Flowers Wennington Data Protection Policy

Introduction

At Flowers Wennington, we are committed to safeguarding the privacy and personal data of all our customers. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR). It applies to all individuals and organisations placing orders with Flowers Wennington in Wennington and the surrounding districts.

What Data We Collect

We collect only the information necessary to provide our services to you. The types of personal data we collect may include:

  • Contact Information: such as your name, delivery and billing address, telephone number, and (if provided) email address.
  • Order Details: including product selections, delivery instructions, and preferences.
  • Payment Information: limited data as required for processing payments; we do not retain full payment card details.
  • Communications: any correspondence between you and Flowers Wennington relating to your order or our services.
  • Technical Data: if you place an order online, we may collect technical data such as IP address, browser type, and device information. We do not use cookies for profiling purposes.

Lawful Basis for Processing

Our processing of your personal data is based on the following lawful bases under GDPR:

  • Contractual Necessity: We process your data to fulfil your orders and provide related customer service. Without this data, we would be unable to process your order or deliver our products to you.
  • Legal Obligation: We may retain certain information in order to comply with legal and regulatory requirements, including record-keeping for tax purposes.
  • Legitimate Interests: We may use your contact details to communicate with you about your order or gather feedback to improve our services, provided these interests are not overridden by your rights and interests.
  • Consent: If we seek to use your personal data for any other purpose, such as marketing, we will seek your explicit consent first. You have the right to withdraw your consent at any time.

Retention of Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined above, or as required by law. Generally, this means:

  • Order and transaction information is retained for up to 7 years in line with accounting and tax obligations.
  • Basic contact details may be maintained as long as you have an active relationship with us, e.g., for recurring orders.
  • Where consent is the only lawful basis, data will be deleted upon withdrawal of that consent.

All personal data is securely deleted or anonymised when it is no longer needed.

Processors and Data Sharing

Your personal data may be shared with trusted third-party processors involved in the fulfilment of your order. These may include:

  • Payment service providers to process your payment securely.
  • Delivery partners who ensure your flowers reach the right address on time.
  • IT and web hosting providers that maintain our online ordering system, ensuring secure storage and transfer of your data.

All processors are contractually required to protect your data in compliance with GDPR. We do not sell, rent, or otherwise disclose your personal details to unrelated third parties.

Data Security Measures

We employ technical and organisational measures to protect your personal data against loss, theft, unauthorised access, or disclosure. These include secure storage, access controls, and regular staff training. Online transactions are encrypted to maintain data confidentiality. Our partners are carefully selected and regularly reviewed to ensure security standards are maintained.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct any inaccurate or incomplete information about you.
  • Erasure: You have the right to request deletion of your data where it is no longer required or where consent is withdrawn.
  • Restriction: You can request the temporary restriction of processing under certain circumstances.
  • Objection: You may object to the processing of your data based on legitimate interests.
  • Portability: In some cases, you have the right to receive your data in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been breached.

Policy Updates

We may review and update this Privacy Policy from time to time, particularly if there are changes to our services or the legal framework. We encourage you to revisit this page periodically to stay informed about how your data is handled.

Contact and Further Information

If you have questions about this policy, your personal data, or your rights under GDPR, you are encouraged to contact Flowers Wennington via the usual channels used to place your order or by mail to our business address. We aim to respond to privacy-related requests within one month.

Scope of Policy

This Privacy Policy applies to all customers who place orders with Flowers Wennington within Wennington and the surrounding districts. By using our services, you acknowledge that you have read and understood this policy. Your privacy is important to us, and we are committed to handling your personal data with care and transparency.