Deptford Flowers GDPR Privacy Policy

Our Commitment to Your Privacy

At Deptford Flowers, we understand the importance of privacy and transparency when it comes to your personal data. We are committed to ensuring that your information is protected and handled in compliance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal data whenever you place orders with Deptford Flowers, whether you’re based in Deptford or surrounding districts. Please read this Policy carefully to understand your rights and our obligations.

Who This Policy Applies To

This Privacy Policy applies to all customers placing orders with Deptford Flowers, including those residing in Deptford and nearby areas. It covers both in-person and online orders and applies to all interactions with our business where we act as the Data Controller.

What Data We Collect

To fulfil your order and provide the best possible service, Deptford Flowers may collect the following types of personal data:

  • Identity Data: Name, delivery recipient’s name, and associated order details.
  • Contact Data: Delivery address, billing address, and optional contact preferences.
  • Order Data: Details of flowers and gifts ordered, order date, delivery instructions, and transaction summary.
  • Payment Information: Payment methods and limited payment details, processed securely via our payment providers.
  • Communication Data: Emails, order confirmations, customer support communications, and feedback.
  • Technical Data (if you place an order online): Device information, IP address, browser type, and cookies necessary for order processing and security.

Lawful Basis for Processing

Deptford Flowers processes your personal data using one or more of the following lawful bases, as defined under Article 6 of the GDPR:

  • Contract: Data is processed to fulfil your flower orders or to provide services you have requested.
  • Legal Obligation: In some cases, we are required to retain certain data for tax and accounting purposes.
  • Legitimate Interests: We may process your data for providing customer support, improving our services, or informing you of changes related to your order, provided these interests do not override your rights.
  • Consent: Where required, especially for marketing communications, we will obtain your consent before processing your data for these purposes. Consent may be withdrawn at any time.

How We Use Your Data

Deptford Flowers uses your personal data for the following purposes:

  • To process, fulfil, and deliver your orders.
  • To communicate with you regarding your order or respond to customer service enquiries.
  • To comply with our legal obligations, such as record-keeping for tax and regulatory authorities.
  • To maintain security and integrity of our services.
  • To conduct limited and relevant direct marketing, only with your explicit consent.
  • To improve our services based on aggregated and anonymised feedback and usage data.

Data Sharing and Processors

In order to provide our services, we may need to share your data with trusted third parties known as data processors. These processors act on our instructions and are carefully selected for their commitment to data security. We ensure all such partners are GDPR-compliant. The main categories of processors we use include:

  • Payment Service Providers: To process card or online payments securely.
  • Couriers and Delivery Partners: To deliver your flowers and gifts to the specified address.
  • IT and Web Hosting Providers: To enable the processing of online orders and data security.
  • Customer Relationship Management (CRM) Tools: For managing customer communications, only as necessary for your order.

We never sell your personal data to third parties.

How Long We Retain Your Data

Your personal data is retained only as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law (for example, for tax or accounting purposes). The typical retention periods are:

  • Order and Transaction Data: Retained for up to 7 years for legal and financial record-keeping.
  • Marketing Data: Retained until you withdraw consent or indicate you no longer wish to receive communications.
  • Customer Service Communications: Retained for 2 years from the date of last interaction unless required to resolve disputes.

Your Data Protection Rights

As a data subject under GDPR, you have a number of rights concerning your personal data:

  • Right of Access: You can request access to your personal data and receive a copy of the information we hold about you.
  • Right to Rectification: You can ask us to correct any incomplete or inaccurate data.
  • Right to Erasure: Under certain circumstances, you have the right to request deletion of your personal data.
  • Right to Restrict Processing: You may ask us to restrict the processing of your data under statutory conditions.
  • Right to Data Portability: You are entitled to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to our processing of your data based on legitimate interests or for marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

Protecting Your Data

Deptford Flowers takes security seriously and employs appropriate technical and organisational measures to safeguard your personal data against loss, theft, and unauthorised access. Only authorised personnel and trusted processors can access your data for the purposes described above.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time in order to reflect changes to our practices or regulatory requirements. When we do, we will update the revision date at the top of this document. You are encouraged to review this policy regularly to stay informed about how we are protecting your information.

How to Contact Us

If you have questions about this Privacy Policy, your rights, or how we use your personal data, please get in touch with our customer service team or visit us in store. You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data has not been handled in accordance with GDPR.

Thank you for trusting Deptford Flowers with your information. We value your privacy and are dedicated to protecting your personal data in all that we do.