Flower Delivery Epsom Privacy Policy Overview

Introduction

The privacy and security of your personal data are paramount to Flower Delivery Epsom. This Privacy Policy explains how we collect, use, retain, and protect your information when you place a flower delivery order from Epsom or the surrounding districts. Our practices comply with the General Data Protection Regulation (GDPR). Please read this policy to understand your rights and how your data is managed.

Scope of this Policy

This Privacy Policy applies to all Flower Delivery Epsom customers who place orders directly or through our website, phone service, or any other channels, specifically those located in Epsom and the surrounding districts. By placing an order, you acknowledge the processing of your personal data as described below.

What Data We Collect

When you use our service, we may collect, use, store, and transfer the following categories of personal data:

  • Identity Data: Name, title
  • Contact Data: Billing address, delivery address, telephone number, and where provided, an email address
  • Recipient Data: Name and delivery address of the person receiving flowers
  • Order Details: Details of your order, including messages, product preferences, and delivery instructions
  • Payment Data: Only payment confirmations or references – we do not store your full payment card details; these are handled by our secure payment processors
  • Technical Data: Internet protocol (IP) address, browser type and version, and device information when you interact with our website

Lawful Bases for Processing

We process your personal data only when there is a lawful basis, including:

  • Performance of a Contract: To process your order, arrange delivery, and fulfil your purchase agreement
  • Legal Obligation: To comply with legal, regulatory, or tax obligations
  • Legitimate Interests: For internal administrative purposes, fraud prevention, and business improvement, provided these do not override your rights
  • Consent: Where you have given explicit consent, such as for marketing communications (which you may withdraw at any time)

How We Use Your Data

Your data is used for the following purposes:

  • Processing your floral order and arranging delivery
  • Communicating with you regarding your order status or any necessary updates
  • Complying with statutory and legal responsibilities
  • Improving our services, offerings, and customer experiences
  • Managing payments, refunds, and billing queries
  • With your permission, sending marketing updates, offers, and promotions

Data Retention

We retain your personal data only as long as is necessary to fulfil the purposes it was collected for, including satisfying legal, accounting, and reporting requirements. Order and billing records are generally kept for a minimum of six years in accordance with UK tax and transaction regulations. Personal data for marketing purposes is retained until you withdraw consent, opt-out, or request erasure. After these periods, data will be securely deleted or anonymised.

Data Processors and Third Parties

To provide our services, we may share relevant data with trusted third-party suppliers or processors who act on our instructions, including:

  • Payment processing providers (for secure transaction handling)
  • IT and hosting support partners
  • Couriers and delivery partners (for delivery fulfilment)
  • Professional advisers and legal authorities if required for compliance

We ensure all processors are bound by appropriate data protection and confidentiality agreements. Your data is not sold or shared for unrelated marketing purposes.

International Transfers

Your personal data is primarily processed within the UK and the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure appropriate safeguards and legal mechanisms are in place, such as recognised adequacy agreements or contractual clauses.

Your Data Rights

Under the GDPR, you retain significant rights concerning your personal data:

  • Access: You may request access to your personal data held by us
  • Rectification: You may request correction of inaccurate or incomplete data
  • Erasure: You may ask us to delete your data, subject to legal or contractual constraints
  • Restriction: You may request limited processing of your data
  • Objection: You may object to data processing in certain situations, such as direct marketing
  • Portability: You can ask to transfer your data to another organisation
  • Withdrawal of Consent: Where processing is based on consent, you can withdraw at any time

Requests regarding your rights can be made in writing. We will respond in accordance with GDPR timescales and inform you if extended processing time is required.

Security of Your Data

We implement both technical and organisational measures to protect your personal data from unauthorised access, accidental loss, misuse, or disclosure. These include access controls, password protection, regular security reviews, staff training, and secure deletion processes. While we make every effort to protect your information, please note that transmission of data over the internet is never entirely secure.

Policy Updates

We may update this Privacy Policy to reflect changes in law, regulations, or our operational practices. Any significant changes will be communicated to you where appropriate. The effective date of this policy will be updated accordingly.

Further Information

If you have questions about this Privacy Policy or require further information regarding how we process your data, please contact us via the methods provided on our website or customer communications. If you are dissatisfied with how we process your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).