Flowers Surrey Quays Privacy Policy

Scope and Overview

This Privacy Policy sets out how Flowers Surrey Quays ("we", "our", or "us") collects, processes, stores, and protects your personal information in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable UK data protection laws. The policy applies to all customers placing flower orders with Flowers Surrey Quays from Surrey Quays and surrounding districts. Please read this policy carefully to understand how your data is handled when you use our services.

What Personal Data We Collect

In the course of providing our products and services, we collect and process certain categories of personal data from you. The specific types of data we may collect include:

  • Identity Data: Name, surname, and title.
  • Contact Data: Delivery address, billing address, phone number, and, where provided, marketing preferences.
  • Order Data: Details regarding your order, including the products purchased, delivery instructions, and any gift card messages.
  • Payment Data: Information necessary to process your payment via secure third-party processors (we do not store your full payment card details).
  • Technical and Usage Data: When you access our website, we may collect technical information such as your IP address, browser type, and behaviour on our website using cookies and analytics tools.
  • Correspondence: Any communications you send to us, for example through contact forms or during customer service enquiries, may be recorded for reference and quality purposes.

Lawful Basis for Processing

We collect and process your data only where we have a valid legal basis under the GDPR. These bases include:

  • Contractual Necessity: To fulfil our obligations to you when you place an order for flowers, including processing payments, delivering products, and managing customer inquiries.
  • Legal Obligation: To comply with legal and regulatory obligations, such as record-keeping and tax requirements.
  • Legitimate Interests: To pursue our legitimate business interests, such as improving services, managing business operations, and conducting direct marketing (if permitted and not overridden by your rights).
  • Consent: If we want to send you marketing communications by email or phone beyond what is permitted by soft opt-in, we will seek your explicit consent, which you can withdraw at any time.

Purposes for Which We Use Your Data

Your personal data is used for the following purposes:

  • Processing and delivering your orders, including passing information to third-party delivery partners when required.
  • Managing your queries, feedback, or complaints.
  • Processing payments securely through trusted processors.
  • Keeping records for accounting, business analysis, and regulatory compliance.
  • Sending you service communications relevant to your order(s).
  • Where permitted, sending you updates about our products, services, and promotional offers.
  • Improving our website functionality and customer experience.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Typically, we retain customer and transaction records for up to seven years from the date of your last order for tax and regulatory needs. Shorter retention periods may apply to data used solely for specific purposes such as marketing consent, website analytics, or customer queries. Once personal data is no longer required, it is securely deleted or anonymised.

Processors and Third Parties

To deliver our services efficiently and securely, it is sometimes necessary to share your data with trusted third parties (data processors), such as:

  • Payment service providers (for secure transaction processing).
  • IT hosting and maintenance providers (for website operation and security).
  • Delivery and logistics partners (to ensure your order reaches your recipient).
  • Professional advisers, such as accountants or legal consultants, if needed for regulatory compliance or dispute resolution.

All our data processors are strictly bound by contractual terms to process your data in accordance with GDPR requirements, only on our instructions, and to maintain the security and confidentiality of your data. We do not sell or rent your data to third parties for their own marketing purposes.

How We Protect Your Data

We implement appropriate technical and organisational measures to safeguard your personal information. These include secure website connections (SSL), restricted access to personal data, regular staff training, and measures to ensure our IT network and systems are robust against unauthorised access or disclosure. If you suspect any misuse or loss of your data, please contact us immediately.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be Informed: To be informed about the collection and use of your personal data.
  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To have inaccurate or incomplete personal data corrected.
  • Right to Erasure: To request deletion of your data where there is no lawful basis for its retention.
  • Right to Restrict Processing: To request limitation of data processing under certain circumstances.
  • Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.
  • Right to Object: To object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where your data is processed on the basis of consent, you may withdraw this consent at any time.

To exercise any of these rights or if you have concerns about your data, please contact us through the channels provided on our website. We will respond to your request as soon as possible and always within the timescales required by law.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our personal data practices. Any amendments will be posted on our website, and, where appropriate, notified to you directly. We encourage you to review this policy periodically to stay informed about how we are protecting your personal information.

Contact and Complaints

If you have questions, concerns, or wish to file a complaint about our privacy practices, please use the contact information provided on our website. You also have the right to lodge a complaint with the UK Information Commissioner's Office or your relevant supervisory authority.