Brompton Florist Privacy Policy

Introduction

This Privacy Policy describes how Brompton Florist manages your personal data in compliance with the General Data Protection Regulation (GDPR). It applies to all customers placing orders with Brompton Florist in Brompton and the surrounding districts. Our commitment to privacy ensures your personal information is handled fairly, transparently, and securely, aligning with data protection laws.

What Data We Collect

When you interact with Brompton Florist—by browsing our shop, placing an order, making inquiries, or requesting delivery—we collect various categories of personal data. These may include:

  • Identification Data: Your name, surname, and, if relevant, the name of the gift recipient.
  • Contact Information: Delivery address, billing address, and phone number.
  • Order Details: Product selection, special instructions, delivery date, and occasion.
  • Payment Data: Payment method details (though card numbers and payment data are processed securely by payment processors and not stored by us).
  • Communications: Any customer correspondence relating to your order or inquiries.

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by GDPR:

  • Contractual Necessity: To fulfill your order, including delivery, billing, and customer service.
  • Legal Obligation: To comply with legal and regulatory requirements related to tax, accounting, and consumer rights.
  • Legitimate Interests: To ensure the efficient operation of our business, improve our service, prevent fraud, and address queries or complaints. We always assess that these interests do not override your data protection rights.
  • Consent: Where required (e.g., for direct marketing), we obtain your consent, which you can withdraw at any time.

How We Use Your Data

Your personal data is used to:

  • Process and fulfill your orders—including delivery to the correct address and communication about your order status.
  • Respond to your questions, feedback, or requests.
  • Maintain accurate records for accounting, auditing, and legal purposes.
  • Ensure the quality and security of our services.
  • Comply with applicable laws and resolve any disputes.
  • (With your explicit consent) Provide updates or promotional information about our products and services.

Data Retention

We retain your personal information only as long as necessary for the purposes for which it was collected, and to comply with legal, accounting, or reporting requirements. Typically, order-related information is held for a period of six years in accordance with UK tax law. Data processed under your consent for marketing will be retained until you withdraw your consent or request deletion. After the retention period, your data will be deleted or anonymized securely.

Data Processors

To efficiently process orders and provide services, Brompton Florist may engage third-party service providers (data processors) who process your data strictly on our instructions and in line with GDPR requirements. These may include:

  • Payment Processors: Securely handle payment transactions.
  • Delivery Partners: Arrange for the delivery of your floral orders.
  • IT and Cloud Service Providers: Manage our website, order management systems, and data storage.
  • Accountants or Professional Advisors: Where there is a legal obligation for bookkeeping or compliance.

We ensure all engaged data processors provide sufficient guarantees regarding the protection and security of your personal information, and we have contracts in place to ensure this.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You may request confirmation that we process your data and receive a copy of the personal information we hold about you.
  • Right to Rectification: You may request the correction of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you may request the deletion of your personal data (the 'right to be forgotten').
  • Right to Restrict Processing: You may ask us to restrict the processing of your personal data in specific situations.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format, or have it transferred to another data controller.
  • Right to Object: You may object to our legitimate interest processing or to receiving direct marketing.
  • Right to Withdraw Consent: If we rely on your consent to process data, you may withdraw it at any time.

To exercise these rights, please contact us using the details provided on our website or in-store.

Data Security

We implement technical and organizational measures to keep your information secure and protect it from unauthorized access, loss, or misuse. Access is restricted to only those employees, contractors, and processors who need the data to perform their tasks.

International Data Transfers

In the event your data is processed outside the UK or EEA, we ensure appropriate safeguards are in place, such as contracts with standard contractual clauses ensuring your data rights are protected.

Policy Updates

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The latest version will always be displayed in-store and on our website. We encourage you to review this policy periodically. Continued engagement with Brompton Florist constitutes acceptance of any amendments.

Contact Us

If you have any questions about this Privacy Policy or your personal data, please refer to our website for ways to get in touch, or speak to our staff in-store. We will do our best to address your concerns in a timely and respectful manner.