Florist St James's Privacy Policy

Introduction

This Privacy Policy explains how Florist St James's collects, uses, stores, and protects your personal information under the General Data Protection Regulation (GDPR). The policy applies to all customers placing orders with Florist St James's from St James's and the surrounding districts. We are fully committed to ensuring transparency and safeguarding your privacy when you interact with our services.

What Data We Collect

When you place an order with Florist St James's, we may collect the following categories of personal data:

  • Contact Information: Name, delivery address, and, where provided, contact number of the sender and recipient.
  • Order Details: Purchase details, messages to recipients, item selections, and any delivery instructions provided.
  • Payment Information: Transaction data such as payment method, last four digits of the payment card, and billing address (we do not store full bank or card details as payments are processed through secure third-party providers).
  • Communications: Records of correspondence when you contact us with queries, complaints, or feedback.
  • Technical Data: Details such as your IP address, device/browser type, and activity on our website, collected via cookies and analytics tools.

All the data we collect is solely for the purposes outlined below and handled in accordance with applicable data protection laws.

Lawful Basis for Processing Data

Florist St James's only collects and processes personal data where there is a lawful basis to do so. The primary lawful bases are:

  • Contract: To fulfil our obligations when you place an order, such as delivering flowers and processing payments.
  • Legal Obligation: To comply with applicable laws, regulations, and record-keeping requirements.
  • Legitimate Interest: To maintain customer service standards, manage and improve our operations, and prevent fraud.
  • Consent: Where required, we will request your explicit consent for activities such as direct marketing.

Your personal data will not be used for unrelated purposes without your knowledge and consent.

How We Use Your Data

Your personal information will be used for the following purposes:

  • Processing and delivering your order, including communicating with you about order status and delivery.
  • Contacting recipients for delivery coordination if necessary.
  • Managing billing and payments securely via trusted payment processors.
  • Responding to customer inquiries and resolving issues.
  • Improving our website, products, and services through analysis of customer use and feedback.
  • Meeting legal, regulatory, and tax obligations.

Data Retention

Personal data is retained only as long as necessary for the purposes outlined in this policy or as required by law. Typically, customer order data is held for up to six years to comply with tax, legal, and accounting requirements. After this period, your information will either be securely deleted or anonymised so that it can no longer be associated with you.

Where data is held for marketing purposes based on consent, it will be retained until you withdraw your consent or request its removal.

Data Processors and Third Parties

To fulfil our services, we use carefully selected third-party providers (data processors) who act on our instructions. These include:

  • Payment processing providers who facilitate secure transactions.
  • Delivery and courier services to transport orders to recipients.
  • Website hosting and IT support providers ensuring our site runs smoothly and securely.
  • Professional advisors such as accountants, only to the extent necessary to meet legal compliance.

All third-party processors are required under contract to comply with data protection regulations, safeguard your information, and not use it for their own purposes. Your data is not transferred outside the European Economic Area unless adequate safeguards are in place to protect your rights and interests.

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data we have about you.
  • Right to Erasure: Request deletion of your data in certain circumstances, such as when it is no longer necessary for the purposes collected.
  • Right to Restrict Processing: Ask us to limit how we use your data.
  • Right to Data Portability: Receive your data in a commonly used format to transfer to another provider, where applicable.
  • Right to Object: Object to our use of your data when we process it based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: You may withdraw your consent at any time where consent is the legal basis for processing.

To exercise any of these rights, please contact us using the contact details provided on our website. We may require identification to process your request, in line with GDPR requirements.

Data Security

We implement appropriate technical and organisational measures to ensure your data is protected against loss, misuse, or unauthorised access. This includes secure servers, encrypted transfers, access controls, and staff training. While we strive to secure your data, no method of transmission over the Internet is completely risk-free.

Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal obligations. Revised versions will be posted on our website with the revision date indicated. Continued use of our services indicates your acceptance of such changes.

Contact Information

If you have questions regarding this Privacy Policy, your rights, or how your information is managed, please refer to our website for ways to get in touch. We are committed to resolving any concern about your privacy to your satisfaction, or you may contact the relevant supervisory authority within your jurisdiction.