Canonbury Flowers Privacy Policy

Introduction

This Privacy Policy explains how Canonbury Flowers collects, uses, retains, and secures personal data entrusted to us by customers placing orders from Canonbury and surrounding districts. We are committed to safeguarding your privacy in compliance with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. Please read this policy carefully to understand our practices regarding your personal information and your rights as a customer.

Who This Policy Applies To

This Privacy Policy applies to all customers ordering products or services from Canonbury Flowers, whether you interact with us in person, over the telephone, through our website or via other sales or communications channels. It covers residents of Canonbury and neighbouring districts who engage with our business for floral orders, deliveries, consultations, or related transactions.

Personal Data We Collect

When you place an order or interact with Canonbury Flowers, we collect certain data necessary to process your request and fulfil our contractual obligations. We may collect the following personal information:

  • Contact Information: Name, delivery address, billing address (if different), contact telephone number, and sometimes additional directions for delivery.
  • Order Details: Information about the ordered products, customisation requests, delivery or event dates, and messages to recipients.
  • Payment Data: Payment method type and transaction details, processed securely through established payment providers. We do not store your card or full payment information ourselves.
  • Communications: Records of your communication with us, such as enquiries, feedback, or concerns, to help us improve our services and address your requests.
  • Technical Information: When using our website, information such as IP address, browser type, device type, access times, and website usage patterns may be collected automatically to ensure website security and performance.

Lawful Basis for Processing

We process your personal data strictly in accordance with GDPR. Our lawful bases for data processing typically include:

  • Contractual Necessity: Processing is required to fulfil your order, arrange delivery, or provide other services you request.
  • Legal Obligation: We may process data to comply with legal requirements, such as maintaining appropriate business records.
  • Legitimate Interests: Data may be used in ways necessary to improve our offerings, manage customer relationships, or keep our systems secure, provided this does not override your rights or freedoms.
  • Consent: In some cases, we may ask for your explicit consent to process data for purposes such as marketing communications. Where consent is sought, you may withdraw it at any time.

How We Use Your Data

Your personal data is used to ensure the effective provision of our services, customer support, and business administration. Specifically, it helps us to:

  • Process and deliver your floral order efficiently, including communicating with you regarding the order status.
  • Respond to your queries or requests for assistance.
  • Fulfill contractual obligations and manage transactions.
  • Keep our business records accurate and up-to-date.
  • Resolve disputes or address complaints.
  • Improve our products and services based on feedback and interactions.
  • Carry out internal administrative and operational functions, including accounting and IT support.

Data Retention

Your personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including processing orders, accounting, and regulatory compliance. Typically, we retain order-related data for up to six years in line with legal and tax requirements. After the relevant retention period, data is securely deleted or anonymised.

Data Processors and Third Parties

Certain services require us to share data with third-party processors, who perform tasks on our behalf. These may include:

  • Payment Processors: Secure payment service providers process your payment transactions. Canonbury Flowers does not store full payment details.
  • Delivery Partners: Trusted couriers or delivery agents may be provided with necessary contact details to deliver your order.
  • IT and System Providers: Data may be stored or processed using reputable cloud services or IT support contractors. All such third parties are contractually obliged to process your data only as instructed by us and to observe high data security standards.

We do not sell or rent your personal information to any third parties. Data will only be transferred or disclosed beyond these parties where required by law, regulatory authorities, or where you have given explicit consent.

Data Security

We implement appropriate organizational and technical measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. This includes secure access controls, encryption, password protections, and regular system monitoring. Access to personal data is limited to personnel who need it to carry out their job duties and who are trained in data protection requirements.

Your Rights Under GDPR

As a customer of Canonbury Flowers, you have the following rights under GDPR:

  • Right of Access: You may request access to the personal data we hold about you, including a copy of it.
  • Right to Rectification: You are entitled to correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure: You can request deletion of your data where it is no longer necessary for us to retain it, subject to certain legal obligations.
  • Right to Restriction: You can ask us to limit the processing of your data under particular circumstances.
  • Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you can request a copy of your data in a commonly used electronic format.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time without affecting the lawfulness of processing before withdrawal.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or regulatory obligations. Any substantial changes will be communicated as appropriate, and the most recent version will always be available on request or via our website.

Contact and Complaints

If you wish to exercise any of your data protection rights, please contact us through your preferred method of communication. If you have concerns regarding our handling of your personal data, we will do our utmost to address them promptly and transparently. Should you remain dissatisfied, you also have the right to lodge a complaint with the UK data protection regulator.