Florist Grove Park Privacy Policy

Introduction

This Privacy Policy outlines how Florist Grove Park ('we', 'us', 'our') collects, uses, and protects the personal data of customers placing orders from Grove Park and its surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy and security of your personal information.

Scope of This Policy

This policy applies to all customers who place orders with Florist Grove Park, either through our website, by phone, or in person, and who reside in Grove Park and surrounding neighborhoods. By placing an order with us, you agree to the terms described in this policy.

Personal Data We Collect

In order to fulfill your florist order, we collect the following categories of personal data:

  • Identification Data: Name (customer and recipient), delivery address, billing address.
  • Contact Details: Telephone number, contact preferences.
  • Order Details: Products ordered, delivery instructions, messages for recipients.
  • Payment Information: Cardholder name, last four digits of card number (Note: full card details are not stored by us; they are processed securely via third-party payment providers).
  • Technical Data: IP address, device type, browser information, cookies (where applicable for website orders).

Lawful Basis for Processing

We process your personal data on the following lawful bases in accordance with Article 6 of the GDPR:

  • Contractual necessity: To process, confirm, and deliver your florist order.
  • Legal obligation: To comply with legal requirements, such as tax and accounting regulations.
  • Legitimate interests: For the purposes of internal recordkeeping, enhancing our services, and protecting against fraud.
  • Consent: Where you have explicitly opted-in to receive marketing communications. You are free to withdraw consent at any time.

How We Use Your Data

Your personal data is used only for legitimate business purposes:

  • Processing and fulfilling your order, including delivery and after-care support.
  • Providing customer service and responding to your enquiries.
  • Managing our relationship with you, including notifications about your order status.
  • Complying with legal and regulatory obligations.
  • Conducting internal audits, analytics, and service improvements.
  • If you consent, sending you information about offers and events related to Florist Grove Park.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above. Typically, customer and order details are kept for up to six years following your last transaction to satisfy accounting and legal obligations. Payment data is handled and stored by authorized payment processors and is not retained by Florist Grove Park. We regularly review our retention periods to ensure data is not kept longer than required.

Data Processors and Sharing

We may share your data with selected third parties who act as data processors on our behalf. These include:

  • Payment service providers for secure transaction processing.
  • IT service providers who help maintain our order management and website systems.
  • Delivery service partners to ensure your flowers reach their destination promptly.

Each processor is contractually obligated to protect your information and act only on our instructions. We do not sell or rent your information to third parties for marketing purposes. Where required by law, we may share information with regulatory or law enforcement authorities.

Your Rights Under GDPR

As a data subject, you have specific rights under the GDPR:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct or complete inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): You can ask us to delete your data where we have no lawful basis to retain it.
  • Right to Restrict Processing: You may request that we limit how we use your data.
  • Right to Data Portability: You can request that your data be provided to you or a third party in a structured, commonly used format.
  • Right to Object: You can object to certain types of processing, such as for direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint: If you believe your rights have been infringed, you can raise a complaint with the relevant supervisory authority.

How We Protect Your Data

We implement a range of technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, alteration, or destruction. This includes secure servers, access controls, staff training, and ongoing monitoring of our IT infrastructure.

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. The most current version will always be available upon request or via our website. We encourage you to review the policy periodically to stay informed about how we protect your information.

Contact and Further Information

If you would like more information about how we use your personal data, or if you wish to exercise any of your rights, please contact Florist Grove Park using the details provided on our website or enquire in person at our shop.