Downe Flowers Privacy Policy

Introduction

This Privacy Policy outlines how Downe Flowers (“we”, “our”, or “us”) collects, uses, stores, and protects your personal information when you place an order with us in Downe and the surrounding districts. Our commitment is to process your data securely and transparently, in accordance with the requirements of the General Data Protection Regulation (GDPR) and relevant UK data protection laws.

Who Does This Policy Apply To?

This Privacy Policy applies to all customers who place orders with Downe Flowers, whether through our website, by telephone, in person, or via any other communication method. If you engage with our services in the Downe area or surrounding districts, this policy explains the information we collect and your rights in relation to this information.

What Data Do We Collect?

When you place an order with Downe Flowers, we may collect and process the following personal data:

  • Identity Data: Your full name and, if necessary, the recipient’s name.
  • Contact Data: Addresses for delivery and billing, and contact details such as telephone number(s).
  • Order Details: Information related to your flower order, delivery instructions, preferences, and messages to recipients.
  • Payment Details: Details required to process payments for your orders. (Note: payment processing is handled by approved third-party processors. We do not store full payment card details.)
  • Correspondence: Any communications you have with us regarding your order or experience.
  • Technical and Usage Data: If you use our website, data such as your device type, browser information, and cookies may be collected for analytics and to ensure website functionality.

Our Lawful Basis for Processing Your Personal Data

Under the GDPR, Downe Flowers must have a lawful basis for each purpose of processing your personal data. The lawful bases we rely on are:

  • Performance of Contract: Processing data necessary to fulfill your order for goods and services.
  • Legal Obligation: Processing required to comply with applicable laws, for example, for record-keeping or to comply with tax or audit requirements.
  • Legitimate Interests: Processing for our business interests, provided these do not override your fundamental rights—such as using feedback to improve our service.
  • Consent: We may rely on your consent for specific processing activities, such as sending marketing communications. Where consent is relied upon, you can withdraw it at any time.

Why and How We Use Your Information

Downe Flowers uses your personal data for the following main purposes:

  • To process and deliver your flower orders, including communicating order updates and delivery information.
  • To handle customer service requests, feedback, or disputes.
  • To record transactions for invoicing, accounting, and taxation purposes.
  • To help us monitor, review, and improve our services and website.
  • To comply with legal and regulatory duties.
  • To send, where you have consented, marketing messages or inform you of special offers and events.

How We Store and Protect Your Data

We take data security seriously. Your information is securely stored using industry-standard security measures. Access is strictly limited to those who require it for fulfilling your order or providing customer service. Where we use electronic systems, data is protected by encryption and secure passwords.

How Long Do We Keep Your Data?

Personal data is retained only as long as necessary for the purposes stated in this policy. Typically, we keep information related to orders and invoicing for up to seven years to comply with legal and financial record-keeping requirements. Where data is collected for marketing purposes based on your consent, we will retain this until you withdraw your consent or opt out of communications. Once data is no longer needed, we ensure it is deleted securely.

Use of Data Processors

In delivering our services, we may engage third-party service providers (“processors”) to process data on our behalf. These may include payment service providers, delivery couriers, IT or software support suppliers, and accountants. All processors are contractually obliged to process your data only as permitted by us and are required to adhere to GDPR standards. We do not sell or trade your personal data to any third parties.

Your Rights Under GDPR

As a customer, you have various rights over your personal data. These include:

  • Right of Access: You have the right to request a copy of any personal data we hold about you.
  • Right to Rectification: If your data is incorrect or incomplete, you can request that we correct it.
  • Right to Erasure: In certain circumstances, you can request the deletion of your personal data.
  • Right to Restriction of Processing: You may request that we limit how we use your data.
  • Right to Object: You have the right to object to certain processing activities, such as direct marketing.
  • Right to Data Portability: You can ask to receive your data in a format that allows you to transfer it to another provider.
  • Right to Withdraw Consent: Where you have given consent for processing, you can withdraw it at any time.
  • Right to Lodge a Complaint: You can complain to a supervisory authority if you believe your data is not being handled lawfully.

If you wish to exercise any of your rights, please contact us using the details found on our website or in-store.

Updates to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in regulations or our practices. The latest version will always be available via our website or upon request at our store.

Contact and Further Information

If you have any questions about how your information is handled, would like to exercise your rights, or need further information about our privacy practices, please get in touch with us via the contact details listed on our website or speak to a member of our team in-store.

This Privacy Policy was last updated in June 2024.