Privacy Policy for Flowers Cubitt Town Orders

Introduction

This Privacy Policy outlines how Flowers Cubitt Town (“we”, “us”, or “our”) handles your personal information. It applies to all customers placing orders from Cubitt Town and its surrounding districts. Our commitment is to the responsible and secure processing of your data in accordance with the UK General Data Protection Regulation (GDPR) and other applicable privacy laws.

What Personal Data We Collect

To provide our floral delivery and fulfilment services, we may collect and process the following types of personal data from you:

  • Identity Data: Name, surname, and any honorifics you provide.
  • Contact Data: Delivery address, phone number, billing address, and other relevant information to deliver your order.
  • Order Information: Details and preferences regarding your order, such as delivery instructions, card messages, or recipient information.
  • Payment Data: Payment method, transaction details, and confirmation, though payments are processed through secure, external processors (see “Data Processors”).
  • Communications: Any correspondence with us, such as queries, feedback, or complaint details, is stored for quality and assurance purposes.
  • Technical Data: Details about your device, IP address, and usage patterns if you order through our website (for security and site functionality).

Lawful Basis for Processing

We only process your personal data where we have a lawful basis under GDPR. Our lawful bases include:

  • Performance of a Contract: Most data processing is necessary to fulfil your order or take steps at your request prior to placing an order.
  • Legal Obligations: Some information may be processed to comply with UK law, such as tax or accounting obligations.
  • Legitimate Interests: We may process data to improve service quality, manage and secure our business, and handle queries or complaints, provided this does not override your rights and freedoms.
  • Consent: In rare cases (such as for certain types of marketing), processing will only occur if you have given explicit consent.

How We Use Your Data

Your data is used strictly for the purposes it was collected for, such as:

  • Processing and delivering your flower orders.
  • Managing payments, refunds, and resolving related issues.
  • Communicating with you about your order status or responding to queries.
  • Improving our products and services through customer feedback.
  • Complying with legal requirements and protecting our property or interests.

Data Retention

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected—including satisfying legal, accounting, or reporting requirements.

Typically, order and transaction-related data are retained for up to 7 years in line with tax and statutory regulations. Communications and records related to feedback or complaints are retained for up to 3 years from the last interaction unless a longer retention is mandated by law. Technical and analytical data collected through our website is retained for a maximum of 24 months.

Once the retention period ends, your data is securely deleted or anonymised.

Data Processors and Sharing

We may share your data with select third-party service providers (“processors”) who enable us to operate and deliver our services efficiently. These processors act on our instructions and are contractually obligated to handle your information securely and in compliance with GDPR.

  • Payment Processors: Securely handle card and payment transactions and may include banks or payment platforms.
  • IT and Hosting Providers: Supply technical infrastructure for our website and data storage.
  • Delivery Partners: Trusted couriers or agents tasked with delivering your order to the recipient.

We do not sell your personal data to any third parties. Transfers of data outside the United Kingdom or EEA are only carried out where adequate safeguards are in place.

Your Rights

Under GDPR, you have certain rights in relation to your personal data. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to inaccurate or incomplete data.
  • Right to Erasure: In specified circumstances, request deletion of your personal data.
  • Right to Restrict Processing: Ask us to suspend processing your data under certain conditions.
  • Right to Data Portability: Request that we transfer your data to another organisation or to you.
  • Right to Object: Object to processing, particularly for direct marketing or where we rely on legitimate interests.

To exercise your rights, or if you have questions about this privacy policy, you can contact us using the information on our website. Proof of identification may be required before actioning your request.

Security of Your Data

We take the security of your personal information very seriously. Appropriate organisational and technical measures are implemented to safeguard your data against accidental loss, unauthorised access, or unlawful processing. Access to your data is limited to those employees, agents, and processors who require it for legitimate business purposes, and all are subject to a duty of confidentiality.

Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will take steps to securely delete it as soon as possible.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal requirements or changes to our operations. The latest version will always be available on our website. Please check back regularly to stay informed about how your data is protected.

Contact Us

If you have any questions or concerns regarding how your data is processed, or if you wish to exercise your rights under this policy, please contact us using the details provided on our official website.