Bromley Common Flowers Privacy Policy

Introduction

This Privacy Policy sets out how Bromley Common Flowers collects, uses, stores, and protects your personal information when you place an order with us. It applies to all customers placing Bromley Common Flowers orders from Bromley Common and the surrounding districts. Protecting your privacy and personal data is a responsibility we take seriously and in accordance with the UK General Data Protection Regulation (“GDPR”).

What Personal Data We Collect

When you place an order with Bromley Common Flowers, we may collect and process the following types of personal data:

  • Contact Information: Your name, address, phone number, and (where provided) email address.
  • Order Details: Information about the flowers, delivery dates, and special instructions related to your order.
  • Payment Data: Billing address and payment transaction details. We do not store full card numbers or security codes, as these are processed securely by third-party payment processors.
  • Recipient Information: Name, address, and (if applicable) phone number of the recipient of your order, required for successful delivery.
  • Communications: Any correspondence with us regarding orders, complaints, or queries.
  • Technical Data: Limited device and usage information (such as IP address, browser type, and access times) collected through our website for essential functionality and security.

Lawful Basis for Data Processing

We only process your personal data when we have a lawful ground to do so. Our lawful bases include:

  • Performance of a Contract: Most of the information we collect is necessary to fulfil your floral order and deliver our services to you or your designated recipient.
  • Compliance with Legal Obligations: We may need to retain data to comply with applicable laws, such as tax or accounting regulations.
  • Legitimate Interests: We may use your data for our legitimate interests, such as improving our services, preventing fraud, and ensuring the security of our website. Where appropriate, such interests are balanced against your rights and freedoms.
  • Consent: We may request your consent for certain optional communications, such as marketing information. You have the right to withdraw such consent at any time.

How We Use Your Personal Data

Your personal data is used for the following primary purposes:

  • Processing and managing your orders, including delivery to recipients.
  • Communicating with you regarding your order status, queries, or complaints.
  • Managing payment transactions and refunds.
  • Maintaining records for accounting and legal compliance.
  • Improving our services, products, and customer experience.
  • Detecting and preventing fraudulent activities or misuse of our services.
  • Providing marketing or promotional information, only where you have opted in.

Data Sharing and Processors

In order to provide our services efficiently and securely, we share your personal data only as necessary with trusted third parties acting as data processors. These may include:

  • Payment Processing Providers: To process payments securely.
  • Delivery and Courier Services: To deliver your floral orders to recipients.
  • IT and Hosting Providers: To operate and maintain our website and internal systems.
  • Professional Advisers: Such as accountants or legal advisors, where required by law.

All our processors are contractually bound to manage your data in line with the requirements of the GDPR and may not use it for any other purpose.

How Long We Retain Your Data

Personal data is retained only for as long as necessary to fulfil the purposes outlined in this policy and to comply with legal, financial, and regulatory requirements. As a general guide:

  • Order and transaction details are retained for up to seven years to comply with tax and accounting regulations.
  • Contact and communication information is held for as long as necessary to manage your orders and relationships with us.
  • Technical data is retained for a limited period, typically no more than 12 months, unless needed for security investigations.

When it is no longer necessary to retain your personal information, it will be securely deleted or anonymised.

Your Rights Under GDPR

As a customer of Bromley Common Flowers, you have the following rights under the GDPR with respect to your personal data:

  • The right to access and receive a copy of your personal data held by us.
  • The right to request rectification of inaccurate or incomplete personal data.
  • The right to request erasure of your data where there is no longer a legitimate reason for its continued processing.
  • The right to restrict or object to the processing of your data under certain conditions.
  • The right to portability, allowing you to obtain and reuse your data across different services.
  • If you have provided consent, the right to withdraw that consent at any time.

To exercise your rights, please contact us via the communication options listed on our website. We may need to verify your identity before processing your request for security reasons. We aim to respond to all legitimate requests within one month.

Data Security

We implement appropriate technical and organisational measures to keep your data safe, including secure servers, encryption of sensitive information where necessary, and limitation of data access to authorised personnel and processors.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in regulations, our data practices, or to clarify information. The "last updated" date will be appropriately indicated on this page. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy or your personal data, please contact us using the details provided on our website. We are committed to working with you to resolve any privacy concerns.