Privacy Policy: Customer Data Protection at Enfield Town Flowers

Scope of This Privacy Policy

This Privacy Policy sets out how Enfield Town Flowers collects, uses, stores, and protects your personal information when you place an order with us, whether online, in-person, or by phone. It applies to all customers based in Enfield Town and its surrounding districts who interact with our services. Our practices are designed to satisfy the requirements of the General Data Protection Regulation (GDPR).

Personal Data We Collect

When you place an order or make an enquiry with Enfield Town Flowers, we collect and process certain personal data to provide our products and services. The specific types of data we collect include:

  • Contact information: Name, delivery address, billing address, phone number (if provided), and postal code.
  • Order details: Products ordered, delivery instructions, and recipient information (if different from orderer).
  • Payment details: Transaction information excluding card details. Secure payment processors handle payment data directly and we do not store full payment card information.
  • Communication history: Records of your communications with us regarding orders, feedback, or support queries.
  • Technical data: Your IP address, device type, and browsing activity on our website, collected via cookies and similar technologies.

Our Lawful Bases for Processing

Under the GDPR, we must have a lawful basis for each type of processing. We typically rely on the following lawful bases:

  • Contractual necessity: To process your orders and deliver flowers as part of our contractual agreement.
  • Legal obligations: To meet legal and regulatory requirements, such as maintaining transaction records for tax purposes.
  • Legitimate interests: For purposes such as managing and improving our services, handling customer enquiries, and preventing fraud (provided these interests do not override your fundamental rights).
  • Consent: Where required, for optional activities such as sending marketing communications. You may withdraw consent at any time.

Use of Personal Data

We use your personal data strictly for purposes associated with fulfilling your order and providing a high-standard customer experience. This includes:

  • Processing and confirming your order.
  • Communicating with you about your purchase or delivery.
  • Delivering flowers and gifts to the specified address.
  • Maintaining internal records, accounting, and compliance with regulations.
  • Improving our services and understanding customer preferences (we use only unidentifiable, aggregated data for analytics).
  • Providing updates, special offers, or marketing messages only if you have given explicit consent or where permitted by law.

Personal Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Details include:

  • Order and transaction records: Maintained for up to 6 years to comply with accounting and tax requirements.
  • Customer queries and communications: Retained for up to 2 years after your last interaction to assist with ongoing customer service.
  • Marketing preferences: Maintained until you withdraw consent or unsubscribe.
  • Technical and cookie data: Retained in accordance with our cookie policy and for as short a period as practical.

When your data is no longer required, it will be securely deleted or anonymised.

Data Sharing and Processors

Your information may be transferred to selected third parties or data processors where necessary for the fulfilment of our services or legal obligations. Typical examples include:

  • Payment service providers: Process financial transactions securely. Enfield Town Flowers never stores full payment card numbers.
  • IT service providers: Hosting, maintenance, and support for our website and systems.
  • Delivery partners: Logistics firms involved in flower delivery may receive necessary contact and address information.
  • Professional advisors: Accountants or legal consultants where necessary to comply with our obligations.

All third-party processors are vetted for compliance with data privacy laws and are contractually obliged to keep your data safe and confidential. We do not sell or rent your personal data to any other organisations.

Your Rights as a Data Subject

Under the GDPR, you have a range of rights regarding your personal information. These include:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Correct any inaccurate or incomplete data.
  • Right to erasure: Ask for your data to be deleted under certain circumstances.
  • Right to restrict processing: Request a temporary halt to processing if you have concerns about accuracy or legitimate use.
  • Right to data portability: Receive your data in a commonly used format or have it sent to another provider.
  • Right to object: Object to certain types of processing, such as direct marketing.
  • Right to withdraw consent: For processing activities relying on your consent, you can withdraw at any time.

If you wish to exercise any of your rights, please contact us and we will respond in accordance with GDPR requirements. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data has been mishandled.

Data Security Measures

We implement suitable technical and organisational measures to safeguard your data against unauthorised access, accidental loss, destruction, or disclosure. These measures include secure servers, regular security reviews, staff training, and strict access controls. While we strive to protect your personal information, no system can be guaranteed 100% secure and we encourage you to take appropriate security precautions yourself.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on our website. We encourage customers to review this page periodically to stay informed about how we process and protect your data.

Contacting Enfield Town Flowers

If you have any questions, concerns, or requests regarding this Privacy Policy or the ways in which we handle your data, please write to us or visit our store in Enfield Town. We are committed to responding promptly and helping you exercise your rights.