Florist Surbiton Privacy Policy

Introduction

This Privacy Policy explains how Florist Surbiton (“we”, “us”, or “our”) collects, uses, and protects your personal data. It applies to all customers who place orders with Florist Surbiton from Surbiton and the surrounding districts. Our commitment is to manage your information with care and in accordance with the UK General Data Protection Regulation (UK GDPR).

What Data We Collect

When you interact with Florist Surbiton — for instance, by placing an order, contacting us, or browsing our services — we may collect and process the following categories of personal data:

  • Contact Information: Such as your name, address, delivery address, and telephone number.
  • Order Information: Details of products ordered, messages to recipients, and gift notes.
  • Payment Data: Payment confirmation information (handled securely by our payment processors; we do not store your full card details).
  • Communications: Any correspondence between you and us, including queries or feedback.
  • Technical Data: Device identifiers, IP address, browser type, and other data when you use our website for security and analysis.

Lawful Basis for Processing

Florist Surbiton only processes your personal data when we have a lawful basis to do so, as required by the UK GDPR:

  • Contractual Necessity: Most commonly, we process your data to fulfill the contract of sale when you place an order with us, including processing, delivering your purchase, and providing customer service.
  • Legal Obligation: Some data is retained as required to comply with legal obligations (such as tax or accounting laws).
  • Legitimate Interests: We may process your data for our legitimate business interests, including fraud prevention, service improvements, administrative purposes, or resolving disputes, providing that these interests are not overridden by your own data protection rights.
  • Consent: Where applicable, for example when sending you marketing communications, we rely on your clear and explicit consent. You may withdraw your consent at any time.

How We Use Your Data

Your data is used for the following purposes:

  • Processing and fulfilling your floristry orders.
  • Communicating order confirmations, delivery updates, and customer support responses.
  • Handling feedback or resolving complaints.
  • Conducting analysis to improve our services and operations.
  • Complying with applicable laws and regulations.

How Long We Keep Your Data

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Generally:

  • Order and transaction records are kept for seven (7) years to comply with tax and accounting regulations.
  • Marketing consent and communication preferences are kept until you withdraw your consent or request erasure.
  • Website analytics and technical data are retained for up to two (2) years.

Once data is no longer required for these purposes, it is securely deleted or anonymised.

Who Processes Your Data (Processors)

To deliver our services effectively, select personal data may be shared with trusted third-party processors. These include:

  • Payment processors: Who securely manage payment transactions, fraud prevention, and verification.
  • Delivery partners: For the fulfilment and tracking of your flower orders.
  • IT service providers: Delivering secure website, database, and cloud hosting support.
  • Analytics services: Assisting in understanding how our website is used to improve user experience and our offerings.

All processors are bound by contract to safeguard your personal data, act only on our instructions, and comply with applicable privacy legislation.

Your Rights Under the GDPR

Under data protection laws, you have several important rights in relation to your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any incomplete or inaccurate information.
  • Right to Erasure: Ask us to delete your personal data where there is no good reason for us to continue processing it.
  • Right to Restrict Processing: Request restriction of processing under certain circumstances.
  • Right to Data Portability: Request transfer of your personal data to you or to a third party in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to our processing of your personal data where we rely on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time where we rely on your consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been breached.

Data Security

We take the security of your data seriously. Florist Surbiton implements technical and organisational measures designed to safeguard your information from unauthorised access, disclosure, alteration, or destruction. All payment transactions are encrypted, and access to personal data is restricted only to staff and processors who require it to perform their duties.

Policy Updates

We may update this Privacy Policy from time to time, to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any significant changes will be communicated appropriately. Your continued use of Florist Surbiton's services indicates your agreement to the most recent version of this policy.

Contacting Florist Surbiton

If you have any questions about this Privacy Policy or your personal data, or if you would like to exercise any of your GDPR rights, please contact us via the contact form on our website or visit us at our Surbiton location. We are committed to responding to all requests promptly and in accordance with applicable law.