Privacy Policy: Shoreditch Flowers Customer Data Protection

Introduction and Scope

Shoreditch Flowers is committed to protecting the privacy of our customers. This Privacy Policy outlines how we collect, use, retain, and protect your personal data when you place orders with us, whether online, by phone, or in person. It applies to all customers placing orders who are located in Shoreditch and the surrounding districts. Our practices comply with the General Data Protection Regulation (GDPR) and relevant UK data protection laws. We encourage you to read this policy thoroughly to understand your rights and our obligations regarding your personal information.

What Personal Data Do We Collect?

When you place an order or interact with Shoreditch Flowers, we may collect the following categories of personal data:

  • Identity Data: Name, contact details (such as address and phone number), and, if applicable, details of the recipient.
  • Order Data: Details about your order, including delivery instructions, messages to recipients, and order history.
  • Payment Data: Payment method details (processed securely via our payment processors), though we do not store full card numbers directly.
  • Communication Data: Any correspondence or queries you submit to us, including feedback or reviews.
  • Technical Data: Information about how you access and use our website, such as browser type and IP address, collected via cookies or similar technologies (for website orders).

Lawful Basis for Processing Personal Data

Shoreditch Flowers processes your personal data only when there is a lawful basis to do so. These bases include:

  • Contractual Necessity: To process and fulfill your order for flowers and associated services.
  • Legal Obligation: To comply with legal and regulatory requirements, such as records for tax purposes.
  • Legitimate Interests: For internal recordkeeping, security, service quality improvements, and, where applicable, to make you aware of products or services similar to those you have previously purchased (you can opt out at any time).
  • Consent: Where we seek your explicit permission, such as for certain forms of marketing or promotional communications (consent may be withdrawn at any time).

How We Use Your Data

Your personal data is used in the following ways:

  • To process and deliver your orders, ensuring accurate fulfillment and communication.
  • To manage customer service interactions, including responding to queries and handling complaints.
  • To improve and personalize your experience with Shoreditch Flowers.
  • To maintain our records for accounting, tax, and internal purposes.
  • To send transactional communications (order confirmations, delivery updates) and, if you have agreed, relevant marketing materials.

Data Retention

Shoreditch Flowers will only retain your personal data as long as necessary to fulfill the purposes for which it was collected. Typically, we keep order and related account data for up to seven years to comply with accounting and tax regulations and to manage our relationship with you, such as handling any after-sales queries or complaints. Once your data is no longer required for business, legal, or regulatory reasons, it is securely deleted or anonymised.

Sharing Your Data and Data Processors

We only share your personal data with trusted third parties and only to the extent necessary to process your order and deliver our services. These third parties may include:

  • Payment service providers handling transaction processing securely.
  • Delivery services or couriers for dispatching your order.
  • IT service providers supporting our website and customer management systems.
  • Professional advisors or auditors, where necessary for regulatory or legal compliance.

All third-party processors engaged by Shoreditch Flowers are contractually required to safeguard your data and comply with GDPR. We do not sell your personal data to any third party. If data is transferred outside the United Kingdom or European Economic Area, we ensure that it is protected via appropriate safeguards, such as Standard Contractual Clauses or equivalent measures.

Your Data Protection Rights

Under the GDPR, you have several rights regarding your personal information. These include:

  • Right of Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete information.
  • Right to Erasure: Also known as the 'right to be forgotten', you can request the deletion of your data when it is no longer necessary for the purposes collected, or if you withdraw consent.
  • Right to Restrict Processing: In certain circumstances, you can request us to suspend processing your data.
  • Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format, and have the right to transmit that data elsewhere.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes at any time.
  • Right to Withdraw Consent: If we are processing your data based on consent, you can withdraw this at any time.

Should you wish to exercise any of these rights, please contact us using the details provided on our website or in-store. We will respond to all legitimate requests within one month, in accordance with GDPR.

Data Security

The security of your data is vital to us. We employ appropriate technical and organisational measures to protect your personal data, including encryption, access controls, and staff training. While we work diligently to safeguard your information, please be aware that no internet transmission can be guaranteed as 100% secure.

Updates to This Policy

We may update or revise this Privacy Policy occasionally to reflect changes in our practices, legal requirements, or enhancements to our services. Any modifications will be published on our website and available in-store, with the revised date. We encourage you to review this policy periodically.

Contact and Complaints

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details on our website or ask in-store. If you are not satisfied with our response or handling of your data, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).