Hornchurch Flowers GDPR Privacy Policy

About This Privacy Policy

This Privacy Policy explains how Hornchurch Flowers (“we”, “us”, “our”) collects, uses, and protects the personal data of our customers. It applies to all individuals placing orders with Hornchurch Flowers within Hornchurch and surrounding districts. We are fully committed to safeguarding your privacy and ensuring compliance with the UK General Data Protection Regulation (GDPR).

What Personal Data We Collect

To fulfil your flower orders and provide our services, we collect and process the following categories of personal data:

  • Contact Details: Your name, delivery address, billing address, and contact information (such as telephone number).
  • Order Information: Details of your flower orders, including the recipient’s name and delivery address, order preferences, personalised messages, and transaction information.
  • Payment Information: We process payment card details securely via trusted payment processors. We do not store your complete card details after payment is completed.
  • Communication Records: Any correspondence you have with us, such as queries, feedback, or complaints.
  • Website Usage Data: When you interact with our website, we may collect technical information such as IP addresses, browser types, and cookie data to ensure site functionality and enhance user experience.

Lawful Basis for Processing Data

Under the GDPR, we must have lawful grounds for processing your personal information. Our lawful bases include:

  • Contractual Necessity: We process your personal data to fulfil your order requirements and provide requested services (e.g. delivery, payment, communication).
  • Legal Compliance: We retain certain records as required by law, including for tax and accounting purposes.
  • Legitimate Interests: For certain processing activities such as improving our services, conducting fraud prevention, or sending informational communications related to your order, we rely on our legitimate business interests, provided these do not override your rights and interests.
  • Consent: Where required by law (for example, for certain marketing communications), we will seek your explicit consent.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process, confirm, and deliver your orders
  • To communicate order updates and respond to your enquiries
  • To process payments via secure third-party providers
  • To improve our products and customer service
  • To comply with legal obligations and resolve disputes

Data Retention

We only retain your personal information for as long as is necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. Typically, order and transaction information is retained for up to six years to comply with legal, tax, and accounting requirements. Communication records may be kept for a shorter duration, dependent on relevance. At the end of the applicable retention period, your personal data will be securely deleted or anonymised.

Processors and Third Parties

We do not sell or rent your personal information to third parties. However, to fulfil our services, we may share your information with trusted third-party “processors”, such as:

  • Payment Service Providers: To process your payment securely on our behalf.
  • Delivery Couriers: To enable accurate and reliable delivery of your order.
  • IT and Web Service Providers: For hosting, maintenance, and customer management platforms.

All processors acting on our behalf are contractually obligated to handle your data in strict confidence, use it only for the specified purpose, and implement appropriate security measures in accordance with the GDPR.

Data Security

We are committed to ensuring that your data is safe. We implement technical and organisational security measures, such as encryption, restricted access, and secure storage, to protect your information against unauthorised access, loss, or misuse.

Your Rights

Under the GDPR, you have specific rights regarding your personal data:

  • The Right of Access: You may request a copy of the personal data we hold about you.
  • The Right to Rectification: You have the right to ask for inaccuracies in your data to be corrected.
  • The Right to Erasure: You can request the deletion of your personal data, subject to legal retention obligations.
  • The Right to Restrict Processing: You may ask us to limit the processing of your data in certain circumstances.
  • The Right to Data Portability: You have the right to request your information in a structured, commonly used format.
  • The Right to Object: You may object to the processing of your personal data where we rely on legitimate interests or direct marketing.
  • The Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time without affecting the lawfulness of processing prior to withdrawal.

How to Exercise Your Rights

If you wish to exercise any of these rights, please contact us using the details provided on our website or at our shop premises. We will respond to your request within one month, in accordance with statutory requirements. Please note that we may require verification of your identity before fulfilling certain requests.

Policy Updates

We may update this privacy policy periodically to reflect changes in our operations or in law. The most current version will always be available at our business premises and on our website. We encourage you to review this policy regularly.

Complaints

If you are dissatisfied with how we process your data, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office. However, we encourage you to contact us first so we can address your concerns directly.