Chessington Florist Privacy Policy

Introduction

This Privacy Policy describes how Chessington Florist ("we", "us", "our") collects, uses, stores, and protects your personal data when you place orders with us in Chessington and surrounding districts. We are committed to processing your data in compliance with the General Data Protection Regulation (GDPR) and to safeguarding your privacy at all stages of your interaction with us. This policy applies to all customers who place orders with Chessington Florist, whether online, in person, or via telephone.

What Data We Collect

In order to fulfil your orders and provide the best possible service, we may collect the following categories of personal data:

  • Identification Data: such as your name, delivery address, and billing address.
  • Contact Details: including your telephone number and, if provided, your email address.
  • Order Information: details of flower arrangements or products ordered, messages for recipients, delivery preferences, and purchase history.
  • Payment Data: information required for payment processing (e.g., partial payment card details). We do not store full card information once transactions are completed.
  • Technical Data: IP address, browser type, and similar data collected through cookies or analytics if you use our website, to improve user experience and website functionality.

The Lawful Basis for Data Processing

We only collect and process your personal data when there is a lawful basis to do so as set out under Article 6 of the GDPR. The principal lawful bases we rely on include:

  • Contractual Necessity: To process your orders, arrange delivery, and provide associated customer services.
  • Legal Obligation: To comply with legal requirements relating to financial records, accounting, and consumer rights regulations.
  • Legitimate Interests: To improve our services, manage our relationship with you, respond to your enquiries, or pursue and defend legal claims. We will always consider your interests before relying on this basis.
  • Consent: Where you have expressly opted-in (e.g., to receive marketing communications), we rely on your consent, which you may withdraw at any time.

How We Use Your Data

Your personal data may be used for the following business purposes:

  • Processing and delivering your orders to the correct recipients.
  • Communicating with you regarding order status, enquiries, refunds, and feedback.
  • Maintaining records for accounting, taxation, and legal requirements.
  • Improving our website functionality, services, and customer experience.
  • Sending occasional updates or promotions if you have provided your consent.

Retention Periods

We will retain your personal data only for as long as is necessary for the purposes for which it was collected, including the fulfilment of legal, accounting, and reporting obligations:

  • Order and Contact Data: Retained for up to seven years after your last order, in accordance with tax and business record-keeping requirements.
  • Payment Information: Stored only for the duration required to process your transaction and then securely deleted or anonymised.
  • Marketing Preferences: Retained until you withdraw your consent or we no longer send marketing communications.
  • Technical Data: Retained in aggregate form for analytics and website improvements, typically for a maximum of 24 months.

Processors and Data Sharing

We never sell your personal data to third parties. However, we may share your data with carefully selected external service providers ("processors") who assist us in operating our business. Examples include:

  • Payment processing companies for secure transactions.
  • Delivery services to ensure timely and accurate product delivery.
  • IT providers to maintain our website, manage bookings, or conduct analytics.
  • Legal or professional advisors where required by law or to defend our legal rights.

All third-party service providers are required to comply with GDPR obligations, maintain confidentiality, and process your data only on our instructions. We aim to ensure that these providers store and process personal data within the UK or EEA; if data must be transferred outside this area, we implement appropriate safeguards to protect your rights.

Your Data Protection Rights

You have several important rights under GDPR in relation to your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct any information you believe is inaccurate or incomplete.
  • Right to Erasure: You can request that we delete your personal data in certain circumstances (e.g., when it is no longer needed for the purpose collected).
  • Right to Restrict Processing: You may request the restriction of processing under certain conditions.
  • Right to Data Portability: You are entitled to ask for a copy of your data in a format that allows you to transfer it to another provider.
  • Right to Object: You can object to the processing of your data, particularly for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent, you can withdraw this at any time.

To exercise your rights or if you have questions about your data, please contact us using the methods described on our website or by written correspondence to our business address. We respond to all rights requests in accordance with GDPR timeframes.

Security Measures

Chessington Florist implements appropriate technical and organisational measures to safeguard your personal data from unauthorised access, alteration, disclosure, or destruction. These include secure payment gateways, access controls, staff training, encrypted data storage, and regular security assessments.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service models. The latest version will always be available upon request or on our website. We encourage customers to review it periodically.

Contact and Complaints

If you are dissatisfied with how your personal data has been handled, please inform us first, and we will do our best to resolve your concerns promptly. You are also entitled to lodge a complaint with the relevant supervisory authority for data protection in the UK if you believe your data rights have been infringed.

Scope of This Policy

This policy applies to all customers placing orders with Chessington Florist from Chessington and the surrounding districts. By placing an order with us, you acknowledge that you have read and understood this Privacy Policy and agree to the data processing activities described herein.