Woodford Florist GDPR Privacy Policy

Introduction to Our Privacy Policy

At Woodford Florist, we are committed to protecting your privacy and upholding your data rights. This Privacy Policy applies to all individuals placing orders with Woodford Florist, whether you are based in Woodford itself or the surrounding districts. We collect and process personal data in compliance with the UK General Data Protection Regulation (GDPR). Please take the time to read this policy carefully to understand how we handle your information, on what lawful basis, whom we share it with, how long we retain it, and what your rights are regarding your data.

What Personal Data We Collect

When you place an order or interact with Woodford Florist, we collect the following types of personal information:

  • Identification Data: Name, delivery address, billing address, order reference numbers.
  • Contact Information: Phone number (for delivery and order updates), email address (for receipts, confirmations, and communication).
  • Order Details: Order contents, card messages, special instructions, delivery preferences.
  • Payment Information: Information required to process payments, such as card details (these are processed securely and not stored by Woodford Florist directly), transaction reference numbers.
  • Technical Data: IP address, browser type, device information (collected when you visit our website or place an order online).

We do not knowingly collect data from individuals under 18 years of age. If you are under 18, please ensure a parent or guardian places the order on your behalf.

Lawful Basis for Data Processing

Under GDPR, we must have a lawful basis to process your personal data. Woodford Florist processes personal data using the following bases:

  • Contractual Necessity: Most personal data you provide is processed to fulfill your order or provide requested services (such as delivering flowers or customer support).
  • Legal Obligations: Some data is processed to comply with legal requirements, such as accounting and tax regulations.
  • Legitimate Interests: We may use your data for reasons that are legitimate business interests, such as improving our services or preventing fraud, provided these interests do not override your data protection rights.
  • Consent: We may occasionally ask for your explicit consent for uses such as marketing communications. You may withdraw this consent at any time.

Data Retention Policy

Your personal data is retained only for as long as necessary to fulfill the purposes described in this policy, including for the purposes of satisfying any legal, accounting, or administrative obligations. Specifically:

  • Order and Transaction Data: Retained for up to seven years after your last order to comply with accounting and tax regulations.
  • Marketing Data: If you consent to receive marketing communications, your data is held until you unsubscribe or withdraw consent.
  • Correspondence: Customer service communications are retained for up to two years to ensure satisfactory resolution of queries and service improvement.

After these periods, your data is securely deleted or anonymized unless legal requirements dictate otherwise.

Data Processors and Sharing

To efficiently fulfill your order and operate our business, we may share your personal data with trusted third-party processors who act only under our instruction. These include:

  • Payment processors to securely handle transactions.
  • Delivery and courier services to ensure your order is delivered accurately and on time.
  • IT service providers who assist in maintaining our website, databases, and communications.
  • Professional advisers (such as accountants or IT consultants), where necessary for our business operations and compliance.

We do not sell or disclose your personal information to third parties for their own purposes. All third-party processors are required by contract to protect your data and only use it as instructed by Woodford Florist.
If required by law or in response to valid legal requests from authorities, we may disclose your data to comply with our legal obligations.

User Rights under GDPR

As a customer of Woodford Florist in Woodford or the surrounding districts, you are afforded the following data rights under GDPR:

  • Right of Access: You can request confirmation of the personal data we hold about you and obtain a copy of that data.
  • Right to Rectification: You can ask us to correct or complete inaccurate or incomplete data.
  • Right to Erasure: You have the right to request that we erase your personal data, except data that we are required to retain for legal reasons.
  • Right to Restrict Processing: You can request limits on how your data is processed in certain circumstances.
  • Right to Object: You may object to the processing of your data where we are relying on legitimate interests.
  • Right to Data Portability: You have the right to request that we provide your data in a structured, commonly used, machine-readable format or transmit it to another data controller, where technically feasible.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the details provided on our website or contact page. We aim to respond to all legitimate requests within one month.

Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes regular review of our security protocols, encryption of payment data, and restricted access to personal data only to those who need it for business operations.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our business practices, or improvements to our service. The version and date of this policy will be clearly indicated on our website. We encourage you to review this policy periodically to remain informed about how we protect your privacy.

Contact and Further Information

If you have questions or concerns regarding your personal data or this privacy policy, please refer to our website's contact page to get in touch with our data protection representative. We value your trust and are happy to clarify any aspect of our data processing as it relates to your rights and our responsibilities under GDPR.