Enfield Wash Flowers Privacy Policy

Introduction

This Privacy Policy describes how Enfield Wash Flowers ('we', 'us', or 'our') collects, uses, stores, and protects personal data received from customers placing orders from Enfield Wash and surrounding districts. We are committed to ensuring that your privacy is protected in line with the General Data Protection Regulation (GDPR).

The Types of Data We Collect

To provide our flower order and delivery services, we collect certain personal data from customers. The information we may collect includes:

  • Contact details: Name, address (including delivery address), and telephone number.
  • Order details: Purchase history, items ordered, delivery instructions, and preferences.
  • Payment information: Transaction reference, type of payment method used (e.g., card, online payment), but we do not store full card details.
  • Communication data: Any correspondence between you and Enfield Wash Flowers, such as order confirmations and queries.

Purposes and Lawful Basis for Processing Your Data

We only process your personal data when we have a lawful basis to do so under GDPR. The purposes and corresponding legal bases for our processing activities are as follows:

  • Contractual necessity: To process your orders, deliver products, communicate order status, and handle any queries or complaints. This processing is necessary to perform the contract between you and Enfield Wash Flowers.
  • Legal obligation: To comply with applicable laws, such as tax and accounting regulations requiring us to retain order and transaction records.
  • Legitimate interests: To improve our products and services, manage our business operations, and prevent fraud, provided these interests are not overridden by your rights and interests.
  • Consent: We will seek your explicit consent before sending you marketing communications or where required by law.

How We Use Your Data

We use your personal data for the following purposes:

  • To process your orders and deliver flowers to the specified address.
  • To communicate with you regarding your order or respond to your customer service requests.
  • To manage our accounts and records, including tax and legal compliance.
  • To personalise your customer experience if you have provided preferences.
  • To improve our services through analysis of order history and customer interactions.

Your data will not be used for profiling or automated decision-making. We will not sell your information to third parties.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above or as required by law. The typical retention periods are as follows:

  • Order and transaction records: Retained for 7 years for tax and accounting compliance.
  • Communication data: Retained for up to 2 years after resolution of your query or complaint.
  • Marketing consent records: Retained until you withdraw your consent or opt out of marketing communications.

After these periods, your data will be securely deleted or anonymised.

Data Processors and Sharing

We may share your personal data with trusted third-party service providers who act as data processors on our behalf. These include:

  • Payment processing providers to securely process transactions.
  • Delivery partners to ensure your orders reach you at the designated address.
  • IT and cloud hosting services that store and protect our electronic records.
  • Bookkeeping and accountancy services to maintain regulatory compliance.

All our processors are contractually required to handle your data securely, follow our strict instructions, and maintain confidentiality. We do not permit them to use your data for their own purposes. Personal data is not transferred outside the UK or EEA without appropriate safeguards.

Your Rights Under GDPR

As a customer placing orders from Enfield Wash or surrounding districts, you have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Correct inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your data when it is no longer needed or if you withdraw consent (subject to any legal requirements to retain data).
  • Right to restrict processing: Ask us to restrict how we process your data under certain circumstances.
  • Right to data portability: Request a portable copy of your data for transfer to another provider.
  • Right to object: Object to processing based on legitimate interests or for marketing purposes.

You may exercise these rights by contacting us using the details provided at the end of this policy. We will respond to your requests in accordance with GDPR requirements and within one month.

Data Security

We have implemented physical, technical, and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These safeguards include secure storage solutions, limitation of access to authorised personnel only, regular training, and data encryption during payment processing. In the unlikely event of a data breach, we will notify affected customers and relevant authorities as required by law.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. Updates will be posted on our website, and the revised date will be shown at the top of the policy. We encourage customers to review this policy periodically.

Contact and Complaints

If you have any questions, wish to exercise your rights, or wish to make a complaint about how we process your personal data, please contact us using the details provided on our website or order forms. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local data protection authority.