Privacy Policy for Flowers Hoxton Customers

Introduction

This Privacy Policy describes how Flowers Hoxton collects, uses, and processes your personal data when you place orders with us, either online or over the phone, in Hoxton and the surrounding districts. Flowers Hoxton is committed to adhering to the General Data Protection Regulation (GDPR) and protecting your privacy and personal data at all times.

Scope of the Policy

This policy applies to all individuals placing orders with Flowers Hoxton for delivery or collection from our location in Hoxton and neighboring districts. By placing an order with us, you agree to the processing of your data as described in this policy.

Personal Data We Collect

Flowers Hoxton collects certain information to fulfill your order and provide services. The types of personal data we may collect include:

  • Identification Data: Full name, title
  • Contact Data: Address, delivery address, phone number
  • Order Details: Products or services requested, delivery instructions, messages to recipients
  • Payment Data: Payment method and transaction details (handled via secure payment processors; we do not store your full payment card details)
  • Communication Data: Correspondence through calls or order notes
  • Technical Data: Device identifiers, IP address, and basic website usage analytics (where applicable for online orders)

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis to process your personal data. The main lawful bases we rely on are:

  • Contract: We need your personal data to enter into and fulfill our contract with you (e.g., to process and deliver your order).
  • Legal Obligation: We may process certain data to comply with legal or regulatory requirements, such as maintaining business and financial records.
  • Legitimate Interests: In some cases, we have a legitimate business interest to process your data that does not override your interests or rights (e.g., to improve our services or prevent fraud).
  • Consent: Where we use your data for purposes outside those necessary for providing our service (such as marketing), we will obtain your explicit consent beforehand.

How We Use Your Data

We use your data for the following purposes:

  • Processing, fulfilling, and delivering your orders
  • Contacting you about your order or responding to your queries
  • Managing accounts and processing payments
  • Complying with legal obligations and resolving disputes
  • Improving our services based on customer use and feedback
  • With your consent, occasionally contacting you with offers or updates

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes it was collected for, including for satisfying any legal, accounting, or reporting requirements. Typically:

  • Order-related personal data is retained for up to 7 years to meet financial and legal record-keeping requirements.
  • Contact and communication data used for marketing will be kept until you withdraw your consent or request its deletion.

After this period, data is securely deleted or anonymized.

Third-Party Data Processors

To deliver our services, we may share your information with trusted third-party data processors. These include:

  • Payment providers: Securely process payment transactions
  • IT and web service providers: Manage our website, order system, and communications
  • Delivery partners: Enable home or business delivery in Hoxton and surrounding areas

All third-party providers are required to comply with GDPR and only process your data according to our instructions. No processors are permitted to use your data for their own purposes.

International Data Transfers

Flowers Hoxton primarily stores and processes data within the United Kingdom and the European Economic Area (EEA). In rare cases, some data may be transferred outside these areas, but only when adequate safeguards (such as standard contractual clauses) are in place to protect your privacy rights.

How We Protect Your Data

We implement appropriate technical and organizational measures to secure your personal data, including encryption, regular security training, access controls, and secure data storage. If a data breach were to occur that risks your rights or freedoms, we will notify you and the relevant authorities as required by law.

Your Rights Under GDPR

You have a number of rights regarding your personal data under the GDPR, including:

  • The right to access your personal data
  • The right to rectify inaccurate or incomplete data
  • The right to request data erasure ("right to be forgotten") in certain circumstances
  • The right to restrict or object to the processing of your data
  • The right to data portability
  • The right to withdraw consent at any time (where we rely on your consent)

To exercise any of these rights, or if you have questions about this policy or our data practices, please contact us using the details available on our website or in-store.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in how we process your data or to comply with legal requirements. The date of the latest version will always be provided at the end of the policy. We encourage you to review this policy each time you place an order with us to remain informed.

Last updated: June 2024