Kingsbury Florist Privacy Policy

Our Commitment to Your Privacy

At Kingsbury Florist, we are dedicated to protecting the privacy and personal data of our customers. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the UK General Data Protection Regulation (GDPR). This policy applies to all individuals placing orders with Kingsbury Florist in Kingsbury and the surrounding districts. We encourage you to read this policy carefully to understand how your information is handled and your rights regarding your data.

What Personal Data We Collect

When you use our services, including placing orders for flowers and related products, we collect the following categories of personal data:

  • Identity Data: Name, and if provided, the name of the intended recipient.
  • Contact Data: Delivery address, billing address, phone number, and, if applicable, your preferred method of contact (such as SMS delivery notifications).
  • Order Details: Specific items ordered, messages for recipients, order notes, and preferences.
  • Payment Data: Payment method and transaction information (note: Kingsbury Florist does not store complete credit/debit card details; payments are processed by secure third-party providers).
  • Technical Data: IP address, browser type, device details, and other data automatically collected if you use our website.

Lawful Basis for Processing Your Data

We only collect and process your personal data when we have a lawful basis for doing so, as defined under GDPR. These bases include:

  • Contractual Necessity: To process, fulfill, and communicate about your order. Without this data, we would not be able to deliver your purchased products or handle your inquiries.
  • Legal Obligation: For compliance with laws related to accounting, taxation, and record-keeping.
  • Legitimate Interests: For activities such as customer service follow-up, maintaining business operations, preventing fraud, and improving our services, provided your rights do not override our interests.
  • Consent: Where required, such as sending you marketing communications. You may withdraw consent at any time.

How We Use Your Data

Your personal data is used exclusively for the purposes described above. Specifically, we use your data to:

  • Process and deliver your order, including communicating order status and organizing delivery logistics.
  • Respond to your inquiries and provide customer support.
  • Comply with legal, regulatory, and contractual obligations.
  • Improve our services and optimize our website.
  • Send marketing communications if you have opted in.

Data Retention and Storage

Your personal data is retained only for as long as necessary to fulfill the purposes set out in this policy, such as processing your order and complying with our legal and financial obligations. Specifically:

  • Order and Transaction Data: Retained for seven years to comply with accounting and tax regulations.
  • Customer Support Correspondence: Kept for up to two years following order delivery.
  • Marketing Preferences: Maintained until you withdraw consent or request deletion.

Upon expiration of these periods, your data will be securely deleted or anonymised.

Processors and Third Parties

We may share certain personal data with trusted third-party processors who assist us with delivery, payment processing, IT services, and regulatory compliance. We ensure that all our data processors comply with GDPR and only process your data on our instructions. Examples include:

  • Payment service providers to process secure transactions.
  • Delivery partners for order fulfillment.
  • IT service companies who host and maintain our website and management systems.
  • Accountants and legal professionals for regulatory compliance.

These third parties are bound by confidentiality and data protection agreements. Your data is not sold or disclosed for marketing by third parties.

International Transfers

Your personal information is stored and processed within the United Kingdom. If, on rare occasions, your data needs to be transferred outside the UK (for example, for technical support), we will ensure the receiving party upholds standards equivalent to UK GDPR, through appropriate safeguards such as contractual clauses.

Your Data Protection Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right to Access: You may request confirmation of what data we hold about you and obtain a copy.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
  • Right to Erasure: Also known as the "right to be forgotten," you may request deletion of your personal data when it is no longer necessary, subject to our legal obligations.
  • Right to Restriction of Processing: You can ask us to temporarily restrict how we use your data.
  • Right to Data Portability: You have the right to receive a copy of your data in a commonly used, machine-readable format.
  • Right to Object: You can object to the use of your personal data for certain purposes, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the information provided in your order confirmation and on our website.

How We Protect Your Data

We implement a variety of appropriate technical and organizational measures to ensure the security of your personal data, including encryption, access controls, staff training, and regular security assessments. Only authorized employees and processors have access to your data, and only for purposes necessary for fulfilling your order or legal obligations.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or service changes. Any significant modifications will be noted on our website or communicated through order channels. The version above is effective as of June 2024.

Contact and Complaints

If you have any questions or concerns about how Kingsbury Florist uses your personal data or this Privacy Policy, please contact us via the methods provided at the time of ordering or as advertised on our website. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.