Brent Cross Flowers Privacy Policy

Introduction

At Brent Cross Flowers, we are committed to safeguarding and respecting your privacy. This Privacy Policy outlines how we collect, use, retain, and share your personal information, and informs you of your rights under the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Brent Cross Flowers from Brent Cross and surrounding districts.

What Personal Data We Collect

We collect a range of personal data to fulfil your order and provide our services effectively. The types of personal data we may collect include:

• Identity Information: Full name, title.
• Contact Information: Delivery address, billing address, contact phone number.
• Order Details: Details of the floral products ordered, delivery instructions, recipient name and address (if different from customer).
• Payment Information: Payment transaction details. (Note: Payment details are processed securely via third-party payment processors; Brent Cross Flowers does not store your card details.)
• Communication Data: Any correspondence you send us (e.g., queries, feedback, complaints).

The Lawful Bases for Processing Your Data

Under GDPR, we must have a legitimate reason to collect and use your personal data. We process your data on the following bases:

• Contractual Necessity: Most data we collect is necessary to fulfil the contract with you (e.g., taking orders, arranging deliveries, handling payments).
• Legal Obligations: We may process your data to comply with applicable legal and financial record-keeping requirements.
• Legitimate Interests: We use your data to improve our services, manage risk, and respond to your queries, where these interests are not overridden by your rights.
• Consent: In cases where we are not relying on contractual or legal grounds, we will ask for your explicit consent (e.g., for direct marketing). You may withdraw consent at any time.

How We Use Your Personal Data

Your personal data is used to:

• Process and deliver your flower orders to the correct address and recipient.
• Communicate with you about your order, delivery updates, and customer support matters.
• Manage payments and refunds securely using trusted payment processors.
• Address any service issues or feedback you provide.
• Comply with legal, regulatory, and accounting obligations.

We do not use your personal data for any automated decision-making or profiling.

Personal Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes it was collected for, including satisfying any legal, accounting, or reporting requirements. Typically, order and payment data are retained for up to seven years to comply with financial and tax regulations. Other correspondence or support-related information is kept for as long as needed to resolve your issue or enquiry, then deleted securely.

Use of Data Processors

We work with carefully selected third-party service providers who perform functions on our behalf. These processors may include:

• Payment processors: To manage secure financial transactions and prevent fraud. Your card details are handled directly by these providers and not stored by Brent Cross Flowers.
• Delivery partners: To fulfil and deliver your flower orders in Brent Cross and surrounding districts.
• IT and system support providers: To ensure the security and functionality of our order and customer management systems.

We ensure all processors comply with GDPR obligations and only process your data on our instructions. They are not permitted to use your data for any other purpose and are required to maintain its confidentiality and security.

How We Protect Your Data

We implement appropriate physical, technical, and organisational measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. Access to your data is limited to those employees and third parties who need it to perform their roles and are subject to confidentiality obligations.

User Rights

Under GDPR, you have several rights concerning your personal data:

• Right to Access: You may request details of the personal data we hold about you and receive a copy.
• Right to Rectification: You may request corrections to any inaccurate or incomplete data we hold about you.
• Right to Erasure: You may request deletion of your personal data where there is no good reason for us to retain it, subject to legal retention requirements.
• Right to Restrict Processing: You can ask us to limit how your data is processed under certain circumstances.
• Right to Data Portability: You may request your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit it to another controller.
• Right to Object: You can object to processing where we rely on legitimate interests as the basis, or to direct marketing communications.

To exercise any of these rights, please contact us with your request. We may need to verify your identity before processing certain requests to ensure your data security.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in the way we process your personal data or changes in law. Any significant updates will be noted in this document. We encourage customers to review this policy regularly.

Contact and Complaints

If you have any questions or concerns about how we handle your personal data, or if you wish to lodge a complaint about our data handling practices, please contact us directly. If you feel your data protection rights have not been addressed, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.