Gipsy Hill Flowers Privacy Policy

Our Commitment to Your Privacy

At Gipsy Hill Flowers, we are dedicated to protecting the privacy and personal data of our customers. This Privacy Policy explains how we collect, use, store, and protect your personal information when you place an order with us in Gipsy Hill and surrounding districts. We comply fully with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

Scope of the Policy

This Privacy Policy applies to all individuals who place orders with Gipsy Hill Flowers, whether online, by telephone, or in person, within Gipsy Hill and its neighbouring districts. By placing an order, you acknowledge and agree to the practices described within this policy.

Personal Data We Collect

We collect a range of personal information to process your order effectively. This may include:

  • Contact Details: such as your name, address, phone number, and delivery address
  • Order Information: items ordered, messages for recipients, preferred delivery date, and special instructions
  • Payment Information: payment method details (processed by secure third-party payment processors; we do not store card details)
  • Communication Records: details of correspondences between you and Gipsy Hill Flowers
  • Technical Data: such as IP address, browser type, and device for online orders, which may be collected automatically for security and analytics

Lawful Bases for Processing Your Data

Under the GDPR, we are required to have a lawful basis to process your personal data. The bases we rely on include:

  • Contractual Necessity: Processing your personal data is necessary to fulfill your order and deliver products/services to you.
  • Legal Obligation: We may be legally required to process certain data, for example to comply with tax or accounting laws.
  • Legitimate Interests: We use your data to improve our services, manage customer relations, and ensure security, provided these interests are not overridden by your rights and interests.
  • Consent: In situations where required, such as for direct marketing communications, we seek your explicit consent.

How We Use Your Data

Your personal data is utilized for the following purposes:

  • Processing and fulfilling your floral orders
  • Communicating with you regarding your order status, deliveries, or customer service queries
  • Improving our products, services, and user experience
  • Complying with legal and regulatory duties
  • Sending marketing communications, only where lawful and with your consent

Storage and Retention of Data

We retain your personal data only as long as necessary for the purposes it was collected for. This includes:

  • Order Data: Customer and order information is usually retained for up to seven years for legal compliance and accounting purposes.
  • Communication Records: Retained for up to three years after your last interaction with us, unless a longer period is required by law.
  • Marketing Consent: If you have consented to receive marketing communications from us, we retain your contact details until you withdraw your consent or request deletion.

Third-Party Processors

We may share your data with selected third-party service providers who assist us in operating our business and delivering your orders. These processors include:

  • Payment service providers (to securely process payments)
  • Delivery partners or couriers (to fulfill your order)
  • IT and hosting service providers (to manage our online operations securely)

All third-party service providers are carefully selected, GDPR-compliant, and only process your data in accordance with our instructions. We do not sell or rent your data to third parties for marketing or any other purposes.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you can request that we delete your personal data.
  • Right to Restrict Processing: You may ask us to limit the processing of your data in certain situations.
  • Right to Data Portability: Where applicable, you can request a copy of your data in a commonly used format.
  • Right to Object: You may object to certain types of processing, such as direct marketing.

To exercise any of these rights, you may contact us using the details provided on our website or by post. We will respond to all requests within one month, unless applicable laws specify otherwise.

Keeping Your Data Safe

We take the security of your data seriously and implement industry-standard organizational and technical measures to protect it from unauthorized access, loss, or misuse. This includes secure storage, encryption of data during transfer where appropriate, and strict access controls for our staff and processors.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The latest version will always be available on our website with the date of the most recent revision.

Further Information

If you have any questions regarding this Privacy Policy or how we handle your personal data, please refer to our website for current contact information. We welcome your feedback, and you have the right to lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.