Flowers Mill Hill Privacy Policy for Customers

Introduction

This Privacy Policy explains how Flowers Mill Hill collects, uses, stores, and shares your personal information when you place an order with us. It applies to all customers who order from Flowers Mill Hill within Mill Hill and the surrounding districts. Our commitment is to ensure transparency, privacy, and compliance with the UK General Data Protection Regulation (GDPR).

Who We Are

Flowers Mill Hill is a provider of floral arrangements and related services, serving customers in Mill Hill and neighbouring areas. For the purposes of this policy, we act as the 'data controller,' determining how and why we process your personal information.

What Data We Collect

When you interact with us, we may collect and process the following categories of personal data:

  • Contact Information: Name, delivery address, billing address, and postcode.
  • Order Details: Details about your chosen floral products, delivery preferences, and special instructions.
  • Payment Information: Payment method (such as card type), but not full card details as we use secure payment processors to handle payments.
  • Communication Records: Any correspondence or notes collected during your communications with us (for example, queries, complaints, or compliment messages).
  • Recipient Details: Name, delivery address, and contact information of the person receiving the flowers, if provided by you for order fulfilment.
  • Technical Information: Limited data such as IP address, browser type, and device information collected via cookies or website logs, to deliver and improve our services.

Lawful Basis for Processing Your Data

The GDPR requires us to have legal grounds to process your personal data. Flowers Mill Hill only collects and processes data where we have a valid basis. Our processing may be based on:

  • Performance of a Contract: Processing your data is necessary for fulfilling and managing your flower orders and requests.
  • Legal Obligation: We may be required to retain certain records for tax, accounting, or regulatory purposes.
  • Legitimate Interests: We process personal data for our legitimate business interests, such as improving our services, preventing fraud, and keeping our systems secure, except where such interests are overridden by your fundamental rights and freedoms.
  • Consent: In limited scenarios, such as direct marketing communications, we will ask for your explicit consent before processing your data.

How We Use Your Data

Your personal data is used only for the following purposes:

  • Processing and fulfilling your orders
  • Communicating order confirmations and delivery updates
  • Managing payments and refunds
  • Handling customer service enquiries
  • Improving our products, services, and user experience
  • Meeting our legal and regulatory obligations

Data Retention

Flowers Mill Hill retains your personal data only as long as necessary for the purposes outlined in this policy and to comply with legal obligations. Generally, order and contact details are stored for up to six years after your last transaction to meet accounting and tax requirements. Data used for marketing will be kept until you withdraw your consent or unsubscribe.

Data Processors

We sometimes use third-party service providers, known as 'processors,' to assist in delivering our products and services. For example:

  • Payment Processors: Secure handling of card payments and refunds.
  • Delivery Partners: Coordinating the delivery of your floral orders.
  • IT Service Providers: Hosting, website management, email communication, and maintenance.

We select processors carefully and require them to comply with strict privacy and data protection standards. These third parties may only process your data as instructed by us and for specified services, and they are not permitted to use your data for their own purposes.

Data Security

We employ appropriate technical and organizational measures to safeguard your personal data. These include secure servers, encrypted storage, regular system monitoring, and restricted access to personal information. While we strive to protect your data, no online transmission is ever completely secure; however, we take steps to minimize risks and respond promptly to potential threats.

Your Rights

As a data subject under the GDPR, you have several rights regarding your personal information. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct any incomplete or inaccurate data.
  • Right to Erasure: Ask us to delete your personal data in certain circumstances.
  • Right to Restrict Processing: Ask us to limit how we use your data, for example, if you raise concerns about accuracy or lawfulness.
  • Right to Portability: Obtain and reuse your data elsewhere.
  • Right to Object: Object to the processing of your data where we rely on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us, and we will respond to your request in line with our statutory obligations.

International Data Transfers

We primarily process and store personal data within the United Kingdom. Where personal data is transferred outside the UK for technical support or service provision, we ensure such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

Children’s Privacy

Flowers Mill Hill does not knowingly collect personal information from children under the age of 16. If you believe personal data has been provided to us about a child without appropriate consent, please contact us so we can delete it.

Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. We recommend reviewing the policy periodically for updates.

Contact and Complaints

If you have any questions or concerns regarding this Privacy Policy or the processing of your personal data, please contact us directly. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data rights have been violated.