Florist Willesden GDPR Privacy Policy

Introduction

At Florist Willesden, we are devoted to protecting the privacy and security of our customers. This Privacy Policy explains how we collect, use, and safeguard your personal information in compliance with the General Data Protection Regulation (“GDPR”). It applies to all individuals who place orders with Florist Willesden within Willesden and the surrounding districts.

What Data We Collect

To process your requests, manage your orders, and improve our services, we may collect the following categories of personal data:

  • Contact Information: Name, delivery address, billing address, and contact details (such as telephone number).
  • Order Details: Products ordered, delivery instructions, and recipient’s details (if different from the customer).
  • Payment Data: Transaction details. Please note: we do not store your card numbers as secure payment providers process those details on our behalf.
  • Communication Data: Correspondence with our staff (e.g. times and content of calls, or messages regarding orders).
  • Technical Data: IP address, browser type, referring website, and related technology used when accessing our website or online services.

Lawful Basis for Processing Personal Data

Florist Willesden processes personal data on several lawful grounds as outlined by the GDPR:

  • Contractual necessity: To fulfill orders, process payments, deliver products, and provide customer support (Article 6(1)(b) GDPR).
  • Legitimate interests: For activities that support our services and business operations, provided these interests are not overridden by your rights (Article 6(1)(f) GDPR), such as improving services or preventing fraud.
  • Legal obligations: To comply with legal and regulatory requirements (Article 6(1)(c) GDPR), such as accounting and taxation.
  • Consent: Where required—such as for some types of direct marketing—we will only process your data with your explicit consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time.

How We Use Your Personal Data

Florist Willesden uses your data for the following purposes:

  • Processing and fulfilling your flower orders, including delivery to you or your recipient
  • Communicating order confirmations, delivery updates, and resolving queries
  • Managing your customer account and preferences, where applicable
  • Complying with our legal and regulatory obligations
  • Enhancing and optimizing our website and customer experience
  • Where applicable, informing you of offers or updates in accordance with your communication preferences

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected—primarily for order processing, after-sale service, legal or regulatory requirements, and business analysis. Retention periods may vary depending on the category of data and applicable legal requirements:

  • Order information: Typically retained for up to six years in line with tax and accounting laws.
  • Payment data: Not stored by us; handled by our payment processors.
  • Correspondence: Usually retained for a period necessary to resolve queries, and for up to two years for records.

When retention is no longer necessary, data will be securely deleted or anonymized.

Data Processors and Transfers

We use reputable third-party service providers (data processors) to help deliver our services, such as payment platforms, web hosting, delivery logistics providers, and customer management systems. Each processor processes personal data strictly under contract, on our instructions, and in accordance with GDPR. Where processors are based outside the UK or the European Economic Area (EEA), we ensure appropriate safeguards (such as standard contractual clauses) are in place to protect your data.

How We Protect Your Data

Florist Willesden implements technical and organisational safeguards to prevent accidental loss, misuse, or unauthorised access to your data. These measures include encryption, secure servers, restricted access, regular staff training, and procedures for promptly addressing data breaches where required.

Your Rights Under GDPR

You have a range of rights relating to your personal data, summarised as follows:

  • Right of access: You can request details of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You may request the deletion of your data in certain circumstances (also known as the “right to be forgotten”).
  • Right to restrict processing: You may ask us to limit how we use your data.
  • Right to data portability: You may require us to provide your data to you or transfer it to another service provider, where technically feasible.
  • Right to object: You may object to certain processing, such as direct marketing.
  • Right to withdraw consent: Where consent is the lawful basis, you can withdraw it at any time.

To exercise any of these rights, you must provide adequate proof of your identity and details of your request. While we aim to respond promptly, GDPR provides us up to one month to comply.

Policy Scope and Updates

This Privacy Policy applies to all customers placing Florist Willesden orders for delivery within Willesden and surrounding districts. We may update this policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published with the new effective date displayed at the top of the policy. We advise you to revisit this page periodically to remain informed of how we use and protect your information.

Contacting Florist Willesden

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us through one of the channels listed on our website. We will be happy to assist and address your concerns regarding your personal data and privacy.