Florist Rush Green: Privacy Policy for Customers

Privacy Policy Overview

This Privacy Policy outlines how Florist Rush Green ('we', 'our', or 'us') collects, uses, stores, and protects your personal information when you place an order with us from Rush Green and surrounding districts. We are committed to respecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable data protection laws in the United Kingdom. Please read this policy carefully to understand your rights and how we handle your data.

Scope of Policy

This policy applies to all customers who place orders with Florist Rush Green, whether online, by telephone, or in person, where personal data is provided as part of the ordering and delivery process. It covers services within Rush Green and the neighbouring areas we serve.

Data We Collect

We collect only the data required to process your order, provide delivery, and improve our services. The types of data we may collect include:

  • Identity Data: your name and, if ordering on behalf of someone else, the recipient's name.
  • Contact Data: delivery address, billing address, and contact telephone number.
  • Order Details: purchased products, delivery instructions, recipient details, and messages on cards.
  • Payment Data: billing information (processed securely by third-party payment providers; we do not store your card details).
  • Technical Data: device information, browser type, and anonymised analytics collected via cookies (where applicable).

Lawful Basis for Processing

Our processing of your personal information is grounded in one or more lawful bases as defined in the GDPR, which include:

  • Contractual Necessity: To fulfil the contract you enter by placing an order. This includes processing and delivering your goods and communicating about your order.
  • Legal Obligations: Where we are required to comply with statutory or regulatory requirements, such as tax or accounting purposes.
  • Legitimate Interests: To improve our services, prevent fraud, or address your enquiries, provided that these interests do not override your data rights and freedoms.
  • Consent: For activities not covered by the above, such as direct marketing communication, we will request your explicit consent, which you may withdraw at any time.

How We Use Your Information

Your personal information will only be used for the purposes for which it was collected. These include:

  • Processing and fulfilling your order, including delivery and customer service.
  • Communicating updates regarding your order status.
  • Managing payment and refunds.
  • Responding to your enquiries or feedback.
  • Fulfilling legal and accounting obligations.
  • With your consent, providing information about our products or services you may be interested in.

Retention of Your Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. In general, we will retain:

  • Order and contact data – for up to 7 years, as required by tax law.
  • Marketing consent data – until you withdraw your consent or unsubscribe from communications.
  • Technical and analytical data – for up to 2 years for the purposes of improving our services.

Data no longer required will be securely deleted or anonymised.

Use of Data Processors

We may share your personal data with third-party service providers who act as data processors and assist us in delivering our services. These may include:

  • IT and website hosting providers who store our data securely.
  • Payment processing companies who process payments on our behalf. We do not store your full card details ourselves.
  • Delivery companies collaborating with us to ensure your order reaches its destination.

All processors are required to abide by data protection standards equivalent to those set out in the GDPR and are contractually bound to protect your data and only process it as instructed by Florist Rush Green.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You may request a copy of the personal information we hold about you.
  • Rectification: You have the right to have incorrect or incomplete data amended.
  • Erasure: You can request the deletion of your personal data under certain circumstances.
  • Restriction: You may ask us to restrict processing your personal data in certain situations.
  • Objection: You can object to processing where we rely on legitimate interests as the legal basis.
  • Portability: When applicable, you can request that your data be transferred to you or another third party.
  • Withdraw Consent: Where we base processing on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights, please contact us using our usual communication channels. We may require identity verification before fulfilling certain requests.

Security of Your Data

We are committed to safeguarding your personal information using appropriate technical and organisational security measures. These include secure servers, encrypted transactions where applicable, and regular reviews of our data handling processes. All staff are trained in privacy and data protection best practices.

International Transfers

We do not routinely transfer your personal data outside of the United Kingdom. If this it necessary, we ensure any such transfers comply with applicable data protection laws and that an adequate level of protection is given to your data.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data handling practices. The current version will always be available on request or through our usual communication methods. We encourage customers to review the policy periodically.

Contact and Complaints

If you have any questions about this Privacy Policy, your data, or if you wish to exercise your rights or lodge a complaint, please contact us using the methods normally provided on our website or order documentation. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.