Wimbledon Florist Privacy Policy

Introduction

This Privacy Policy explains how Wimbledon Florist handles your personal data when you place an order with us, whether online, in person, or by telephone. This policy applies to all customers placing orders within Wimbledon and its surrounding districts. We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ('GDPR').

What Data We Collect

We only collect personal data necessary to process and fulfil your floral orders, communicate effectively with you, and improve our services. Categories of data we may collect include:

  • Identity Data: Your name, and, where applicable, the recipient’s name.
  • Contact Data: Address (billing and delivery), contact number, and postal codes.
  • Order Details: Details about the floral products and gifts you order, and your delivery instructions.
  • Payment Data: Card payment details or transaction identifiers (note: card details are processed securely through third-party payment providers and are not stored by us).
  • Communication Data: Correspondence via order forms, feedback, or customer service enquiries.
  • Technical Data: IP address, browser type, and access times (if you use our website).

Lawful Basis for Processing Personal Data

Under GDPR, we process personal data only when we have a valid legal reason. Our processing activities are primarily based on the following lawful grounds:

  • Contractual Necessity: To process and deliver your order, taking necessary steps at your request before entering into a contract.
  • Legal Obligations: To comply with legal requirements, such as accounting or tax responsibilities.
  • Legitimate Interests: To pursue our business interests, such as improving our services or addressing queries, provided those interests are not overridden by your rights.
  • Consent: With your express permission, we may use your information for direct marketing. You may withdraw your consent at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including the provision of services, accounting, compliance with legal obligations, or resolving disputes. Typically, order-related data is retained for up to six years in line with accounting and tax laws. Contact and communication data that is not linked to an ongoing customer relationship will be reviewed and, where applicable, securely deleted after one year of inactivity. Once data is no longer required, it will be securely erased or anonymised.

Use of Data Processors

To deliver our services effectively, we may share your personal data with trusted third-party service providers ('processors') who perform functions on our behalf, including payment processing, order management systems, website hosting, and delivery services. These processors are only provided with information essential for their tasks and are contractually bound to process your data in accordance with GDPR, ensuring adequate security and confidentiality. We do not sell or share your data with third parties for marketing purposes without your explicit consent.

Your Data Protection Rights

Under GDPR, you have a number of rights regarding your personal data. You may:

  • Access Your Data: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete information.
  • Erasure ("Right to be Forgotten"): Request deletion of your data when there is no longer a legal or legitimate reason for us to continue processing it.
  • Restriction: Ask us to restrict how we process your data in certain circumstances.
  • Portability: Request a machine-readable copy of your data or ask for it to be transferred to another provider as permitted by law.
  • Objection: Object to certain types of processing, such as direct marketing.
  • Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights or for further information, you may contact us using the details provided at the end of this policy or in-store. We will act promptly on your request and respond within one month unless the request is particularly complex.

How We Protect Your Data

Your privacy is important to us. We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or loss. These include secure storage, limited access permissions, encrypted transmission where applicable, and regular staff training on data protection.

International Data Transfers

We aim to store and process your personal data within the UK or European Economic Area (EEA). In cases where our service providers transfer data outside these jurisdictions, we ensure that adequate safeguards are in place as required under GDPR.

Children’s Data

We do not knowingly collect or process information relating to children under the age of 16, except where required for order fulfilment and with appropriate consents (e.g., sending flowers to a child recipient).

Policy Updates

We review this Privacy Policy periodically, and it may be updated to reflect legal or business changes. The most current version will always be available in-store and on our website. We encourage you to review this policy regularly.

Contact and Complaints

If you have concerns, questions or wish to exercise your data rights, please use the contact details found in your order or visit us in-store. Individuals also have the right to lodge complaints with the Information Commissioner’s Office (ICO) if you believe your data has not been handled in accordance with GDPR.

Thank you for choosing Wimbledon Florist. We value your trust and take privacy seriously in every aspect of our service delivery in Wimbledon and the surrounding districts.