Privacy Policy for Chislehurst Florist Customers

Our Commitment to Your Privacy

At Chislehurst Florist, we are dedicated to safeguarding the privacy and data protection rights of our customers in Chislehurst and its surrounding districts. This Privacy Policy aims to clearly explain what personal data we collect, why and how we use it, your rights under data protection laws (including the General Data Protection Regulation – GDPR), and how we keep your information secure and confidential.

Scope of This Policy

This Privacy Policy applies to all individuals who place orders with Chislehurst Florist, whether through our website, by telephone, or in person, for delivery or collection in Chislehurst and its surrounding areas. By using our services, you agree to the collection and use of information as set out in this policy.

What Data We Collect

We collect only the data necessary to process your flower order and provide our services efficiently. The categories of personal data we may collect include:

  • Identification Data: name, address (including recipient if different), postcode
  • Contact Details: telephone number, email address
  • Order Information: product(s) purchased, messages to accompany flowers, delivery instructions
  • Payment Information: payment method, transaction details (note: we do not store credit/debit card numbers; these are processed securely by our payment providers)
  • Communication Records: correspondence with you such as emails, order notes, or feedback

We do not collect or process special category (sensitive) personal data as part of our standard customer ordering process.

Lawful Basis for Processing Your Data

We process your personal data only where there is a lawful basis under the GDPR. The principal grounds for processing your data are:

  • Contract: To take steps prior to entering into a contract, and to fulfil orders and agreements you enter into with us
  • Legal Obligation: To comply with applicable laws (such as accounting, tax, or fraud prevention regulations)
  • Legitimate Interests: To maintain our records, improve our services, and respond to queries or complaints
  • Consent: We may request your explicit consent for marketing or promotional purposes; in such cases, you may withdraw consent at any time

How We Use Your Data

Your information is used to:

  • Process and deliver your flower orders
  • Contact you regarding your order, including confirmation and delivery updates
  • Respond to your queries or feedback
  • Comply with legal obligations, such as record keeping for tax purposes
  • (With your permission) Send occasional marketing communications or offers

Sharing Your Data: Our Processors

We use trusted third-party service providers (processors) to facilitate our services. Where necessary, we may share your relevant data with:

  • Payment processors for handling payments (e.g., card payment services)
  • IT providers who support our website, email, or order management systems
  • Delivery partners engaged solely for local deliveries within Chislehurst and surrounding districts

All our processors are contractually obliged to keep your data secure, confidential, and to use it only for the purpose of providing relevant services to Chislehurst Florist. We do not sell or rent your personal data to any third parties.

Data Retention Periods

We will only retain your personal data for as long as necessary for the purposes set out in this Privacy Policy. Typically, we retain order and transaction data for up to 7 years to comply with legal and financial record-keeping requirements. Order messages, delivery details, and communication records are retained only as long as required for customer service and accounting purposes. If you subscribe to marketing communications, your data will be retained until you unsubscribe or withdraw your consent.

Your Rights Under GDPR

Under the General Data Protection Regulation, as a customer of Chislehurst Florist, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct or update inaccurate or incomplete data
  • Erasure: Request deletion of your data where there is no legal basis for retention
  • Restriction: Ask us to restrict our processing of your data
  • Objection: Object to our processing where it is based on legitimate interests or direct marketing
  • Portability: Request the transfer of your data to another service provider in a commonly used format
  • Withdraw Consent: Where we process data based on consent, you can withdraw at any time

To exercise any of these rights, or if you have a concern about how we handle your personal data, please contact us using our standard contact details. If you remain dissatisfied, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority.

Data Security

We implement a range of technical and organisational measures to protect your personal data from unauthorised access, accidental loss, alteration, or disclosure. This includes restricting access to personal data to trained staff and using secure IT systems. Where we work with third-party processors, we ensure their compliance with data protection requirements through appropriate contracts and oversight.

Changes to This Policy

Chislehurst Florist may update this Privacy Policy from time to time to reflect changes in legal or regulatory obligations, or business practices. The latest policy will always be available from our premises and on our website. We encourage you to review this policy regularly for any updates.

Contact Us

If you have any questions or wish to exercise your rights, please get in touch with us through the channels provided on our official website or at our shop premises. We are here to help and committed to ensuring your personal data is handled in accordance with the law and best practice.