Privacy Policy for Flowers Canary Wharf Customers

Introduction

This Privacy Policy sets out how Flowers Canary Wharf ('we', 'us', or 'our') collects, uses, and processes personal data provided by customers placing flower orders from Canary Wharf and the surrounding districts. We are committed to protecting your privacy and managing your personal information in accordance with the General Data Protection Regulation (GDPR) and all applicable legislation. This policy describes what information we collect, our legal basis for processing data, how long we store it, who processes your data, and your rights as a customer.

Who Does This Policy Apply To?

This Privacy Policy applies to all customers who place orders with Flowers Canary Wharf for delivery in Canary Wharf and neighbouring districts. By placing an order or interacting with our services, you agree to the terms laid out in this policy.

What Data Do We Collect?

We collect and process different types of personal data depending on your interactions with us. This may include the following categories:

  • Identification Data: Name, delivery address, billing address
  • Contact Data: Phone number, email address (provided by you, where applicable)
  • Order and Transactional Data: Details about products you order, delivery instructions, order history, payment method (card type, not card number) and payment status
  • Communication Data: Any correspondence with us regarding orders, enquiries, complaints or feedback
  • Technical Data: IP address, browser type, access times, and cookies (if you visit our website)

We do not intentionally collect any special category data (such as health or religious information), nor do we collect data from children knowingly.

Lawful Basis for Processing Personal Data

We only process your personal data when we have a lawful basis to do so under the GDPR. Below are the relevant lawful grounds:

  • Contract Performance: Processing your data is necessary to fulfil the purchase contract when you order from us, including fulfilling orders, handling payments, and delivery.
  • Legal Obligation: We may need to process your data to comply with existing legal obligations, such as retaining records for tax or accounting regulations.
  • Legitimate Interests: We process certain data where it is necessary for our legitimate business interests, such as improving services, ensuring website security, or responding to your queries. We balance this interest against your privacy rights.
  • Consent: In cases where we use your data for direct marketing or for optional cookies, we will obtain your consent. You may withdraw your consent at any time.

How Do We Use Your Personal Data?

Your personal data is used for the following purposes:

  • Processing and fulfilling your order transactions
  • Arranging delivery logistics
  • Communicating with you regarding your order, including confirmations, updates or queries
  • Addressing customer support questions, feedback, or complaints
  • Improving our products, services, and user experience
  • Complying with legal and regulatory requirements
  • With your consent, sending you marketing communications or newsletters

Data Retention: How Long Do We Keep Your Information?

We will retain your personal data only for as long as necessary to fulfil the purposes for which it is collected, including for the following reasons:

  • Order Fulfilment: Typically, data related to transactions is retained for a minimum statutory period to comply with legal and accounting obligations (e.g., 6 years for accounting, depending on local law).
  • Customer Service: Correspondence and order details are retained as long as is necessary to resolve any queries or issues that may arise.
  • Marketing: If you consented to receive marketing, we retain your contact data until you withdraw your consent.
  • Technical Data: Information collected via cookies is retained in line with our cookie policy, usually not exceeding two years.

After the retention periods expire, your data is securely deleted or anonymized.

Processors & Third Parties

We may share your personal data with trusted third-party service providers to facilitate our business and provide the best customer experience. Such processors include:

  • Payment processing companies for secure transaction handling
  • Delivery or courier partners for ensuring the successful delivery of your order
  • IT service providers assisting with secure data storage and technical support
  • Professional advisers (e.g., accountants and auditors) where legally required

All third-party processors are contractually required to implement appropriate security measures and to process your data only as instructed by us. We do not sell or rent your personal information and do not permit our service providers to use your data for their own purposes.

International Transfers

If your personal data needs to be transferred outside the United Kingdom or European Economic Area, we ensure suitable safeguards are in place. This includes using standard contractual clauses or equivalent protections as required by GDPR.

Your Rights Under GDPR

Under GDPR, you have a range of rights regarding your personal data. Subject to conditions and exceptions by law, you can:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request corrections to any inaccurate or incomplete data
  • Erasure: Request that we delete your data in certain circumstances ("the right to be forgotten")
  • Restriction: Request that we limit the processing of your data
  • Data Portability: Request your data in a structured, machine-readable format and transfer it to another party
  • Objection: Object to certain types of processing, such as for direct marketing
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time

To exercise any of your rights, please contact us using your preferred method of communication. We will respond to your request as quickly as possible, and always within the time limits provided by law.

Data Security

We use a variety of technical and organizational measures to protect your personal information from unauthorized access, accidental loss, destruction, or disclosure. This may include encryption, access controls, secure storage, and staff training. Only authorized staff and service providers have access to your personal data as necessary.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices or legal requirements. The latest version will always be posted via our usual communication channels. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contacting Us

If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please reach out to us by your chosen method. We will be happy to address your queries and assist with your data protection rights.