Privacy Policy for Customers of Camberwell Flowers

Introduction

This Privacy Policy explains how Camberwell Flowers collects, uses, and protects your personal data in connection with the provision of our flower delivery and related services. This policy applies to all individual customers ordering from Camberwell Flowers, whether you reside in Camberwell or in the surrounding districts. By placing an order with Camberwell Flowers, you acknowledge the practices set out in this document and your associated rights under the General Data Protection Regulation (GDPR).

What Data We Collect

Camberwell Flowers collects the minimum amount of personal information necessary to process and deliver your order efficiently and to provide customer support. The categories of data we collect include:

  • Identification Data: Name (sender/recipient), address for delivery, contact number.
  • Contact Information: Email address, alternate phone (if provided).
  • Order Details: Order contents (such as flower types, arrangements, add-ons), delivery instructions, order notes.
  • Payment Information: Transaction details (method of payment), but not full card numbers. Payment card information is processed securely by third-party payment processors and is not stored by Camberwell Flowers.
  • Digital Data: IP address, browser agent, and device information are collected for security, fraud detection, and website improvement when you interact with our online ordering platform.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis to collect and process your personal data. Camberwell Flowers processes your information for the following reasons:

  • Contractual Necessity: To fulfill flower orders, provide delivery, process payments, and communicate with you about your order.
  • Legitimate Interests: For administrative purposes, business analysis, website security, and to improve our customer service. These interests do not override your rights and freedoms.
  • Legal Obligations: Where required, to comply with our legal, taxation, and accounting duties.
  • Consent: For sending marketing communications where you have explicitly opted in. You may withdraw your consent at any time.

How We Use Your Data

We may use your data to:

  • Process and fulfill your flower order, including arranging delivery and communicating updates.
  • Handle customer service requests, inquiries, or complaints.
  • Contact you by telephone, SMS, or email about your order if needed.
  • Send occasional marketing or promotional offers, if you have consented.
  • Carry out analysis to improve our products and services.
  • Detect and prevent fraud, misuse, or security threats to our business.

Data Retention

Camberwell Flowers retains personal data only for as long as necessary for the purposes described in this policy or as required by law. Typically, we retain order and customer records for up to seven years from the date of your last transaction, in line with statutory requirements for accounting and tax purposes. If you have consented to marketing communications, we will retain your contact information until you withdraw consent or opt out. After the retention period, data is securely deleted or anonymised.

Data Processors and Sharing

To run our business operations and provide services to customers, we work with third-party processors, such as:

  • Payment Processors: For secure handling of card payments; these companies process payment data in compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • IT & Delivery Partners: Companies that help with order management, delivery logistics, email communications, and web hosting.
  • Professional Advisors: Accountants or auditors, for legal, tax, or regulatory compliance.

All third-party processors are rigorously vetted and are contractually obligated to use your data only as necessary to perform their functions and to maintain the confidentiality and security of your data. We do not sell or rent your personal data to any third party for marketing purposes.

Your data is generally stored and processed within the UK or European Economic Area (EEA). If data is transferred outside the EEA, we ensure it receives an equivalent level of protection as required by EU data protection law.

Your Rights Under GDPR

As a customer of Camberwell Flowers, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct any inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your data if there is no longer a legitimate reason for us to keep it (sometimes known as the ‘right to be forgotten’).
  • Right to Restriction: Ask us to restrict how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format where applicable.
  • Right to Object: Object to processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw your consent at any time if processing is based on this basis.
  • Right to Complain: Lodge a complaint with a data protection supervisory authority if you believe we have not complied with legal obligations relating to your data.

Data Security

We implement reputable technical and organisational measures to protect the confidentiality, integrity, and availability of your personal information. This includes secure servers, encrypted connections for payment processing, and access controls. Our staff are trained to handle your data responsibly, and regular reviews are conducted to ensure ongoing security.

Policy Amendments

We may update this Privacy Policy occasionally to reflect changes in law, our practices, or for other operational, legal, or regulatory reasons. Updated policies will be made available via our website and are effective from the date of posting.

Contact and Queries

If you have questions about this Privacy Policy or how we process your personal data, please use our website contact form or write to our registered business address. We are committed to responding promptly and to working transparently to address any concerns regarding your privacy rights.