Mile End Florist Customer Data Privacy Policy

Introduction

This privacy policy explains how Mile End Florist ('we', 'us', or 'our') collects, uses, stores, and shares your personal data in compliance with the General Data Protection Regulation (GDPR). This policy is specifically applicable to all customers placing flower orders with Mile End Florist in Mile End and surrounding districts. We are committed to ensuring your privacy and lawful processing of your data at all times.

What Data We Collect

To provide our flower delivery and related services, we may collect and process the following categories of information from customers placing orders:

  • Contact information: Name, delivery address, billing address, phone number.
  • Order related data: Items ordered, delivery instructions, messages for card notes.
  • Payment details: Card transaction data (processed via secure third-party payment processors; we do not store your full payment card details).
  • Communication records: Correspondence such as emails, messages, or notes regarding your order.
  • Technical data: IP address, browser type, and usage logs collected through our website for analytics and security (where applicable).

Lawful Bases for Processing Your Data

We process your personal data on the following lawful bases as defined by the GDPR:

  • Performance of a contract: We need your information to process, fulfil, and deliver your order.
  • Legal obligation: To comply with laws regarding payment records and consumer transactions.
  • Legitimate interest: To manage and improve our services (such as quality assurance and customer support), where such interests are not overridden by your rights and interests.
  • Consent: If we ever send you marketing communications or request optional feedback, it will be based on your consent, which you can withdraw at any time.

How We Use Your Information

Your information is used strictly for the following purposes:

  • Processing and delivering flower orders, including arranging bespoke orders.
  • Communicating service information, order updates, and managing customer support.
  • Complying with legal, accounting, or regulatory obligations.
  • Improving our website, services, and customer experience through analysis and feedback (where lawful).

Retention of Personal Data

We retain personal data for the duration necessary to fulfil the purposes of processing as detailed above. Typically, we retain order data for up to seven years to comply with accounting and legal obligations. Customer correspondence is kept for a maximum of two years unless there is an active dispute or ongoing service enquiry. When retention is no longer required, we securely delete or anonymise your information in accordance with our data deletion policy.

Our Data Processors and Third Parties

Where appropriate, we may share your personal data with trusted processors in order to provide our services efficiently. These include:

  • Payment processors: Securely handle customer payments and fraud detection (we do not retain full payment card details).
  • Certain IT service providers: Assist in website hosting, email delivery, and order management systems.
  • Delivery couriers: Fulfil delivery requests based on your order and address information.

All third-party processors only access the information they require to perform their roles and are contractually obligated to process your data securely and confidentially. We do not sell or rent customer data to any third parties for marketing purposes.

International Data Transfers

We primarily store and process your personal data within the UK and the European Economic Area (EEA). Where any data is processed outside of these regions, we ensure suitable safeguards are in place as required by GDPR, such as standard contractual clauses or certifications of adequate data protection standards.

Your Rights as a Customer

GDPR provides you with several important rights regarding the personal data we hold about you. These include:

  • Right to access: Request a copy of the data we hold about you.
  • Right to rectification: Have any incomplete or inaccurate data corrected.
  • Right to erasure: Ask us to delete your data, where applicable.
  • Right to restrict processing: Limit how we use your information if you contest its accuracy or our use is unlawful.
  • Right to data portability: Request your data in a structured, commonly used electronic format for transmission to another service provider.
  • Right to object: Object to processing that is based on legitimate interests or direct marketing (where applicable).
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to complain: Lodge a complaint with a supervisory authority if you believe we are not handling your data in accordance with the law.

To exercise any of these rights, please contact us using the details found on our official website or by visiting our shop in person.

Security of Your Information

We have implemented technical and organisational measures to protect your information from unauthorised access, use, disclosure, alteration, or destruction. Such measures include secure storage, encrypted payment processing, and limiting access to personal data to trained team members and authorised processors only.

Policy Updates

We may update this privacy policy from time to time to reflect changes in legal, regulatory, or operational requirements. Major changes will be clearly signposted in our store and on our website. We encourage you to review this policy periodically.

Contact and Further Information

If you have questions about this privacy policy or how we handle your personal data, please contact us through the details provided at our physical shop or as indicated on our website. We are committed to addressing your data protection concerns promptly and transparently.