Forest Hill Flowers Privacy Policy

Introduction

This Privacy Policy explains how Forest Hill Flowers ("we", "us", "our") collects, uses, stores, and protects your personal data in connection with placing flower orders from Forest Hill and the surrounding districts. We are committed to safeguarding your privacy and ensuring that your personal information is processed in accordance with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. By placing an order with Forest Hill Flowers, you acknowledge that you have read and understood this Privacy Policy.

Scope of Policy

This policy applies to all customers who place orders with Forest Hill Flowers, whether in person, online, or via telephone, for delivery to addresses in Forest Hill and surrounding districts.

What Personal Data We Collect

Forest Hill Flowers collects and processes different types of personal information depending on your interaction with us. The types of data we collect may include:

  • Identification and Contact Data: Name, address, delivery address, phone number, billing address.
  • Order Information: Details about the products ordered, order dates, and delivery instructions.
  • Payment Data: The method of payment and transaction details (note: full payment details are not stored, only transaction records or confirmation numbers).
  • Recipient Information: Name, delivery address, and contact details of the recipient of flowers, provided by the ordering customer.
  • Communication Data: Correspondence via email, telephone, or messages, including any special requests or instructions.

Lawful Basis for Processing

We process personal data under the following lawful bases, as defined by the GDPR:

  • Contractual Necessity: Processing necessary for the performance of the contract of sale or to take steps at your request prior to entering into a contract, such as fulfilling and delivering your order.
  • Legal Obligation: To comply with our legal requirements, such as accounting, record-keeping, and invoicing.
  • Legitimate Interests: We may process certain data for our legitimate interests, such as improving our products and services, customer support, or handling queries and complaints, provided these are not overridden by your rights and interests.
  • Consent: Where required, such as for sending you marketing communications, we will ask for your explicit consent, which can be withdrawn at any time.

How We Use Your Data

Your personal information is used for the following purposes:

  • Processing your order, including delivery and payment processing.
  • Communicating with you about your order, confirmations, or issues relating to your order.
  • Providing customer support or handling any requests you make.
  • Complying with applicable legal, regulatory, and accounting obligations.
  • Improving our services and understanding customer preferences (using aggregate or anonymised data where feasible).

How We Share Your Information

We do not sell or rent your personal data. However, we may share your information with carefully chosen third parties as necessary to fulfil your order or operate our business, including:

  • Delivery Partners: Local couriers or delivery personnel to ensure flowers are delivered to the correct recipient.
  • Payment Processors: Secure third-party payment service providers to process your payments.
  • IT Service Providers: Providers of website hosting, booking systems, or software utilised to manage orders and store data securely.
  • Legal or Regulatory Authorities: If required by law, court order, or regulation.

All third-party processors are subject to strict security obligations and are required to handle your data in accordance with GDPR.

International Transfers

As a general rule, your data is stored and processed within the UK or EU. If data must be transferred to a country outside the UK or EEA, we ensure appropriate safeguards are in place to protect your data in accordance with applicable laws.

How We Protect Your Data

We implement appropriate technical and organisational security measures to safeguard your personal data. These measures include secure storage, use of encryption where suitable, and strict authorised access controls. Data is only accessed by staff and partners who require it for the fulfilment of your order or support.

Data Retention

We retain personal data for as long as reasonably necessary to provide our services and meet our legal, tax, and accounting obligations. Typically, your order information is retained for up to six years from the date of transaction for financial record-keeping. Where we process data for marketing or communications purposes based on your consent, we will retain this data until you withdraw consent or request that it be deleted.

Your Rights Under GDPR

You have certain rights under GDPR regarding your personal data. These include:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct or update inaccurate or incomplete information.
  • Right to Erasure: You can request that we delete your data in certain circumstances, such as where it is no longer required or if you have withdrawn consent.
  • Right to Restrict Processing: Under certain conditions, you may request that processing of your data be limited.
  • Right to Data Portability: In specific cases, you can request your data in a structured, commonly used, machine-readable format.
  • Right to Object: You can object to processing where processing is carried out for our legitimate interests or for direct marketing purposes.

If you wish to exercise any of these rights, please contact us using the contact details available on our website or at our shop. We will respond to your request in accordance with legal requirements and timeframes.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Any amendments will be posted in this document, and the date of revision will be shown at the bottom. We encourage you to review our Privacy Policy frequently to stay informed about how we are protecting your information.

Contacting Us

If you have any questions about this Privacy Policy, your personal data, or wish to make a complaint, please contact us using the details provided on our website or visit us at our Forest Hill shop. If you are dissatisfied with our handling of your data, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Last updated: June 2024