Privacy Policy for Dalston Flowers Customers

Introduction

This Privacy Policy outlines how Dalston Flowers ('we', 'us', or 'our') collect, use, store, and protect your personal information when you place orders with us. It also details your rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing Dalston Flowers orders from Dalston and the surrounding districts.

Data We Collect

When you use our services to place an order, we may collect and process the following types of personal data:

  • Identity Data: Your full name, and, if applicable, the recipient’s name.
  • Contact Data: Billing and delivery addresses, phone number (if provided), and optionally, email address.
  • Order Data: Details of your flower orders, delivery instructions, and any personalised message you may include.
  • Payment Data: Payment method details. Please note that we do not directly store your full card details; payment information is processed securely by our payment service providers.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform – collected via cookies when you use our website.

Lawful Basis for Processing

We process your personal data only when there is a lawful basis under the GDPR. The main bases we rely on include:

  • Contractual Necessity: To fulfil our obligations to provide and deliver your floral order as requested.
  • Legal Obligation: To comply with legal and regulatory requirements, such as maintaining accurate financial and business records.
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security. Any such usage is balanced against your individual rights and interests.
  • Consent: Where required and given, for example, where you opt-in to receive marketing communications or subscribe to our newsletter.

How We Use Your Data

Your personal data may be used for one or more of the following purposes:

  • To process and deliver your order, including contacting you or the recipient if clarification is needed.
  • To manage payments, and handle billing or account queries.
  • To comply with our legal obligations, such as proper record-keeping for tax purposes.
  • To respond to your enquiries, requests, or feedback.
  • To analyse transaction data, trends, and customer preferences to enhance our products and services (using aggregated and de-identified data whenever possible).
  • If you have given explicit consent, to send you news or promotional offers relevant to our products and services.

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. In general:

  • Order records, contact data, and associated transaction details are typically retained for up to seven (7) years following your last order, to comply with tax and accounting rules.
  • Payment card details are not stored by Dalston Flowers but processed securely by third-party providers.
  • If you have opted to receive marketing communications, we will retain your contact information until you unsubscribe or withdraw consent.
  • Data collected via cookies and analytics will be retained in accordance with our cookie policy, and always in compliance with applicable laws.

Processors and Data Sharing

Dalston Flowers may share your personal data with trusted third-party service providers (processors) who assist us in delivering our products and services, including:

  • Payment processing providers for secure transaction handling.
  • Delivery and courier companies to ensure successful and timely delivery of your order.
  • Professional service providers, such as IT support, website hosting, and customer support platforms.

All our processors are required to respect the security of your personal data, process it only on our instructions, and comply with GDPR requirements. Your data is not sold or transferred to third parties for their own marketing purposes. We do not transfer your personal data outside the European Economic Area (EEA) without appropriate safeguards.

Protecting Your Data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Access to your personal data is restricted to authorised staff and essential service providers only.

Your Rights Under GDPR

Under the GDPR, you have several rights regarding your personal data. These include the right to:

  • Access: Receive a copy of your personal data we hold and information about how it is processed.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your data in certain circumstances (also known as the ‘right to be forgotten’).
  • Restriction: Request restriction of processing your data in certain cases.
  • Objection: Object to certain types of processing, such as receiving direct marketing.
  • Portability: Request the transfer of your personal data to another service provider, where technically possible.
  • Withdraw Consent: If processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

If you would like to exercise any of these rights, you can contact us by post or via our website's contact form. We may need to verify your identity before fulfilling your request, and will respond within one month, as required by law.

Changes to this Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Significant changes will be communicated on our website, and where required, we will seek your renewed consent.

Contact and Further Information

If you have any questions about this Privacy Policy, your rights, or how we use your personal data, please contact us via the details provided on our website or by post. We encourage you to contact us if you have any concerns, and you may also lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data is being handled unlawfully.

This privacy policy was last updated on 1 June 2024.