Florist Tooting Privacy Policy Overview

Introduction

This Privacy Policy explains how Florist Tooting manages your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy applies to all customers placing orders with Florist Tooting in Tooting and surrounding districts. We are committed to transparency and to safeguarding your privacy and rights when you use our services.

What Data We Collect

When you place an order with Florist Tooting, we collect various types of personal information relevant to processing, fulfilling, and delivering your order. The types of data we collect include:

  • Identity Data: your name, title, and, if you are ordering on behalf of someone else, the recipient's name.
  • Contact Data: address, delivery address (if different), postcode, phone number, and any contact details necessary for order completion.
  • Transaction Data: order history, payment amount, details of purchased items, order dates, and transaction identifiers (but not banking or credit card details, unless required for payment processing).
  • Correspondence Data: communications with our team, such as customer service requests and notes about your preferences.
  • Marketing Preferences: if you opt to receive marketing communications, we collect and store your preferences accordingly.

Lawful Basis for Processing Your Data

We process your personal data in compliance with GDPR, using the following legal grounds:

  • Performance of a Contract: Most data processing conducted by Florist Tooting is necessary to fulfil your order and provide our services, including processing payments, delivering products, and handling customer service enquiries.
  • Legitimate Interests: We may process data as necessary for our legitimate business interests, such as improving our services, maintaining security, and preventing fraud, provided that these interests are not overridden by your rights and interests.
  • Legal Obligations: Certain information may be retained or processed to comply with our legal obligations, such as tax and accounting requirements.
  • Consent: Where you have provided clear consent, such as signing up for marketing communications, we will process your information accordingly. Consent may be withdrawn at any time.

How We Use Your Personal Information

We use your personal data solely for the purposes for which it was collected, including:

  • Processing and delivering your orders.
  • Communicating order updates and responding to your enquiries.
  • Handling payments and refunds securely.
  • Improving our products and customer service through analysis and feedback.
  • Sending marketing communications where you have opted in.
  • Complying with applicable laws and regulations.

Retention of Your Data

We retain your personal information only as long as necessary for the purposes outlined above. In particular:

  • Order and transaction data are typically retained for up to seven years, as required by tax and accounting law.
  • Customer correspondence may be stored for up to three years to ensure we can respond to any future queries or complaints.
  • If you have consented to marketing communications, we will retain the relevant contact details until you unsubscribe or withdraw consent, after which these details will be securely deleted or anonymised within a reasonable timeframe.

After the relevant retention periods, your data is securely deleted or anonymised so that it is no longer identifiable.

Data Processors and Third Party Services

Florist Tooting may share your data with certain trusted third-party service providers who act as our data processors. These processors are only permitted to use your data for specified purposes, in accordance with this Privacy Policy and applicable data protection law. Examples of the types of processors we may use include:

  • Payment processing providers to securely handle card and bank payments for orders.
  • Delivery and logistics companies to effect prompt delivery of your order in Tooting and surrounding districts.
  • IT service providers helping to manage our website, databases, and internal systems.

These third-party processors act on our instructions, are subject to confidentiality agreements, and are required to maintain appropriate security measures to protect your data.

Florist Tooting will never sell or lease your data to third parties for marketing purposes. We disclose personal data outside the EEA only when necessary and with appropriate protections in place.

Your Rights Under the GDPR

As a customer, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of any inaccurate or incomplete data.
  • Right to Erasure: You have the right to ask us to delete your data in certain circumstances, for example where processing is no longer necessary or you have withdrawn consent.
  • Right to Restrict Processing: You can request restriction of processing if you contest the accuracy of the data or object to its processing.
  • Right to Object: You may object to our processing where it is based on legitimate interests or direct marketing purposes.
  • Right to Data Portability: Where processing is based on your consent or on a contract and is carried out by automated means, you can request your data in a commonly used, structured format.
  • Right to Withdraw Consent: If we rely on your consent for any processing, you can withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us using the methods outlined on our website or in store. We aim to respond to all legitimate requests within one month. In some cases, we may require proof of identity to safeguard your information and ensure accuracy.

Updates & Changes to This Policy

Florist Tooting may update this Privacy Policy from time to time to comply with legal requirements or adapt to changing business and technology needs. Updated policies will be posted on our website and made available in store, with the revision date clearly indicated. We recommend reviewing this policy periodically to stay informed about how we protect your personal information.

Contacting Florist Tooting

If you have questions or concerns about this Privacy Policy, or if you wish to exercise any of your GDPR rights regarding your personal information, please contact us using the contact details provided on our website or in-store materials. We are committed to handling your requests fairly and promptly in accordance with applicable privacy laws.