Grove Park Flowers GDPR-Compliant Privacy Policy

Introduction

This Privacy Policy sets out how Grove Park Flowers ('we', 'our', 'us') collects, uses, stores, and protects your personal data when you place orders from Grove Park or surrounding districts. We are committed to safeguarding your privacy and complying with all legal obligations under the General Data Protection Regulation (GDPR).

Scope of This Policy

This policy applies to all customers who order products or services from Grove Park Flowers in Grove Park and its adjacent areas. It explains how we manage personal information related to your interactions with us, whether by phone, in person, or online.

What Data We Collect

When you make a purchase or enquiry with Grove Park Flowers, or use our services, the following categories of personal data may be collected:

  • Identity Information: Name, title, and contact details (such as address and phone number)
  • Order Details: Delivery recipient name, delivery address, order contents, and gift messages
  • Payment Data: Payment transaction information (note: credit/debit card numbers are processed securely by our payment provider and are not stored by us)
  • Communication Data: Any correspondence sent via forms, letters, or conversations relating to your orders or service inquiries
  • Technical Data (if applicable): IP addresses, website browsing activity, and device information, if you interact with our website

Lawful Basis for Processing Personal Data

We only process your personal data when allowed under GDPR. The lawful bases Grove Park Flowers relies upon typically include:

  • Contractual Necessity: Most personal data we process is required to fulfil your order and deliver services to you (e.g., name and address for delivery).
  • Legal Obligations: Some information may be collected or retained to comply with applicable legal requirements, such as financial recordkeeping.
  • Legitimate Interests: As a business, we may process your data to improve our services, ensure security, resolve disputes, and maintain customer relations, provided these interests do not override your privacy rights.
  • Consent: Where required (e.g., for sending marketing communications), we will request your explicit consent. You can withdraw your consent at any time.

How We Use Your Data

Your personal data is used to:

  • Process and deliver your flower orders
  • Contact you regarding your order or enquiry
  • Resolve issues or answer questions relating to your order
  • Comply with any applicable law and recordkeeping obligations
  • Improve our products and customer service
  • (With your consent) send relevant marketing or information about future offers

Data Retention

Grove Park Flowers only retains your personal data for as long as necessary to fulfil the purposes it was collected for, including for satisfying any legal, accounting, or reporting requirements. Typically:

  • Order records and essential contact information are kept for up to 6 years, in accordance with accounting and tax regulations.
  • Contact and delivery details provided for a single order are stored only as long as necessary to deliver the product or resolve related queries.
  • Marketing consent records are retained as long as we send you communications or until you withdraw consent.
  • In some cases, data may be anonymised (so that it can no longer be associated with you) for statistical or analytical purposes.

Data Processors and Third Parties

Some personal data may be shared with trusted third parties, or ‘data processors’, to help us deliver our services effectively. These may include payment processing services, IT support providers, and delivery companies. All such processors are required to handle your data lawfully, fairly, and securely, in compliance with GDPR, and only for the purposes specified by Grove Park Flowers.

We do not sell, trade, or publish your personal data to unauthorised third parties. Data processors are prevented from using your data for their own purposes.

Your Rights Under GDPR

As a customer, you have the following rights over your personal data:

  • Right to Access: You can request to receive a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any personal data that is inaccurate or incomplete.
  • Right to Erasure: You may request that we delete your personal data, subject to applicable law and retention requirements.
  • Right to Restrict Processing: In certain circumstances, you can ask for limited use of your data.
  • Right to Object: You may object to processing of your data, particularly for marketing purposes.
  • Right to Data Portability: You can request a machine-readable copy of your data to transfer to another provider.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw this at any time.
  • Right to Lodge a Complaint: You have a right to lodge a complaint with a supervisory authority if you believe your data has not been handled in accordance with GDPR.

Security of Your Data

We take appropriate measures to secure your data, including physical, electronic, and managerial procedures to safeguard and secure the information we collect. Access to your personal data is restricted to authorised staff and service providers who have a genuine business need to access it. All data processors engaged by Grove Park Flowers adhere to strict data security and confidentiality standards.

Changes to This Privacy Policy

This policy may be reviewed and updated occasionally to reflect changes to our data handling practices or legal obligations. When we do, the amended policy will be made available to all customers.

Contact and Further Information

If you wish to exercise your rights or have any queries about this policy, you may contact Grove Park Flowers using the methods set out on our website or in our shop. We will respond as promptly as possible, and always in accordance with GDPR requirements.