East Ham Flowers Privacy Policy

Scope of This Privacy Policy

This Privacy Policy sets out how East Ham Flowers collects, processes, stores, and protects the personal data of all customers who place orders from East Ham and the surrounding districts. We are committed to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). By placing an order with us, you consent to the practices described within this policy.

What Data We Collect

East Ham Flowers only collects data that is necessary for us to provide our services and operate our business efficiently. The personal data we may collect from you includes:

  • Contact Information: such as your name, address, and delivery address if different, so we can fulfil your order.
  • Contact Methods: e.g., preferred method of communication regarding your order (phone, SMS, or other methods you choose).
  • Order Details: including your product selection, order messages, gift notes, and any special delivery instructions.
  • Payment Information: details required to process your payment. We do not store payment card details after completing your transaction. Payment processing is handled by established third-party providers.
  • Purchase History: a record of items you have purchased to assist with customer service and for our legitimate business interests.
  • Correspondence: emails or communications you send to us regarding your orders or our services.
  • Cookies and Website Usage Data: If you use our website, we may collect data about your interaction with the site through cookies, such as pages visited and features used. This information is used to improve website functionality and your experience.

Lawful Basis for Processing

We process personal data in accordance with GDPR using one or more of the lawful bases described below:

  • Contractual Necessity: We process your data to fulfill and deliver your order, respond to your requests, and provide customer support.
  • Legal Obligation: In certain instances, we may be required to process your data to meet legal or regulatory obligations, such as record-keeping as required by tax or accounting laws.
  • Legitimate Interests: We may use your information for legitimate business reasons, such as fraud prevention, direct communications related to your order, and improving our services, provided your rights and interests do not override those interests.
  • Consent: In cases where you have provided explicit consent (for example, to receive marketing updates or newsletters), you may withdraw this consent at any time.

How We Use Your Data

Your data is only used in ways that are necessary to provide and improve our services:

  • Processing, fulfilling, and delivering your floral order.
  • Keeping you informed about your order status.
  • Handling your enquiries, feedback, or complaints.
  • Improving and customizing our services, including the website experience.
  • Complying with legal and regulatory requirements.
  • If you have opted in, occasionally sending information about promotions or new products (you may opt out at any time).

Retention Periods

We retain your personal data only for as long as it is required for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specifically:

  • Order Information: Typically retained for up to 6 years to comply with HMRC accounting obligations.
  • Marketing Consent: Retained until you withdraw your consent or request erasure (unless longer retention is required by law).
  • Website Usage Data: Retained as necessary for analytics and improvements, usually in non-identifiable form after initial analysis.

We securely delete or anonymise your data once retention periods have expired.

Processors and Data Sharing

We may share your personal information with trusted service providers (processors) who assist us in operating our business and delivering your order. These may include:

  • Payment processors to handle transactions securely.
  • Delivery services and couriers for order fulfilment.
  • IT service providers that support our website and data storage.

We require all third-party processors to respect the security of your personal data, process it only for specified purposes, and act in accordance with the law. We do not sell or share your personal data with unrelated third parties for their marketing purposes.

Your Privacy Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccuracies or update incomplete data.
  • Right to Erasure: In certain cases, you can request that we delete your personal data.
  • Right to Restrict Processing: You may request that we limit the way we use your data.
  • Right to Data Portability: If applicable, you can ask us to transfer your data to another service provider.
  • Right to Object: You can object to our processing of your data where we are relying on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If data is processed on the basis of your consent, you may withdraw this at any time without affecting previous processing.

To exercise any of these rights, please contact us using the details available on our website or by post to our registered business address. We will respond to all requests as required by law.

Data Security

We employ technical and organizational measures to protect your data against loss, unauthorized access, disclosure, or alteration. This includes secure data storage, encrypted communications, and processor due diligence. Should a data breach occur that affects your rights and freedoms, you will be notified in accordance with legal requirements.

Policy Updates

East Ham Flowers may update this Privacy Policy from time to time to reflect changes in our practices, relevant legislation, or for other operational reasons. The latest version will always be available on our website, along with the date of the last update. We recommend reviewing this policy periodically.

Contact and Complaints

If you have questions, concerns, or wish to exercise your data protection rights in relation to this policy, please contact us using the contact details available through our business channels or by post at our registered address. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority for data protection.