Your Privacy at Flower Delivery Crystal Palace

Overview of This Policy

This Privacy Policy explains how Flower Delivery Crystal Palace ("we", "us", "our") collects, uses, stores, and protects your personal information when you order flower delivery services from us in Crystal Palace and surrounding districts. This policy is designed to comply with the General Data Protection Regulation (GDPR) and is applicable to all our customers placing orders in our service area.

Personal Data We Collect

When you place an order with Flower Delivery Crystal Palace, we collect personal data necessary for processing and fulfilling your request. Depending on your interaction, we may collect the following categories of data:

• Identity Data: Name, title, and, where applicable, company name.
• Contact Data: Delivery address, billing address, phone number(s), and recipient details.
• Order Information: Purchase history, details of products ordered, delivery instructions.
• Payment Data: Card details and payment transaction information (please note, we do not store full card numbers; payments are managed securely through third-party payment processors).
• Correspondence Data: Communication with us via forms, enquiries, feedback, or complaints.
• Technical Data: Device information, IP address, browser type, access and activity logs gathered during your interaction with our website for system security and analytics.

Lawful Basis for Processing

By law, we must have a valid reason for using your personal data. The lawful bases on which we collect and process your data include:

• Contractual Necessity: To process your flower delivery orders, manage payments, and provide customer service.
• Legal Obligation: To fulfil statutory requirements (such as record retention for tax purposes).
• Legitimate Interests: For improving our services, internal record keeping, and (unless you opt out) to send informational updates relevant to your purchase.
• Consent: Where required, for activities such as direct marketing communications.

How We Use Your Information

Your information is used solely to provide you with our flower delivery services and to fulfil the requirements of your order. Specifically, we use your data:

• To process and deliver your orders efficiently
• To keep records of sales and transactions for accounting and governance
• To communicate with you regarding your order status or service feedback
• To improve our website, products, and customer experience through analytics and feedback
• To comply with legal and regulatory obligations

Retention of Your Personal Data

We retain your personal data only for as long as necessary for the purposes for which it was collected, in accordance with applicable legislation and best practices. The retention period may vary depending on:

• Legal requirements for tax and accounting (up to seven years)
• The nature of our ongoing relationship (e.g., customer accounts or recurring orders)
• Our need to resolve disputes, enforce agreements, or support legal claims

Once your data is no longer required, it will be securely deleted or anonymised, ensuring your privacy is upheld.

Third-Party Data Processors

We partner with and may disclose your personal information to trusted third-party processors who provide services essential to our business, such as:

• Payment service providers
• Delivery and courier partners
• IT hosting and website maintenance providers
• Analytics services (for website improvement)

All processors are subject to contractual obligations to safeguard your data and only use it in accordance with our instructions. We do not sell or rent your data to any third parties. Wherever possible, data processing occurs within the European Economic Area (EEA). Should data be transferred outside the EEA, we ensure it is protected by appropriate safeguards as required by law.

Your GDPR Rights

Under the GDPR, you have a number of rights regarding your personal information:

• Access: You may request information about the personal data we hold about you and how it is processed.
• Rectification: You may ask us to correct or complete inaccurate or incomplete data.
• Erasure: You may request deletion of your personal data where there is no lawful basis for continued processing.
• Restriction: You may request a pause on the processing of your data while we resolve queries or disputes.
• Portability: You can ask for your data in a commonly used, machine-readable format so it can be transferred to another provider.
• Objection: You may object to certain types of processing, including direct marketing (which you can opt out of at any time).

How We Keep Your Data Secure

We are committed to ensuring the security and confidentiality of your personal data. We use technical and organisational measures and review these regularly to prevent loss, theft, unauthorised access, or misuse of your data. These measures include regular security audits, access controls, encrypted storage and secure payment systems managed by compliant third-party partners.

Updates to This Policy

This Privacy Policy may be reviewed and updated from time to time in line with legislative changes or our operational practices. The most recent version will always be available via our website. Material changes will be indicated clearly and, where appropriate, notified to you directly where you continue to use our services.

Contacting Flower Delivery Crystal Palace

If you have questions about this Privacy Policy, your data, or would like to exercise any of your GDPR rights, please reach out to our team by using the contact details provided on our website. We are committed to resolving any privacy concerns you may have in a prompt and fair manner.

Policy Scope

This Privacy Policy applies to all customers residing in or placing an order for delivery in Crystal Palace and its surrounding districts. By placing an order with Flower Delivery Crystal Palace, you confirm your understanding and acceptance of this policy and our data protection practices.