Privacy Policy for Florist Marks Gate Customers

Introduction

At Florist Marks Gate, we are committed to safeguarding the privacy and personal data of our customers. This Privacy Policy explains how we collect, use, store, and protect your personal information in line with the General Data Protection Regulation (GDPR). This Policy applies to all customers placing orders with Florist Marks Gate from Marks Gate and the surrounding districts. By ordering our products, you acknowledge and accept the practices described in this Policy.

What Data We Collect

When you interact with Florist Marks Gate, we may collect the following categories of personal data:

  • Contact Information: Name, address (delivery and billing addresses), and communication preferences.
  • Order Details: Items ordered, delivery date, recipient information (name, address, and telephone number), special delivery notes, and payment information.
  • Account Information: If you create an account, we may collect your username, password (encrypted), and order history.
  • Communications: Records of your correspondence with us, including queries, feedback, and complaints.
  • Technical Data: IP address, device information, and browsing activity related to our website (if any).

We strive to collect only the minimum personal data required to process your order and provide a smooth customer experience.

Lawful Basis for Processing Your Data

Under GDPR, we process your personal data using the following lawful bases:

  • Contractual Necessity: Most of the data we collect is necessary to fulfil your order and our obligations to you as a customer (for example, delivery address and payment details).
  • Legal Obligation: We may need to process certain data to comply with legal and regulatory requirements, such as tax and accounting obligations.
  • Legitimate Interests: Some processing is necessary for our legitimate business interests, such as improving our products and services or managing customer relationships. We always balance our interests against your rights and freedoms.
  • Consent: In cases where consent is required (e.g., marketing communications), we will always ask for your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders, including delivery management and payment processing.
  • Communicating with you regarding your orders, delivery status, or special instructions.
  • Improving our services, responding to your inquiries, and handling complaints or feedback.
  • Maintaining accurate order and transaction records for legal, regulatory, or accounting purposes.
  • Sending you information about new products or special offers, but only if you have opted in to receive such communications.
  • Ensuring the security, functionality, and integrity of our online and offline systems.

Who Processes and Accesses Your Data

Your information is only accessed by members of our team who need it to process your order or manage our customer relationship. In some instances, we may need to share your data with trusted third-party processors, such as:

  • Payment service providers for secure processing of card payments.
  • Delivery couriers who require contact and address details to successfully deliver your order.
  • IT service providers who help us maintain and support our ordering or website systems.

These third parties are carefully selected and contracted to process your data only as instructed by Florist Marks Gate, and in accordance with GDPR obligations. We do not sell or rent your personal information to third parties for marketing purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Policy, including satisfying any legal, accounting, or regulatory requirements. Typically:

  • Order and transaction data is retained for up to seven years to comply with tax and accounting laws.
  • Customer correspondence is kept for as long as required to resolve queries and complaints.
  • Marketing consent records are kept until you withdraw your consent or until we no longer send marketing communications.

At the end of the retention period, your personal data will be securely deleted or anonymised.

Your Rights Under GDPR

You have the following rights in relation to your personal data, which you may exercise at any time:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where there is no legal reason for us to continue processing it.
  • Right to Restrict Processing: Ask us to restrict processing of your data in certain situations.
  • Right to Data Portability: Request to receive your data in a structured, commonly used, machine-readable format and/or request that we transmit it to another controller.
  • Right to Object: Object to our processing of your data where we rely on legitimate interests or direct marketing.
  • Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw this at any time.

If you wish to exercise any of these rights, please contact us using our standard communication channels.

Data Security

We implement appropriate technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include secure systems, access controls, and staff training.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in how we process your data or to comply with new legal requirements. We will notify you of any significant changes by updating our website or through other appropriate channels. We encourage you to review this Policy periodically.

Contacting Us

If you have questions about this Policy, your rights, or how we process your data, please reach out to us via our published contact details. We are dedicated to addressing your questions and resolving any issues related to your personal data promptly and transparently.