Cranford Flowers Data Protection & Privacy Policy

Introduction

Your privacy and the security of your personal information are of utmost importance to Cranford Flowers. This Privacy Policy outlines how we collect, use, store, and protect your data when you place orders with us in Cranford and surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring transparency regarding your rights and our obligations.

Scope of This Policy

This Privacy Policy applies to all customers who place orders for flowers, arrangements, or related services from Cranford Flowers, including residents and recipients in Cranford and the surrounding local areas. By ordering from us, you acknowledge that you have read and understood this policy and agree to the practices described within.

What Data We Collect

Cranford Flowers collects and processes several categories of personal data to fulfil your orders and provide a high-quality service. The types of data we collect include:

  • Identity Data: Your full name and, where necessary, the name of the recipient.
  • Contact Data: Address for delivery, email address (if provided), and telephone number.
  • Order Details: Information about the products you have ordered, delivery instructions, and messages for cards.
  • Payment Data: Payment transaction details; note that we do not store full card numbers or CVVs.
  • Communication Data: Your communication and correspondence with us, including feedback or complaints.

We do not collect sensitive personal data (such as health or racial information) unless you voluntarily provide it in special instructions or messages.

Lawful Basis for Data Processing

Under the GDPR, we must have a valid lawful basis to process your personal data. The lawful bases Cranford Flowers relies on include:

  • Contractual Necessity: Most of the data we process is required to fulfil our contract with you (for example, delivering your flower order).
  • Legal Obligation: Where we are required by law to retain or disclose certain data – for instance, for tax and record-keeping purposes.
  • Legitimate Interest: For managing and improving our services, ensuring security, and contacting you about your existing orders.
  • Consent: In rare cases, such as for marketing communications, we will only process your data if you have given consent. You can withdraw this consent at any time.

How We Use Your Information

Your personal data is used for the following purposes:

  • To process, confirm, and deliver your orders.
  • To get in touch with you about your order or to resolve queries.
  • To improve our services and customer experience.
  • To comply with our legal and regulatory obligations.

Your data is not shared with third parties except where necessary for order fulfilment, legal requirements, or with your explicit consent.

Retention of Data

Cranford Flowers stores your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law. Typically, we retain order and contact information for a period of up to six years to comply with statutory regulations and for accounting purposes. After the retention period, your data is securely deleted or anonymised.

Use of Data Processors

We work with trusted processors to facilitate our business operations, such as payment processing and delivery services. These processors are contractually required to protect your data, adhere to GDPR standards, and only process information in accordance with our instructions. They are not permitted to use your data for their own purposes.

We routinely monitor our processors to ensure ongoing compliance and will take appropriate action if we suspect any breach of data protection.

Your Rights under GDPR

You have several rights regarding your personal information under the GDPR:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to correct inaccurate or incomplete information.
  • Right to Erasure: In certain circumstances, you can ask us to delete your data.
  • Right to Restriction: You can request restrictions on how we process your personal data in certain situations.
  • Right to Data Portability: You may request that your data be provided in a commonly used, machine-readable format.
  • Right to Object: You have the right to object to certain processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time.

All rights requests will be responded to in accordance with GDPR requirements and local legal obligations. To exercise your rights, contact us using the details provided when placing your order, clearly stating your request. For your protection, we may need to verify your identity before processing your request.

Data Security

We take the security of your personal data very seriously. Cranford Flowers implements appropriate physical, technical, and organisational measures to protect against unauthorised access, loss, misuse, or alteration of your data. These security measures are reviewed regularly and updated in line with industry best practices.

International Transfers

Cranford Flowers does not routinely transfer customer personal data outside the United Kingdom or European Economic Area. If in future such a transfer is necessary, we will ensure that appropriate safeguards, as required by GDPR, are in place before any international data transfers occur.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law or the nature of our data processing. Any updates will be effective immediately upon publication. You are encouraged to review this policy regularly for any changes.

Contact and Complaints

If you have any questions about this Privacy Policy, or if you wish to exercise your data protection rights, please contact Cranford Flowers using the contact details provided at the time of your order. Should you feel that your rights have not been respected, you have the right to lodge a complaint with the relevant data protection authority.

This policy was last updated in June 2024.