Florist Isleworth Privacy Principles and Practices

Introduction

This Privacy Policy explains how Florist Isleworth collects, uses, stores, and protects your personal data when you place orders with us in Isleworth and surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and to being transparent about our data processing activities. This policy applies to all customers placing orders through Florist Isleworth, whether in person, online, or by telephone.

What Personal Data We Collect

When you order from Florist Isleworth, we may collect the following categories of personal data:

  • Contact Information: such as your name, address, delivery address, and telephone number.
  • Order Information: including the products or services purchased, messages or notes for delivery, delivery date, and order history.
  • Payment Information: such as payment card details or transaction references. These are handled in compliance with PCI DSS standards, and full card details are not stored by Florist Isleworth.
  • Correspondence: any communications you send to us, including feedback, queries, or complaints.
  • Website Usage Data: if you use our website, basic technical data such as your IP address, browser type, and usage patterns may be logged for security and usage analysis.

We only collect data that is necessary to fulfill your order, respond to your enquiries, comply with legal obligations, or improve our services.

Lawful Basis for Processing Your Data

Florist Isleworth processes your personal data based on one or more legal grounds as required by the GDPR:

  • Performance of a Contract: Most commonly, we process your data to provide the goods and services you request. This includes handling orders, processing payments, and arranging deliveries.
  • Legal Obligations: We may need to retain certain data to comply with tax, accounting, or anti-fraud regulations.
  • Legitimate Interests: We may process data to improve our services, respond to your requests, or for internal record-keeping, provided these interests are not outweighed by your rights.
  • Consent: Where required, for example in marketing communications, we will only process your data with your clear consent. You can withdraw this consent at any time.

Data Retention

Florist Isleworth retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Typically, your order and contact details are kept for a period of six years following your most recent order, in line with standard business and taxation practices. Payment card details are not retained. After the applicable retention period, your data will be securely deleted or anonymised.

Data Processors and Third Parties

In delivering our services, we may need to share certain personal data with trusted third parties who act as data processors on our behalf:

  • Delivery Partners: To fulfill your order, we may share delivery addresses and contact details with couriers or delivery staff.
  • Payment Processors: Secure payment gateways process your payments on our behalf in accordance with industry standards.
  • IT Service Providers: Providers of website hosting, analytics, and customer database management systems may have access to data for maintenance and support purposes.

All data processors are contractually required to process your data only as instructed by us, to maintain its security, and to comply with GDPR and other applicable laws. We do not sell, trade, or rent your personal data to third parties for marketing purposes.

How We Protect Your Data

Florist Isleworth takes the security of your personal data seriously. We implement appropriate technical and organisational measures to prevent unauthorised access, accidental loss, destruction, or damage to your data. Examples include data encryption, secure storage, limited access controls, and staff training in data protection best practices.

Your Rights Under GDPR

You have several important rights under data protection law. These include:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: If any data we hold about you is inaccurate or incomplete, you can request we correct it.
  • Right to Erasure ('Right to be Forgotten'): You may request the deletion of your data under certain circumstances, such as when it is no longer necessary for the purpose collected.
  • Right to Restrict Processing: You have the right to restrict our processing of your data in certain situations, for example if you contest its accuracy.
  • Right to Data Portability: Where applicable, you may ask to receive your personal data in a structured, commonly used format, or have it transmitted to another controller.
  • Right to Object: You can object to processing of your personal data where we rely on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where we process data based on your consent, you have the right to withdraw that consent at any time.

To exercise your rights or for any enquiries about how your data is handled, please contact us using the methods published on our website or any written materials you have received from us.

International Data Transfers

Florist Isleworth primarily stores and processes your data within the United Kingdom. If it becomes necessary to transfer your data to countries outside the UK or European Economic Area (EEA) for specific processing, we will ensure that appropriate safeguards are in place in accordance with GDPR requirements to protect your privacy rights.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be published in the latest version of this policy available from Florist Isleworth. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the published communication channels provided by Florist Isleworth. We aim to respond to all requests within one month, as required by GDPR.