Your Data

Your personal data will be used for the following purposes:

  • Processing and fulfilling your flower delivery orders, including communicating about your order and its status.
  • Managing payments and transactions securely via approved third-party payment processors.
  • Responding to your inquiries, complaints, or requests.
  • Improving our services, website, and customer experience through analysis of anonymized data.
  • Complying with legal and regulatory requirements that apply to our business.

Data Sharing and Processors

We do not sell your personal data to third parties. However, we may share your data with trusted third-party service providers ('processors') who assist us in providing our services, such as:

  • Payment Processing Providers: For secure transaction processing.
  • IT and Cloud Hosting Services: Providers who maintain our website and storage systems.
  • Delivery Partners: Third-party couriers involved in fulfilling your delivery.

All processors are contractually obliged to use your data only for the specified purposes and to ensure its confidentiality and security in compliance with GDPR.

International Transfers

We aim to keep your data within the European Economic Area (EEA). Should your personal data be transferred outside the EEA, we ensure appropriate safeguards are in place to protect your rights and data in accordance with GDPR requirements.

Data Retention

Your personal data will be retained only as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. Typically, order and transaction records are kept for up to 7 years to comply with legal obligations, after which they are securely deleted or anonymized.

Security Measures

We implement robust security measures to protect your personal data from unauthorized access, alteration, or disclosure. These measures include encryption, secure servers, firewalls, and regular data protection reviews. Access to your data is strictly limited to those employees and partners who require it to fulfill their role.

Your Rights

Under the GDPR, you have several important rights regarding your personal data:

  • Access: You have the right to request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Erasure: Under certain conditions, you have the right to request deletion of your data ('right to be forgotten').
  • Restriction: You can ask us to suspend the processing of your personal data in certain scenarios.
  • Portability: You may request that we provide your personal data to you or another controller in a structured, commonly used format.
  • Objection: You can object to our processing of your data, particularly if we use it for direct marketing or rely on legitimate interests.
  • Withdraw Consent: Where we process data based on your consent, you may withdraw this consent at any time.

To exercise any of these rights, please contact us via the details on our website. We may require proof of identity before we can process your request and will respond within one month.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes to our data practices or legal requirements. Any updates will be posted on this page and, where appropriate, notified to you.

Contact and Complaints

If you have questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact us using the contact information provided on our website. You also have the right to lodge a complaint with your local Data Protection Authority if you believe we have not adequately protected your personal data or complied with data protection law.