Florist Primrose Hill Privacy Policy

About This Privacy Policy

This Privacy Policy explains how Florist Primrose Hill collects, processes, shares, and protects your personal data when you order floral products and related services from us. This policy applies to all customers placing orders from Primrose Hill and the surrounding districts. Florist Primrose Hill is committed to safeguarding your privacy in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

What Personal Data Do We Collect?

When you place an order or interact with Florist Primrose Hill, we may collect the following categories of personal data:

  • Identity Data: Name and, if relevant, the name of the order recipient.
  • Contact Data: Address, delivery address, postcode, and, if provided, an email address.
  • Order Information: Details of products and services ordered, order notes, messages, and any instructions provided.
  • Payment Data: Method of payment and transaction identifiers. (Please note: We do not store full payment card details.)
  • Device and Usage Data: When you use our website, we may collect data including IP address, browser type, dates/times of access, and referring website addresses.

We only collect data necessary for the fulfillment of your order and to improve our services.

Lawful Basis for Processing Your Data

Florist Primrose Hill processes your personal data on the following lawful bases under the UK GDPR:

  • Contractual Necessity: To fulfill and deliver your order, communicate order updates, and respond to your enquiries.
  • Legal Obligation: To comply with applicable legal requirements (such as tax or accounting regulations).
  • Legitimate Interests: To improve our products/services, prevent fraud, and ensure the security of our systems.
  • Consent: Where we seek your express consent for activities such as direct marketing. You may withdraw consent at any time.

How We Use Your Personal Data

We will use your personal data only for the purposes for which it was collected. These purposes include:

  • Processing and fulfilling flower and product orders
  • Arranging and confirming delivery logistics
  • Communicating with you regarding orders, queries, or requests
  • Facilitating payments and managing refunds or returns
  • Maintaining business records and complying with legal obligations
  • Improving our website and services, and evaluating customer satisfaction (aggregated and anonymised)

Data Retention

Florist Primrose Hill will not keep your personal data longer than necessary. Typically, we retain:

  • Order-related data for up to 7 years, in line with legal obligations for business records.
  • Marketing communications preferences until you withdraw consent or unsubscribe.
  • Website usage logs for a maximum of 12 months, unless a longer retention is justified by security or legal needs.

When data is no longer required, we securely delete or anonymise it.

Data Processors and Third Parties

Your personal data may be shared with trusted third parties (data processors) who assist us in providing our services, including:

  • Payment service providers for processing payments
  • Delivery and logistics partners for arranging and delivering products
  • IT service providers, such as providers of website hosting or security systems
  • Professional advisers (such as accountants) to meet legal obligations

All data processors are contractually required to safeguard your data in accordance with this Privacy Policy and data protection laws. We do not sell your personal data to third parties.

Your Rights Under UK GDPR

You have several rights under UK data protection law. These include the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request corrections to any inaccurate or incomplete data.
  • Erasure: Request the deletion of your data when it is no longer required, subject to legal obligations.
  • Restriction: Limit how your personal data is processed under certain circumstances.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Data Portability: Receive your personal data in a structured, machine-readable format in certain situations.
  • Withdraw Consent: Withdraw your consent for processing at any time, where consent is relied upon.
  • Complain: Lodge a complaint with the relevant supervisory authority if you believe we have not complied with data protection laws.

Data Security

We take appropriate security measures to protect your personal data from accidental loss, misuse, unauthorised access, disclosure, alteration, or destruction. These include secure servers, encryption, access controls, and staff data protection training.

International Data Transfers

Your personal data is processed and stored within the UK and European Economic Area unless necessary for the provision of certain delivery or IT services. Where personal data is transferred outside these areas, we ensure adequate safeguards as required by the UK GDPR.

Updates to This Privacy Policy

We may update this policy from time to time. Any significant changes will be highlighted in-store or on our website. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

Contacting Florist Primrose Hill

If you have questions or wish to exercise your data rights, please contact us using the website’s dedicated contact form or by visiting our premises. We are committed to responding promptly to all privacy-related enquiries.