Enfield Florist Privacy Practices for Customers

Introduction

This Privacy Policy explains how Enfield Florist processes your personal data when you place an order with us from Enfield and the surrounding districts. Our commitment is to handle your information securely, transparently, and in accordance with the General Data Protection Regulation (GDPR).

Scope and Applicability

This policy applies to all customers placing floral orders directly with Enfield Florist for delivery or collection within Enfield and the nearby areas. By making an order, you acknowledge and agree to the practices described herein.

What Data We Collect

When you use our services, we may collect and process the following personal data:

  • Contact Information: Your name, billing and delivery addresses, and telephone number.
  • Order Details: Information regarding your purchase, including items ordered and recipient information.
  • Payment Information: Payment card details or transaction references (processed securely via our payment providers—note, we do not store card details after payment).
  • Communications: Records of communications between you and Enfield Florist, including order confirmations and enquiries.
  • Usage Data: Anonymous data about your access to our website, such as browser type and time spent on pages.

Lawful Basis for Processing

Enfield Florist processes your personal data only when we have a valid lawful basis to do so under Article 6 of the GDPR, including:

  • Contractual Necessity: To process and fulfil your order, and communicate in relation to your purchase.
  • Legal Obligation: To comply with legal requirements such as record-keeping for tax and accounting purposes.
  • Legitimate Interests: To improve our products and services, prevent fraud, and ensure the security of our operations (balanced against your rights and freedoms).
  • Consent: Where required, for marketing communications, which you may opt out of at any time.

How We Use Your Data

Your information is used to:

  • Process, confirm, and deliver your floral orders.
  • Update you on the status of your purchase or any issues requiring attention.
  • Comply with applicable laws and prevent fraudulent activity.
  • Improve the quality of our services and customer experience.

Data Retention

Personal data is retained for no longer than necessary. Typically, we keep order and communication records for up to seven years to comply with legal and accounting obligations. After this period, we securely dispose of or anonymise your personal data unless there is a legitimate reason to retain it further (such as the resolution of a legal claim).

Our Data Processors

We may share elements of your data with trusted third-party service providers who help us deliver our services. These data processors include:

  • Payment processing providers: To securely handle your transactions.
  • Delivery services or couriers: To fulfil your order and deliver flowers to your chosen recipient.
  • IT and website support partners: To maintain and improve our booking and order management systems.

All data processors are thoroughly vetted, contractually bound to confidentiality, and required to process personal data in adherence to GDPR. We do not sell or share your data with third parties for unrelated marketing purposes.

International Data Transfers

Enfield Florist primarily processes your data within the United Kingdom. If your data is ever processed outside the UK or European Economic Area, we ensure equivalent safeguards are in place in accordance with GDPR requirements.

Your Rights Under GDPR

You have several rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request that inaccurate or incomplete information be corrected.
  • Right to Erasure ('Right to be Forgotten'): Request that your personal data be erased, where appropriate.
  • Right to Restrict Processing: Ask us to suspend the processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a portable format, allowing you to transfer it elsewhere.
  • Right to Object: Object to certain forms of processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details displayed on our website or correspondence. We will respond to your request within one month, in accordance with GDPR regulations.

Security Measures

We implement suitable technical and organisational measures to safeguard your data against unauthorised access, loss, alteration, or destruction. Measures include encrypted transmission, secure physical storage, and restricted employee access on a need-to-know basis.

Updates to This Policy

We may update this Privacy Policy to reflect changes in the law or how we process your personal information. Any significant amendments will be communicated via our website or at the point of data collection.

Contact Us

If you have questions regarding this Privacy Policy or your personal data, please refer to the contact details on our official website or communication materials. You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data is being mishandled.

Conclusion

Enfield Florist is dedicated to protecting the privacy and rights of every customer. We appreciate your trust and are committed to handling your personal data with the utmost care and in compliance with all relevant regulations.