Florist Tufnell Park Privacy Policy Overview

Introduction

This Privacy Policy explains how Florist Tufnell Park collects, uses, stores, and protects your personal data when you place orders as a customer from Tufnell Park and its surrounding districts. At Florist Tufnell Park, your privacy and data security are our top priorities. The policy applies to all customers interacting with our services, whether placing orders online, in person, or via other means. We are committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR), as well as relevant UK legislation.

What Data We Collect

When you place an order or interact with Florist Tufnell Park, we may collect the following categories of personal data:

  • Contact Information: Name, address for delivery, postcode, billing address, and any recipient name and address for delivery if different from the purchaser.
  • Order Details: Products and services purchased, delivery preferences, card messages, and order notes.
  • Payment Details: Payment method, transaction amount, and partial payment card information (we do not store full card numbers or CVV codes).
  • Communication Records: Correspondence via online forms, in person, or over the phone relevant to your orders.
  • Technical Data (for online orders): IP address, browser type, and cookies (for website functionality and analytics).

Lawful Basis for Processing Your Data

Florist Tufnell Park only collects and processes your personal data where we have a lawful basis under the GDPR. These include:

  • Contractual Necessity: To process your order, deliver flowers and gifts, arrange payment, or take steps at your request before entering into a contract.
  • Legitimate Interests: For running our business effectively (for example, maintaining business records, responding to customer service enquiries, improving products and services), provided these do not override your rights and interests.
  • Legal Obligation: Where we are required to maintain certain records for accounting, tax, or regulatory purposes.
  • Consent: For sending marketing communications or for the optional collection of certain non-essential information. Where consent is the lawful basis, you may withdraw your consent at any time.

How We Use Your Personal Data

Florist Tufnell Park uses your data in the following ways:

  • To fulfill orders, deliver products, and provide services requested by you or your recipients.
  • To process payments and issue receipts or invoices as necessary.
  • For customer service and to handle your queries, requests, or complaints.
  • To improve our website, products, and services based on customer feedback and analytics.
  • To comply with legal, regulatory, or accounting obligations.
  • If you have consented, to send you news, promotions, or updates regarding Florist Tufnell Park’s offerings. You can opt-out any time.

Data Retention

Your personal data are stored only as long as necessary to fulfill the purposes they were collected for, including for legal, accounting, or reporting requirements. Typically, order and payment data will be retained for up to six years to meet tax and legal obligations. Communication records and delivery information are normally kept for up to two years unless a longer retention period is required by law. After these periods, records are securely deleted or anonymized.

Use of Data Processors

To provide our services, we may use trusted third party providers (data processors) to perform tasks on our behalf including payment processing, website hosting, email delivery, and analytical services. All data processors are carefully selected, GDPR-compliant, and act only on our instructions. They are contractually bound to maintain the confidentiality and security of your data, and may not use your data for their own purposes.

Examples of such processors include secure payment gateways, website management services, couriers for delivery, CRM or order management tools, and cloud hosting providers.

Data Security

We implement appropriate technical and organizational measures to safeguard your personal data against accidental loss, unauthorized access, disclosure, or destruction. These measures include secure storage solutions, user authentication, encrypted data transmission (such as HTTPS), and restricted access protocols for staff and data processors.

Your Rights Under GDPR

As an individual whose data we process, you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask to correct or update personal data that is inaccurate or incomplete.
  • Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to certain legal and contractual restrictions.
  • Right to Restrict Processing: You have the right to limit how your data is processed in certain circumstances.
  • Right to Object: You can object to processing based on legitimate interests, including direct marketing.
  • Right to Data Portability: You can request that your data be transferred to another service provider in a machine-readable format where applicable.
  • Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the methods outlined at the end of this policy. If you believe your data has not been handled appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or the relevant supervisory authority.

Policy Revision and Updates

We reserve the right to update this Privacy Policy to reflect changes to our practices, legal requirements, or enhancements in our services. Any updates will be posted on our website with the date of the latest revision. We encourage customers to review this policy periodically to remain informed about how we protect your personal data.

Contact for Data Protection Queries

If you have any questions or concerns about how your data is used by Florist Tufnell Park, your data protection rights, or this Privacy Policy, you are welcome to contact us through our official communication channels. We are committed to responding to data access and privacy requests promptly and fairly.