Privacy Policy for Florist Harrow on the Hill Customers

Scope of This Privacy Policy

This Privacy Policy outlines how Florist Harrow on the Hill ("we", "our", or "us") collects, uses, stores, and protects your personal information when you order services from us. This Policy applies to all customers placing orders with Florist Harrow on the Hill in Harrow on the Hill and the surrounding districts. We are fully committed to protecting your rights and privacy under the UK General Data Protection Regulation (GDPR) and related data protection legislation.

What Personal Data We Collect

When you make an enquiry or place an order with Florist Harrow on the Hill, we may collect and process the following types of personal information:

  • Identity Information: Name, title (if provided)
  • Contact Information: Address, delivery recipient’s address, phone number, delivery instructions (if provided)
  • Order and Transaction Data: Details of your purchase, including products ordered, date and time, order value, and preferences relating to the purchase (such as card messages)
  • Payment Information: Payment confirmation received from our payment processors (note: we do not store full payment card details on our website or systems)
  • Correspondence: Details of your communications with us (e.g., queries, complaints, delivery confirmations)
  • Technical Data: IP address, browser type, device information, and website usage statistics (if you access our services online)

Purpose and Lawful Basis for Processing

We only process your personal data where a lawful basis under the GDPR exists. Our primary lawful bases are:

  • Contractual necessity: Processing your data is required to fulfil your orders and deliver the agreed services.
  • Legal obligations: Some data is processed to comply with tax, bookkeeping, and other legal or regulatory requirements.
  • Legitimate interests: For our own administrative needs, such as record-keeping, responding to queries, or improving our services, provided such interests are not overridden by your rights and freedoms.
  • Consent: For marketing communications (if and only if you have granted explicit consent).

How We Use Your Data

We use your personal information for the following purposes:

  • To process and deliver your flower orders, including communicating updates regarding your order
  • To manage payments, refunds, and collections securely
  • To respond to your queries, feedback, or complaints
  • To comply with applicable legal, accounting, or regulatory obligations
  • To analyse purchases and customer trends in order to improve our products and services
  • To send you marketing materials (where consent has been obtained)

How We Store and Retain Your Data

We store your personal information securely in accordance with data protection laws. Your order and customer records are retained only as long as necessary for the purpose for which they were collected:

  • Order records: Retained for up to 7 years as required by tax and financial regulations.
  • Correspondence and complaints: Retained for up to 3 years after resolution.
  • Marketing consents: Retained until you withdraw consent, or for no longer than 3 years after your last interaction with us.
  • Once data is no longer required, it will be securely deleted or anonymised.

Third-Party Data Processors

To process orders and run our business, we use reputable third-party data processors. These may include:

  • Payment service providers (who facilitate your card payments and comply with PCI-DSS standards)
  • Delivery and courier service partners (to deliver your order to the intended recipient)
  • IT and website support partners (who help us maintain secure and functional IT systems)
  • Accounting and record-keeping services (to comply with legal requirements)

All processors are bound by written contracts requiring strict data protection standards aligned with GDPR requirements. Personal data will never be sold, shared, or transferred to unrelated third parties for their own use. We do not transfer your data outside the UK or European Economic Area without ensuring appropriate safeguards are in place.

Your Data Protection Rights

Under the UK GDPR, you have the following rights concerning your personal information:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct incomplete or inaccurate data.
  • Right to Erasure: You may request deletion of your data where there is no longer a valid reason for us to keep it.
  • Right to Restrict Processing: You may request restriction of processing in certain circumstances.
  • Right to Data Portability: Where applicable, you can request a copy of your data in a structured, commonly-used format.
  • Right to Object: You can object to our processing of your data where we process on the basis of legitimate interest or for direct marketing.
  • Right to Withdraw Consent: Where consent is relied upon, you may withdraw your consent at any time.

To exercise your rights, please contact us using the contact details provided at the end of this policy or on our website. We will respond to your request in accordance with GDPR requirements and usually within one month.

How We Protect Your Data

We use reasonable and appropriate security measures, including encryption, access controls, regular staff training, and secure disposal of data, to prevent unauthorised access, disclosure, loss, or misuse of your data. We review and update our security practices regularly to keep your data safe.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our operations, practices, or legal obligations. We encourage you to review this policy periodically.

Contacting Us

If you have any questions about how Florist Harrow on the Hill processes your data or wish to exercise your rights, please get in touch via the contact methods provided on our website or at our store premises. If you remain dissatisfied, you have the right to contact the Information Commissioner’s Office (ICO).