Gipsy Hill Florist Privacy Policy

Privacy Policy Overview

This Privacy Policy outlines how Gipsy Hill Florist collects, uses, stores, and protects the personal data of customers placing orders with us from Gipsy Hill and surrounding districts. We are fully committed to complying with the General Data Protection Regulation (GDPR) and respect the privacy and rights of our customers and website visitors.

Scope of this Policy

This Privacy Policy applies to all individuals who place orders with Gipsy Hill Florist, whether online, in-store, or by telephone, and who reside in or wish to purchase flowers for delivery to Gipsy Hill and nearby areas. By using our services, you agree to the collection and use of your information as described in this policy.

What Personal Data Do We Collect?

We collect only the data necessary to fulfill your order, improve our services, and comply with legal obligations. The types of personal data we collect may include:

  • Contact Details: Your name, delivery recipient’s name, delivery and billing addresses, phone numbers, and contact preferences.
  • Order Information: Details of the products or services you order from us, such as bouquet type, delivery notes, and purchase history.
  • Payment Data: Payment method, transaction details (we do not store your full payment card information as all payments are processed securely by third-party payment processors).
  • Communication Records: Emails, written correspondence, order notes, or feedback provided to us.
  • Website Usage: Cookies, IP address, and analytics data collected when you browse our website (see our cookie policy for more information).

Lawful Basis for Processing Your Data

Under GDPR, we must have a lawful reason for processing your personal data. We rely on the following grounds:

  • Contract: The majority of data is collected and used to enter into and fulfill our contract with you for the purchase and delivery of flowers and gifts.
  • Legal Obligation: We may process your information to comply with legal or regulatory requirements, such as record-keeping for tax obligations.
  • Legitimate Interests: We may use your data to improve our services, prevent fraud, and conduct direct marketing (unless you opt-out), provided these interests do not override your fundamental rights and freedoms.
  • Consent: Where required (for example, for certain types of marketing), we will ask for your clear consent before processing your data.

How We Use Your Information

We use your personal data to:

  • Process and deliver your orders efficiently and accurately.
  • Communicate with you regarding your order, delivery status, or feedback.
  • Improve our website, products, and customer service.
  • Send service-related notifications and, where permitted, promotional updates (you can opt out at any time).
  • Comply with our legal and regulatory responsibilities.
  • Protect our business and customers from fraud or misuse.

Data Retention: How Long Do We Keep Your Data?

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Typically:

  • Order and transaction data is kept for up to 7 years to comply with accounting and tax requirements.
  • Marketing consent and preferences are stored until you withdraw consent or request your data to be deleted.
  • General customer correspondence and queries are deleted after 3 years of inactivity, unless needed for legal reasons.

When retention periods expire, or upon your request (where applicable), your personal data will be securely erased or anonymised.

Who Processes and Has Access to Your Data?

Your data is processed primarily by authorized Gipsy Hill Florist staff. In some circumstances, we may also share your information with trusted third-party service providers (‘processors’) who help us deliver our services. These include:

  • Payment processors for secure handling of payments.
  • Delivery partners for fulfilling and tracking your orders.
  • IT support and web hosting companies for maintaining our website and systems.
  • Accountants and professional advisors for business compliance.

All processors only access your data as necessary to perform their contracted tasks, and they must comply with strict confidentiality and security requirements. We do not sell or share your personal data with third parties for unrelated purposes.

How We Protect Your Data

We implement appropriate technical and organisational measures to ensure the protection of your personal information. These include:

  • Secure payment portals and encrypted data transmission.
  • Strict internal access controls and staff training.
  • Regular security assessments of our website and systems.
  • Data minimisation and timely deletion in accordance with our retention policy.

Your Data Protection Rights

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request confirmation of what personal data we hold about you and receive a copy.
  • Right to Rectification: Ask us to correct inaccurate or incomplete information.
  • Right to Erasure: In certain circumstances, request deletion of your personal data.
  • Right to Restrict Processing: Ask us to limit how we process your information.
  • Right to Data Portability: Receive your information in a structured, machine-readable format or have it transferred to another service provider.
  • Right to Object: Object to certain types of processing, such as direct marketing.
  • Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time.

If you wish to exercise any of these rights, please contact us using the details on our website. We may need to verify your identity and will respond without undue delay, and in any event within one month.

Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Please review this page periodically for any changes. Continued use of our services following any updates will be deemed acceptance of those changes.

Contacting Gipsy Hill Florist

If you have any questions about this Privacy Policy or your personal data, please use the contact form provided on our website or write to us at our physical store address.