Flowers Enfield Wash Privacy Policy

Our Commitment to Your Privacy

Flowers Enfield Wash values the privacy and security of our customers' personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you place orders for flowers in Enfield Wash or the surrounding districts. Our practices are designed to comply with the requirements of the General Data Protection Regulation (GDPR) and to ensure transparency about your rights and our responsibilities.

Scope of this Policy

This Privacy Policy applies to all individuals placing orders with Flowers Enfield Wash, whether directly, by phone, or via our website, for delivery or collection in Enfield Wash and the surrounding communities. It governs the handling of personal data collected during the course of fulfilling your orders.

What Data We Collect

We collect only the necessary personal data required to process and deliver your flower orders, provide customer service, and comply with our legal obligations. Depending on your interactions with us, the personal data we may collect include:

  • Identification Data: Name, title
  • Contact Information: Delivery address, billing address, telephone number
  • Order Details: Products ordered, specific delivery instructions, recipient information (if different from the purchaser)
  • Payment Information: Payment details such as method, transaction ID (Note: credit/debit card details are processed securely by payment providers and are not stored by us)
  • Communication Data: Correspondence relating to your order or inquiry
  • Website Usage Data: Information about your use of our website, obtained through necessary cookies to provide essential site functionality

Lawful Basis for Processing Your Data

We ensure that all personal data are processed lawfully, fairly, and transparently. Our processing of your data is based on the following lawful grounds:

  • Contractual Necessity: Processing is needed to enter into or perform a contract with you, such as fulfilling your flower order
  • Legal Obligation: Compliance with laws and regulations that require us to retain certain records, such as for accounting and tax purposes
  • Legitimate Interests: To improve our products and services, promote security, and respond to your queries where these interests are not overridden by your data protection rights
  • Consent: Where required, for example, when you agree to receive marketing communications (note: you are free to withdraw consent at any time)

How We Use Your Personal Data

Your personal data is used exclusively for the following purposes:

  • Processing, confirming, and delivering orders placed by you
  • Communicating with you about the status of your order and responding to inquiries
  • Handling payments and refunds through secure payment processors
  • Maintaining our records in accordance with legal or business requirements
  • Improving our customer service and product offerings
  • Sending marketing communications, if you have expressly consented

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes described above. The specific retention periods are as follows:

  • Order and Delivery Information: Retained for up to 7 years to meet accounting and tax requirements
  • Communication Records: Retained for up to 2 years from the date of your last interaction
  • Marketing Preferences: Retained until you revoke your consent or request deletion
  • Upon expiration of the applicable retention periods, your data will be securely deleted or anonymised

Our Data Processors

To provide our services effectively, we may share your personal data with trusted third-party service providers (data processors) only when necessary and under strict contractual obligations, including:

  • Payment service providers: For secure payment processing
  • Delivery and courier services: For delivering your flower orders to the specified address
  • IT and hosting providers: For maintaining our website and business systems

Each processor is carefully selected to ensure they adhere to GDPR standards, and we require them to process your data only in accordance with our instructions and not for their own purposes.

Your GDPR Rights

As a customer, you have several rights under the GDPR relating to your personal data. You may:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of incorrect or incomplete information
  • Erasure: Request deletion of your personal data where there is no overriding lawful reason for continued processing
  • Restriction: Request us to limit the way we process your data in certain circumstances
  • Object: Object to processing based on legitimate interests or to direct marketing
  • Data Portability: Request your data be provided to you or another service provider in a structured, commonly used format

To exercise any of these rights, please contact us using the contact methods provided at the point of order or on our website. We may ask for proof of identity to ensure the security of your information. Requests will be acknowledged promptly and typically answered within one month, pursuant to GDPR timelines.

Security of Your Personal Information

Protecting your personal data is our priority. We implement technical and organisational safeguards to prevent unauthorised access, loss, misuse, or disclosure of your personal information. This includes secure storage, encrypted payment processing (where handled by payment providers), and staff training on data privacy obligations.

Updates to Our Privacy Policy

We may review and update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. The latest version will always be available to you on request or via our website. Continued use of our services after changes to this policy constitutes your acceptance of the updated terms.

Contacting Us

If you have questions about how we manage your personal data or wish to make a complaint, you can contact us at any time via the contact methods listed on our website or at the point of order. Should you believe that your rights have not been respected, you also have the right to lodge a complaint with the supervisory authority responsible for data protection in your region.