Emerson Park Flowers GDPR Privacy Policy

Scope of This Privacy Policy

This Privacy Policy outlines how Emerson Park Flowers ("we", "our", "us") collects, processes, and safeguards personal data for all customers placing orders from Emerson Park and its surrounding districts. We are committed to protecting your privacy and ensuring you understand the rights you have under the General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order with Emerson Park Flowers, we may collect and process the following personal information:

  • Basic identification information (such as your name, delivery address, and billing address)
  • Contact details (such as phone number and email address)
  • Order details (such as product selections, special instructions, and recipient’s information, where applicable)
  • Payment information (such as transaction date, payment method, and the last four digits of your payment card; we do not store complete card numbers)
  • Correspondence (records of communications you have with us regarding your order or customer service enquiries)
  • Technical information (such as IP address, device, and browser type, collected through your interaction with our website)

We collect only the minimum amount of personal data necessary to fulfil your order and provide quality customer service.

Lawful Basis for Processing

According to the GDPR, we must have a lawful basis for using your data. Emerson Park Flowers relies on the following bases:

  • Performance of a Contract: We collect and process your data as it is necessary for fulfilling your order or responding to your enquiries regarding our products or services.
  • Legitimate Interests: We may process your data to improve our services, to prevent fraud, or to keep you informed about essential information relating to your order.
  • Legal Obligations: In certain cases, we may be legally obliged to retain and disclose your data, for example, for tax or accounting purposes.
  • Consent: Where you have opted in to receive marketing communications, we rely on your consent, which you can withdraw at any time.

How Your Data Is Used

Your personal data is used exclusively for the following purposes:

  • Processing and delivering your order efficiently and correctly
  • Communicating with you about your order, delivery, or any enquiries
  • Providing customer support and handling complaints
  • Processing payments securely
  • Complying with legal requirements
  • Improving the functionality and security of our website
  • With your explicit consent, sending you updates, offers, or marketing communications

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. Typically, customer order data and related communications are retained for up to seven years, in compliance with UK legal and tax obligations. After this period, your data will be securely deleted or anonymised.

Our Use of Data Processors

To deliver our services, we may share certain personal details with selected data processors (third-party service providers), such as:

  • Delivery and courier companies responsible for fulfilling your order
  • Payment processing providers to securely handle your payment transaction
  • IT and website hosting providers who support the secure operation of our website

All processors are carefully chosen and adhere to the necessary data protection requirements. They are only permitted to process your data in accordance with our instructions and are not permitted to use it for their own purposes.

Your Rights Under GDPR

You have the following rights under the GDPR regarding your personal data:

  • Right to Access: You can request confirmation of whether we hold personal data about you and, if so, request a copy of that data.
  • Right to Rectification: If your data is inaccurate or incomplete, you have the right to request that we correct or update it promptly.
  • Right to Erasure ("Right to Be Forgotten"): In certain circumstances, you may request deletion of your personal data, except where we are required to retain it for legal reasons.
  • Right to Restrict Processing: You may request that we temporarily or permanently stop processing your personal data.
  • Right to Data Portability: You may request the transfer of your personal data to another organisation or to yourself, in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to our processing if you believe we do not have a lawful ground, especially regarding direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw it at any time.

To exercise these rights, or for any privacy-related queries, please contact us using the details provided on our website.

How We Protect Your Data

We implement a variety of technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include encryption of data in transit, access controls, and regular security reviews of our systems and processes.

International Data Transfers

Your personal data is primarily processed within the UK. In the rare event that your data is transferred outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your privacy in accordance with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal compliance. Any updates will be posted on our website, and, where appropriate, you may be notified of significant changes. We recommend reviewing this page periodically to stay informed.

Contact and Complaints

If you have any questions, concerns, or complaints regarding your personal data or this Privacy Policy, please reach out to us using the contact information available on our website. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

This Privacy Policy was last updated on 30 June 2024.