Florist Kennington GDPR Privacy Policy

Scope and Purpose of This Policy

This privacy policy explains how Florist Kennington collects, uses, protects, and processes your personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Florist Kennington from Kennington and surrounding districts.

What Data We Collect

When you place an order with Florist Kennington, we collect and process the following categories of personal data as necessary to fulfil your order and provide our services:

• Identity Information: Name, title
• Contact Details: Address, delivery address, telephone number, and any necessary contact instructions
• Order Information: Order details, requested delivery date and time, card message, and recipient’s information
• Payment Information: Details required to process transactions (such as payment method and confirmation of payment; card numbers are not stored by us, but by secure third-party processors)
• Correspondence: If you contact us with queries or complaints, the details and content of that communication
• Technical Data: Basic device, browser, and cookies data for site function and fraud prevention

Lawful Basis for Processing

Florist Kennington only processes your personal data when one or more of the following lawful bases apply under Article 6 of the GDPR:

• Contract: To fulfil our contract when you place an order with us, including processing payments and ensuring delivery
• Legal Obligation: To comply with legal and regulatory requirements such as accounting, tax, and fraud prevention
• Legitimate Interests: To communicate with customers about their orders, improve our services, or deal with customer queries, provided this does not override your rights and freedoms
• Consent: Where required, for example, if we seek to send marketing communications, we will only do this with your explicit consent. You can withdraw consent at any time

How We Use Your Data

Florist Kennington collects and processes your data for the following purposes:

• Fulfilling, processing, and delivering floral orders and related products
• Processing refunds, exchanges, and customer queries
• Communicating with you regarding the status of your order or response to your enquiries
• Maintaining records for accounting, tax, and compliance purposes
• Improving and enhancing our products and services
• Maintaining the security of our website and services, including fraud detection

How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected and in compliance with applicable laws and regulations. Typically:

• Order Records: Retained for up to seven years to comply with accounting regulations and for tax purposes
• Customer Account Information: Retained while the account remains active or until you request deletion
• Communications: Kept for up to two years for reference and quality assurance
• Payment Transaction Records: Financial information processed by third parties is subject to their own retention policies

Data will be securely erased or anonymised at the end of its retention period, or earlier upon lawful request.

Data Processors and Third Parties

To provide our services and operate our business efficiently, we may share your data with trusted third-party service providers acting as data processors. These include:

• Payment processors (for secure financial transactions)
• Delivery services or couriers (for order fulfillment)
• IT hosting providers (for website, communications, and data security)

All third-party processors only process your personal data according to our instructions and are required to implement adequate data protection measures. We do not sell your personal data to any third party.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You may request confirmation and obtain a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of incomplete or inaccurate data.
• Right to Erasure ('Right to be Forgotten'): Where applicable, you can ask us to delete your personal data.
• Right to Restrict Processing: You can request we restrict the use of your data under certain circumstances.
• Right to Data Portability: You may request to receive your data in a structured, commonly used format, and have it transmitted to another controller where feasible.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where we process data on the basis of your consent, you may withdraw it at any time.

To exercise any of these rights, please contact Florist Kennington using the details provided on our website or as given at the point of order.

Security of Your Data

We take the security of your data seriously. Physical, technical, and organisational safeguards are in place to protect your personal data against unauthorised access, accidental loss, or destruction. Only those staff and suppliers who need access to your data to perform their functions are permitted to do so.

International Data Transfers

Florist Kennington operates primarily within the UK and European Economic Area. If it is necessary to transfer your data internationally, we will ensure appropriate legal safeguards are in place to protect your data as required by the GDPR.

Updates to This Policy

This privacy policy may be updated from time to time to reflect changes in our practices, regulatory requirements, or the introduction of new services. Any significant changes will be clearly communicated on our website and will apply from the date published.

Contact and Complaints

If you have any questions about how we use your data or wish to exercise your rights, please contact Florist Kennington using our standard communication channels. If you believe your data is being handled unlawfully, you have the right to contact your relevant data protection authority.