Privacy Policy for Flower Delivery Mayfair Customers

Introduction

This Privacy Policy explains how Flower Delivery Mayfair collects, uses, stores, and protects your personal data. It also outlines your rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Flower Delivery Mayfair from Mayfair and the surrounding districts.

What Data We Collect

When you place an order or interact with Flower Delivery Mayfair, we collect personal data. The data we collect includes:

  • Contact Information: Name, delivery address, recipient name and address, telephone number (if provided), and billing address.
  • Order Details: Type and quantity of flowers, special messages, delivery instructions, and order history.
  • Payment Information: Payment method, partial card data (where required by processors; we do not store full card details).
  • Account Information: If you create an account, we store your login credentials.
  • Communication: Records of correspondence with our customer service team.
  • Technical Data: IP address, browser type, operating system, device identifiers, and usage data collected through cookies or similar technologies.

Lawful Basis for Processing

Flower Delivery Mayfair collects and processes your data under the following lawful bases as required by GDPR:

  • Contractual Necessity: We process data to perform our contract with you, such as to manage and fulfil your order, delivery, and payment.
  • Legal Obligation: We may process data to comply with applicable laws and regulations.
  • Legitimate Interests: We may use your data to improve our services, maintain security, and prevent fraud, provided these interests do not override your rights and interests.
  • Consent: When you opt in to marketing communications, we process your data based on your consent. You can withdraw consent at any time.

Data Retention

We keep your personal data for as long as it is needed for the purposes for which it was collected and to comply with our legal and regulatory obligations.

  • Order and account data is typically retained for six years from your last transaction or interaction, in line with legal and accounting requirements.
  • Data processed solely for marketing purposes will be kept until you unsubscribe or withdraw consent.
  • For technical data stored through cookies, the specific retention period is outlined in our cookie policy or governed by your browser settings.

After these periods, your data is securely deleted or anonymised.

Data Processors

We use carefully selected third-party service providers ("processors") to support our business operations. These may include:

  • Payment Processors: To securely process your payments.
  • Delivery Services: For order fulfilment and delivery tracking.
  • IT and Hosting Providers: For website hosting, data storage, and related technical services.
  • Marketing Services: To deliver marketing communications, if you have opted in.

All processors act strictly on our instructions and are bound by data protection agreements. We do not allow our processors to use your personal data for their own purposes.

Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, accidental loss, misuse, alteration, or disclosure. This includes encrypted communications, secure storage, and regular security audits of our systems.

Your Rights

As a customer covered by the GDPR, you have several rights regarding your personal information:

  • Access: You may request access to personal data we hold about you.
  • Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): You can request the deletion of your data where legitimate grounds exist.
  • Restriction: You may ask us to restrict the processing of your data in certain situations.
  • Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.
  • Objection: You have the right to object to certain types of processing, including direct marketing.
  • Withdrawal of Consent: Where we process data based on your consent (such as marketing), you may withdraw your consent at any time.
  • Complaint: You also have the right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us through the available channels described on our website.

International Data Transfers

Where we or our service providers transfer your data outside the United Kingdom or European Economic Area, we ensure that adequate safeguards are in place, such as Standard Contractual Clauses or equivalent measures, to protect your privacy rights.

Policy Updates

We review and update our Privacy Policy when necessary to reflect changes in the law, our practices, or the functionality of our services. The latest version will always be available on our website. We encourage you to review it periodically.

Contact Us

If you have questions regarding this Privacy Policy or how your data is handled by Flower Delivery Mayfair, please use the contact details provided on our website to get in touch. We are committed to protecting your privacy and will respond promptly to all requests and concerns.