Flowers Mortlake Privacy Policy

Introduction

This Privacy Policy explains how Flowers Mortlake collects, uses, shares, and protects your personal data when you place orders within Mortlake and its surrounding districts. Flowers Mortlake is committed to respecting your privacy and complying with all relevant data protection laws, including the General Data Protection Regulation (GDPR). This policy applies to all customers ordering from us, either directly or via our website or phone.

What Data We Collect

When you place an order or interact with Flowers Mortlake, we collect certain personal information to fulfil your request:

  • Contact Information: Such as your name, address, and delivery address (if different), to process and deliver your order.
  • Order Details: Including records of your purchases, delivery instructions, and any personal messages included with your flowers.
  • Payment Information: Payment card details or payment confirmation, which may be processed by a secure third-party provider.
  • Communication Records: Notes of any inquiries or feedback submitted through phone or online forms.
  • Technical Data: Such as device identifiers, IP address, and information about how you use our website. This is gathered through cookies or analytics tools to improve our website’s functionality.

Lawful Basis for Processing

Under GDPR, we can only use your personal data if we have a lawful basis for doing so. We process your data for the following reasons:

  • Contractual Obligations: To process your order and deliver goods and services to you.
  • Legitimate Interests: To ensure our business runs smoothly, prevent fraud, and improve our services. We only process data in a way that does not override your data protection rights.
  • Legal Requirements: To comply with applicable laws and statutory obligations, such as accounting and taxation regulations.
  • Consent: Where required (for example, for marketing communications), we ask for your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your data is used solely for the purposes of fulfilling and managing your orders, responding to inquiries, processing payments, delivering flowers, and ensuring a smooth customer experience. Where legally permitted and with your consent, we may also use your data to send relevant information about new products or services, but you may opt out at any time.

Data Retention

We only retain your personal data for as long as is necessary for the purposes for which it was collected, or as required by legal, regulatory, or accounting standards. Typically:

  • Order information is retained for up to six years to comply with accounting and tax laws.
  • Communication records and feedback are retained for up to two years after response or resolution.
  • Technical data (such as analytics) is anonymized where possible and kept only for as long as it is needed for analytical purposes.

Once your data is no longer required, it will be securely deleted or anonymized.

Processors and Data Sharing

Flowers Mortlake only shares your data with trusted partners and service providers (“processors”) who help us deliver our services. These may include:

  • Payment processors who handle transaction information securely.
  • Delivery partners who receive your contact and delivery details to ensure your flowers arrive on time.
  • IT service providers, such as website hosting companies and those supporting our business systems.

All processors are required to handle your data securely, in accordance with GDPR, and are prohibited from using your personal data for any purpose other than providing contracted services.

We do not sell, rent, or trade your data with third parties. We may disclose data if legally required (for example, by a court order) or to protect our business or customers from fraud or other risks.

Transfers Outside The European Economic Area (EEA)

Your data is stored within the UK or EEA whenever possible. If we must transfer data outside these regions (for example, through an international IT provider), we ensure appropriate safeguards are in place such as using Standard Contractual Clauses or processors certified to comply with relevant data protection standards.

User Rights Under GDPR

You have a range of rights regarding your personal data under GDPR. These include:

  • Right of Access: You can request a copy of your personal data we hold.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You may request that your data be deleted, where legally permitted.
  • Right to Restrict Processing: You can request we limit how we use your data in certain circumstances.
  • Right to Object: You can object to certain uses of your data, such as direct marketing.
  • Right to Data Portability: You can request your data be sent to you or another organisation in a structured, commonly used format.

If you wish to exercise any of these rights or have questions about your data, please contact us in writing. We may need to verify your identity before fulfilling your request, and we aim to respond within one month.

Children's Privacy

Flowers Mortlake does not knowingly collect or process children's data. If we become aware that personal data has been collected from a child without appropriate consent, we will take steps to delete that information promptly.

Updates to This Policy

This Privacy Policy may be updated from time to time in response to legal, technical, or business developments. Any significant changes will be communicated via our website or directly to you where appropriate. Please refer back regularly for the latest information on how we process your personal data.

Contact and Complaints

If you have questions, concerns, or requests relating to this Privacy Policy or how your data is handled at Flowers Mortlake, please contact us in writing. If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the UK Information Commissioner's Office or your local data protection authority.