Flowers Watford Privacy Policy

Introduction

At Flowers Watford, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you place orders with us, either online or by other means, and applies to all customers in Watford and the surrounding districts. We adhere strictly to the requirements of the UK General Data Protection Regulation (GDPR) and other applicable privacy laws in handling your personal data. Please read this policy carefully to understand our practices and your rights.

Scope of Policy

This Privacy Policy is applicable to all individuals who order products or services from Flowers Watford while located in Watford or its surrounding districts. It covers the personal data collected during the order process and any related customer service interactions.

What Data We Collect

Flowers Watford collects the following information when you place an order or contact us regarding our services:

  • Contact Information: Name, address, delivery address, and, where provided, postal codes and company names.
  • Order Details: Items purchased, special requirements, and order history.
  • Payment Data: Payment method details (processed securely via third-party payment processors; card details are not stored by us).
  • Communication Data: Any correspondence relating to your order or to customer service requests.
  • Technical Data: Where you use our website, we may collect IP address, browser type, device information, and cookies (see our cookie practices for more detail).

Lawful Basis for Processing

We process your personal data under the following legal bases as outlined by the GDPR:

  • Contractual Necessity: Most of the information we collect is necessary to enter into or perform our contract with you, such as processing and delivering your flower orders.
  • Legitimate Interests: We may occasionally process certain data to pursue our legitimate business interests, such as improving our products and services, provided this is not overridden by your data protection rights.
  • Legal Obligations: In some cases, we are required by law to retain certain data, such as for tax or accounting purposes.
  • Consent: If we wish to use your information for purposes beyond contract performance or legal obligations—such as marketing—we will ask for your explicit consent.

How We Use Your Data

We use your personal data for the following purposes:

  • Processing and fulfilling your flower orders.
  • Arranging delivery to your requested addresses.
  • Managing payments and accounting records.
  • Communicating with you regarding your order, delivery status, or customer service inquiries.
  • Improving our services and evaluating customer satisfaction, where relevant and permitted.
  • Complying with legal, tax, and regulatory requirements.
  • Providing customer support and handling complaints or requests.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. In most cases, order and transaction details are kept for a minimum of seven years in accordance with our obligations under tax and accounting regulations. Communication-related data and customer correspondence may be retained for up to two years to facilitate effective customer service. When your data is no longer needed, it will be securely erased or anonymised.

Data Processors and Sharing

Your data is handled by authorised Flowers Watford personnel and, where necessary, by trusted third-party service providers ("processors") who assist us in delivering our services. This may include payment processing companies, delivery couriers, IT platform providers, and customer service platforms. All our processors are bound by contractual obligations to process your data only on our instructions and to maintain appropriate security measures in line with GDPR requirements. We do not sell your data or share it for marketing purposes without your explicit consent. In exceptional cases, we may be required to disclose information where required by law or to enforce our legal rights.

How We Protect Your Data

We use a variety of technical and organisational measures to safeguard your personal information. These include secure servers, encrypted communications, regular security assessments, and strict internal access controls. Only authorised personnel and approved processors have access to your personal data on a need-to-know basis.

Your Rights Under GDPR

GDPR provides you with a number of rights regarding your personal data, including:

  • Right of Access: You can request access to details of personal data we hold about you.
  • Right to Rectification: If any information we hold about you is inaccurate or incomplete, you may request correction.
  • Right to Erasure: In certain circumstances, you can request your data to be deleted, unless we are required by law to retain it.
  • Right to Restrict Processing: You can ask us to temporarily stop processing your data, for example, while accuracy is being checked.
  • Right to Data Portability: Where technically feasible, you may request to receive your data in a structured, commonly used digital format.
  • Right to Object: You may object to our processing of your personal data, particularly where processed based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If you have given consent for any additional uses of your data, you may withdraw it at any time.

To exercise any of these rights, please contact us using the contact information available on our website.

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, industry practices, or our business operations. Any changes will be made available on our website, and we recommend reviewing the policy periodically.

Contact and Complaints

If you have any questions about this Privacy Policy or how we handle your personal data, please refer to our website's contact page for details on how to get in touch. If you have concerns about how your data is managed, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local regulatory authority.