GDPR Privacy Policy: Dollis Hill Florist

Introduction

This Privacy Policy explains how Dollis Hill Florist ("we", "us", or "our") collects, uses, stores, and shares your personal data when you place orders with us, whether you are located in Dollis Hill or surrounding districts. We are committed to protecting your privacy and handling your information in accordance with the General Data Protection Regulation (GDPR) and other applicable UK data protection laws. This policy applies to all customers who place orders with Dollis Hill Florist, in-person, by phone, or through digital channels.

What Data We Collect

When you place an order with Dollis Hill Florist, we may collect and process the following personal data:

  • Personal identification: Your name and, where applicable, the recipient’s name.
  • Contact details: Address, delivery address, telephone number, and, if provided, email address.
  • Order information: Details of your purchase, messages or card notes, specific instructions, and delivery preferences.
  • Payment information: Payment card details or other payment details supplied via our payment processor (note: we do not store full card details).
  • Communication records: Correspondence with us regarding your order, enquiries, or complaints.
  • Website usage information: If you use our website, we may collect technical data such as IP address, browser type, access times, and activity logs (see our Cookies Notice for more information).

Lawful Basis for Processing

We only process your personal data where we have a valid lawful basis under GDPR. These include:

  • Contract: To process and fulfil your flower order, deliver products, handle payments, or manage customer service enquiries.
  • Legal obligation: To comply with any legal or regulatory requirements imposed on us (e.g., accounting or record-keeping obligations).
  • Legitimate interests: To maintain business records, enhance customer experience, and for internal analysis of service quality, provided these do not override your data protection rights.
  • Consent: With your clear agreement, where we use your data for purposes such as direct marketing communications (you can withdraw consent at any time).

How We Use Your Data

Your personal data is used for the following purposes:

  • To take, process, and deliver your orders, including confirmation and updates.
  • To manage payments, refunds, or address payment-related queries with our secure payment processor.
  • To communicate regarding the status of your order, respond to your requests, and manage any issues related to your purchase.
  • To comply with legal, financial, and regulatory obligations.
  • For internal business purposes, such as improving our products and services, preventing fraud, and retaining customer records.

Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected and in accordance with our legal and regulatory obligations. Typically, order information is kept for up to seven years to fulfil accounting and record-keeping requirements. Data held for direct marketing purposes will be retained until you opt out, withdraw consent, or request erasure. Once data is no longer required, it is securely deleted or anonymised.

Data Processors and Sharing

Your personal data may be shared with carefully chosen third-party service providers ("data processors") who assist us in performing functions such as payment processing, IT support, delivery logistics, and communications. We require all processors to act in accordance with our instructions, keep your data secure, and not use it for their own purposes. We do not sell your personal data to third parties.

We may also share your data if required by law, with regulatory or law enforcement bodies, or where necessary to protect our rights, property, or the safety of our business and customers. If we transfer your data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards in line with GDPR requirements.

Security of Your Data

We take the security of your personal information seriously. We implement appropriate organisational and technical measures to safeguard your data against loss, misuse, or unauthorised access. These include encryption, secure data storage, access controls, and regular staff data protection training.

Your Rights

Under GDPR, you have a number of rights relating to your personal data. These include:

  • Right of access: You can request to see the personal data we hold about you.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: In some circumstances, you can request that your data be deleted.
  • Right to restrict processing: You can request we limit the way we use your data in certain circumstances.
  • Right to data portability: Where applicable, you can ask to receive your data in a commonly used format or transfer it to another provider.
  • Right to object: You can object to processing based on legitimate interests or direct marketing at any time.
  • Right to withdraw consent: Where we process your data based on consent, you may withdraw this at any time without affecting the lawfulness of processing up to that point.

To exercise your rights or if you have any questions about this policy, please contact us by using the details provided at the end of this policy or by visiting us at our shop. We may need to verify your identity before fulfilling your request.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or privacy practices. Amendments will be posted on our premises and, where appropriate, you will be notified of significant changes. We encourage you to review this policy periodically.

Contact and Complaints

If you have any questions, concerns, or wish to exercise your rights regarding your personal data, please contact us using the contact details displayed in our shop or on our official communications. If you remain dissatisfied with our response, you may lodge a complaint with the UK Information Commissioner’s Office (ICO).

Thank you for trusting Dollis Hill Florist. We value your privacy and are dedicated to ensuring your data is handled with care and in compliance with the law.