Privacy Policy for Coulsdon Flowers Customers

Our Commitment to Your Privacy

At Coulsdon Flowers, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Coulsdon Flowers from Coulsdon and surrounding districts.

Personal Data We Collect

We may collect and process the following types of personal data when you interact with Coulsdon Flowers:

  • Contact Information: such as your name, address, and delivery address (if different), so we can fulfil your flower order.
  • Order Details: including your specific flower selections, preferences, messages for recipients, and delivery instructions.
  • Payment Information: details provided when making payments (note: payment details such as credit card numbers are processed by our trusted payment processor and are not stored by us).
  • Communication Details: records of your correspondence with us, including enquiries and comments about our services.
  • Website Usage Information: data collected through cookies and similar technologies, such as IP address, browser type, and device information, to improve website functionality and customer experience.

Lawful Basis for Processing Your Data

We only process your personal data where we have a lawful basis under the GDPR. Our lawful bases include:

  • Performance of Contract: Processing your data to fulfil your order and deliver our flower products as agreed.
  • Legal Obligation: Retaining records or disclosing data as required by law (for example, for tax or accounting purposes).
  • Legitimate Interests: To enhance our service, communicate with you about your order, and improve our offerings, provided these interests are not overridden by your rights.
  • Consent: To send you promotional materials about our products and services, or to use cookies beyond those necessary for website function, we will always seek your explicit consent first.

How We Use Your Data

Your data may be used for the following purposes:

  • Processing and delivering your flower orders, including confirming orders and arranging delivery.
  • Managing our relationship with you, including responding to enquiries, feedback, or complaints.
  • Improving our website and services based on your preferences and usage patterns.
  • Complying with our legal and regulatory obligations.
  • Sending you marketing information (where you have given consent).

How Long We Keep Your Data

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by applicable law. Typically:

  • Order and delivery information is kept for up to seven years to comply with accounting and tax regulations.
  • Marketing preferences are retained until you withdraw your consent.
  • Technical and website usage data is kept for a maximum of two years.

Once your information is no longer required, it will be securely deleted or anonymised.

Data Sharing and Processors

Coulsdon Flowers will never sell or rent your personal information. Your data may be shared with responsible third parties only as needed to provide our services or meet our legal obligations. Typical processors and recipients include:

  • Payment Processors: Secure platforms that process your payments on our behalf.
  • Delivery Service Providers: Trusted couriers or delivery personnel to fulfil your order.
  • Website Hosting and IT Providers: Third parties that provide infrastructure, security, and email services, under strict contractual terms.

Any third party acting on our behalf will process your data only as instructed by us and only for the purposes defined in this policy. All processors are contractually required to keep your data confidential and secure.

International Transfers

Your data is primarily processed and stored within the United Kingdom and the European Economic Area (EEA). Should it ever be necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect your rights and privacy, in accordance with GDPR requirements.

Your Rights Under GDPR

As a customer, you have several important rights regarding the personal data we hold about you. You may:

  • Access: Request a copy of your personal data held by us.
  • Rectification: Ask us to correct any inaccurate or incomplete information.
  • Erasure: Request that we delete your personal data in certain circumstances.
  • Restriction: Request restricted processing of your data in certain situations.
  • Objection: Object to processing carried out on the basis of legitimate interests or for direct marketing.
  • Data Portability: Obtain your personal data in a structured, commonly used, and machine-readable format to transmit elsewhere.
  • Withdraw Consent: Withdraw your consent for processing at any time, where consent is the legal basis.

To exercise any of your rights, please contact us using the details provided on our website. We may require verification of your identity before processing your request, to ensure your privacy and security.

Security of Your Information

We take the security of your information seriously. We implement suitable technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. Access to your personal data is strictly limited to those who need it to provide our services.

Use of Cookies and Tracking Technology

Our website uses cookies to ensure functionality, analyse traffic, and deliver a better experience. Where cookies are not strictly necessary, we will ask for your consent before placing them on your device. For further details, refer to our separate Cookie Policy accessible on our website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with the date of revision. We encourage you to review this policy regularly to stay informed of how we are protecting your information.

Contact Us

If you have any questions about this Privacy Policy, your personal information, or your rights under GDPR, please use the contact details provided on our website to get in touch. We are committed to resolving your concerns and ensuring your privacy is respected.