How Florist Lisson Grove Handles Your Personal Information

Introduction

This Privacy Policy describes how Florist Lisson Grove ("we", "us", or "our") collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). The policy applies to all customers who place orders with Florist Lisson Grove from Lisson Grove and surrounding districts. Our aim is to be transparent about our data processing practices and assure you of our commitment to data privacy and security.

What Data We Collect

To fulfil your order and provide high-quality service, we may collect and process the following types of personal data:

  • Identification Data: Full name, delivery recipient’s name, title or honorific
  • Contact Details: Delivery address, billing address, phone numbers, and requests regarding delivery timings
  • Order Information: Details about your flower order, notes for delivery, and any special instructions
  • Payment Information: Payment method details, transaction information (but not your full card details, as payments are handled by secure payment processors)
  • Communications: Records of emails or messages sent to or received from you regarding your orders and customer service queries
  • Technical Data: IP addresses, browser type, time zone settings, and usage data collected via our website for security and analytics

Lawful Basis for Processing

We only collect and process personal data where we have a lawful basis for doing so, such as:

  • Contractual Necessity: To process your orders and deliver flowers as requested
  • Consent: Where consent is explicitly provided for marketing or optional communications
  • Legal Compliance: To fulfil our legal obligations, such as tax or accounting requirements and fraud prevention
  • Legitimate Interests: For purposes relating to improving our services, maintaining security, and handling customer service operations without overriding your data protection rights

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders, including arranging delivery and managing payment
  • Contacting you regarding your order status or customer service matters
  • Improving our service, customer experience, and website functionality
  • Meeting our legal, regulatory, and tax obligations
  • Sending you information about services and offers if you have consented to receive marketing communications

Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes described in this policy, including satisfying legal, accounting, or reporting requirements. Specifically:

  • Order and transaction data is retained for up to 7 years, as required by tax legislation.
  • Contact and communication data is typically retained for 2 years after your last interaction, unless you request earlier removal or legal reasons require longer retention.
  • Technical data may be kept for analysis or security purposes, but only in pseudonymised or aggregated form where possible.

After the relevant retention periods, your data will be securely deleted or anonymised.

Sharing and Data Processors

To provide our services, we may share your personal data with trusted third-party processors, which operate under contract to safeguard your information. These may include:

  • Payment Processors: To complete secure transactions (we do not store full payment card details)
  • Delivery Partners: For arranging the delivery of your order within Lisson Grove and neighboring districts
  • Website Hosting and IT Providers: For secure website operations, data storage, and IT troubleshooting
  • Professional Advisors: Such as accountants or auditors for compliance with regulatory obligations

All data processors are strictly vetted and contractually bound to comply with applicable data protection laws. We do not sell or lease your personal data to third parties for marketing or advertising purposes.

International Data Transfers

Should it be necessary to transfer your data outside the United Kingdom or European Economic Area (EEA), we ensure that adequate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission, to protect your privacy rights.

Your Rights Under GDPR

As a customer of Florist Lisson Grove, you have certain rights with respect to your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data, where no overriding legal reason exists to retain it
  • Right to Restriction: Ask us to suspend the processing of your data under certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, commonly used electronic format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time

You may exercise any of these rights by contacting us using the details provided on our website or in your order confirmation documents. We may need to verify your identity to process these requests securely.

Security Measures

We take appropriate technical and organisational measures to protect your personal data from accidental loss, improper access, alteration, or disclosure. These measures include secure data transmission, restricted access controls, staff training, and regular review of our security practices.

Policy Updates

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. Updated versions will be posted on our website, with the date of the latest revision indicated at the top of the policy. For significant changes, we will take additional steps to inform you, such as through a notice with your order or website notification.

Contact and Complaints

If you have any concerns about how we handle your personal data, please contact us directly using the details provided on our website. You may also lodge a complaint with the relevant supervisory authority should you believe your data protection rights have been infringed.

This Privacy Policy was last reviewed and updated in June 2024. Your continued use of our services constitutes acceptance of these terms.