Surrey Flowers Privacy Policy

Introduction

This Privacy Policy outlines how Surrey Flowers (“we”, “us”, “our”) collects, processes, stores, and protects the personal data of our customers (“you”, “your”). It applies to all individuals placing orders with Surrey Flowers from Surrey and its surrounding districts. We take your privacy seriously and comply fully with the General Data Protection Regulation (GDPR).

What Data We Collect

We collect and process the following categories of personal data when you place an order or interact with Surrey Flowers:

  • Identifying Information: Name, delivery address, billing address
  • Contact Details: Telephone number and, if provided, email address
  • Order Information: Products ordered, delivery instructions, personalised messages on flower cards
  • Payment Information: Details required to complete your purchase (e.g., card type, last 4 digits of card), processed securely through third-party payment processors. We do not store full payment card details.
  • Correspondence: Records of communications with us, including feedback, complaints, and queries
  • Technical Data: IP address, device type, and basic usage information captured through website operation (for security and functionality)

Lawful Basis for Processing

Under the GDPR, Surrey Flowers must have a lawful basis for processing your personal data. The main lawful grounds we rely on include:

  • Performance of Contract: When you place an order, we need your data to process, fulfil, and deliver your flowers, as well as handle payments.
  • Legal Obligation: We may need to retain your information to fulfill legal requirements, such as financial record-keeping or compliance with consumer protection laws.
  • Legitimate Interests: We process data to improve our services, prevent fraud, and enhance customer experience, provided that such interests are not overridden by your rights and interests.
  • Consent: For certain marketing activities or where required by law, we will ask for your explicit consent before using your data for that purpose. You may withdraw your consent at any time.

How We Use Your Data

Surrey Flowers uses your personal data only for the purposes stated at the time of collection or as described in this policy. Typical uses include:

  • Processing and delivering your flower order, including any special instructions or messages
  • Communicating with you regarding your order or responding to your inquiries
  • Keeping financial records for legal and accounting purposes
  • Improving our website and services based on customer feedback
  • Sending service-related notifications or updates about your purchase
  • (With your permission) Sending occasional promotional materials

How Long We Keep Your Data (Retention)

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, meet our legal obligations, or resolve disputes. For most order-related information, this means retaining your data for up to seven years to comply with commercial and tax regulations. Non-essential correspondence and technical data may be kept for up to one year. After these periods, personal data is securely erased or anonymised.

Processors and Data Sharing

We do not sell or rent your personal data. However, we do share information with trusted third parties (“processors”) where necessary for the delivery and administration of our services. Data shared with processors is limited to what is required for their tasks and is subject to confidentiality agreements. Categories of processors include:

  • Payment Processors: To facilitate secure card transactions
  • Delivery Services: To ensure your flowers reach the intended recipient
  • IT and Hosting Providers: For web hosting, technical support, and secure data storage
  • Accounting Services: For legal and financial record-keeping

All processors are selected for their robust privacy and security standards and are contractually bound to process data only according to our instructions and the GDPR.

Where We Store Your Data

Your personal data is stored on secure servers within the United Kingdom or the European Economic Area (EEA). If we need to transfer data outside of these regions, it will only occur where there are adequate safeguards in place as required by the GDPR, such as Standard Contractual Clauses.

Your Rights as a Customer

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the data we hold about you.
  • Right to Rectification: You can ask us to correct or update inaccurate or incomplete information.
  • Right to Erasure: Also known as the ‘right to be forgotten’, you may request that we delete your personal data (subject to certain legal exceptions).
  • Right to Restrict Processing: You may request us to suspend processing your data under certain circumstances.
  • Right to Data Portability: You may request your data in a commonly used format or for us to transmit it to another data controller.
  • Right to Object: You may object to data processing we carry out based on legitimate interest or direct marketing.
  • Right to Withdraw Consent: Where processing relies on your consent, you can withdraw this at any time.

To exercise any of these rights, please contact us by the methods available on our website. We will respond to legitimate requests within one month as required by law.

Security Measures

We take data security seriously and use appropriate technical and organisational measures. This includes encrypted data transfers, restricted staff access, secure physical and digital storage, and regular staff training. While we strive to protect your information, no method of transmission or storage is ever fully secure. If we become aware of a data breach that poses a risk to you, we will notify you as required by law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal compliance. The latest version will always be available on our website with the last revision date noted. Please check back periodically to remain informed.

Contact and Questions

If you have questions regarding this Privacy Policy or your data rights, please refer to the contact section of our website. We are committed to protecting your privacy and handling any queries or concerns promptly and transparently.