Privacy Policy: How We Safeguard Your Data at Flower Delivery Guildford

About This Privacy Policy

At Flower Delivery Guildford, we highly value your privacy and want you to feel secure when using our services. This Privacy Policy explains how we handle and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable UK data laws. This policy applies to all customers ordering from Flower Delivery Guildford in Guildford and its surrounding districts.

What Personal Data We Collect

When you place an order or interact with Flower Delivery Guildford, we may collect various types of personal data, including:

  • Contact Information: Such as your name, delivery address, billing address, contact telephone number, and (where applicable) recipient’s details when you are sending flowers to someone else.
  • Order Details: Including the products you purchased, delivery instructions, special messages, and purchase history.
  • Payment Information: While we do not store full payment card details, we process payment through third-party payment processors who securely manage your card information.
  • Communication Records: Such as enquiries, feedback, complaints, or communication regarding your order (via telephone, website forms, or written correspondence).
  • Website Usage Data: Like IP address, browser type, usage statistics, and cookie identifiers to help us enhance site functionality and user experience. This may be collected through essential cookies and analytics tools.

Lawful Bases for Data Processing

Under GDPR, we are required to have a valid lawful basis to collect and use your personal data. Depending on the purpose, we process your information on the following bases:

  • Contractual Necessity: To fulfil our contract with you. For example, we need your address to deliver your flowers and your payment information to process the order.
  • Legal Obligation: To comply with legal requirements such as tax or financial reporting obligations.
  • Legitimate Interests: In some cases, we use your information to improve our services and communicate with you about your order, as long as our interests do not override your fundamental rights and freedoms.
  • Consent: Where applicable, we will obtain your explicit consent before sending marketing communications or using cookies for non-essential analytics.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process, confirm, and deliver your flower order
  • To respond to your queries, feedback, or complaints
  • To enable payment processing for orders
  • To improve our website and customer services
  • To comply with legal and regulatory obligations
  • If you have provided consent, to send you information about promotions, offers, or updates (you may withdraw consent at any time)

How Long We Keep Your Data (Retention Periods)

We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for satisfying legal, accounting, or reporting requirements. Typically, order and transaction records may be retained for up to 7 years to comply with tax and legal obligations. Communication records and user account data will be deleted when they are no longer needed for operational purposes or when you request their removal, except where continued retention is required by law.

Who Processes Your Data (Data Processors)

We may share your data with trusted external parties (data processors) who assist in providing our services, such as:

  • Payment service providers: Processing card payments securely on our behalf
  • IT & Hosting providers: Storing and managing our website and databases
  • Delivery partners: Assisting in the delivery of your flower order
  • Professional advisors: Such as accountants or legal counsel, where necessary

All data processors are required to handle your information securely and only act upon our instructions. We do not sell or rent your personal data to third parties.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct any inaccurate or incomplete information.
  • Right to Erasure: Request that we delete your data, subject to exceptions such as ongoing contractual commitments or legal requirements.
  • Right to Restriction: Ask us to temporarily restrict the processing of your data.
  • Right to Object: Object to our use of your data where we process it based on legitimate interests or for direct marketing purposes.
  • Right to Data Portability: Request a copy of your data in a machine-readable format to transmit to another data controller.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without detriment.

If you wish to exercise any of your rights, please contact us using the details provided on our website. We will respond to your request in accordance with applicable laws, typically within one month.

How We Protect Your Information

We take the security of your data seriously. We implement appropriate technical and organisational measures to prevent unauthorized access, loss, misuse, or alteration of your personal information. All staff and processors are trained in data protection responsibilities.

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect or process data relating to children unless required for the fulfilment of an order with the full consent of a responsible adult.

Changes to This Privacy Policy

This policy may be updated from time to time to reflect changes in our practices or legal obligations. Please revisit this page periodically to ensure you understand how we protect your privacy.

Contact and Complaints

If you have questions or concerns about how we handle your data, or if you wish to make a complaint about our privacy practices, please contact us via the communication options listed on our website. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local data protection authority.