Name: COLOURFUL DELIGHT
Brand: Flowers by Patricia
Price: 65.00 GBP
Availability: InStock

Flowers by Patricia Privacy Policy

Privacy Policy for Flowers by Patricia

This Privacy Policy explains how Flowers by Patricia collects, uses, stores and protects your personal data when you place an order or otherwise interact with us as a customer. It applies to all customers placing Flowers by Patricia orders from Patricia and the surrounding districts, whether orders are made in person, by telephone, online, or through any other ordering method we provide.

We are committed to processing your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This policy explains the categories of information we collect, the purposes and lawful bases for processing, how long we keep your data, who we share it with, and the rights you have regarding your personal data.

Personal Data We Collect

We may collect and process the following categories of personal data about you when you place an order or contact us:

1. Identification and contact details: This can include your name, postal address, delivery address, and any additional contact details you choose to provide, such as a contact method for order updates.

2. Order and transaction details: Information related to your order such as products selected, messages for floral cards, delivery instructions, order date and time, payment status, and transaction history.

3. Recipient details: Where flowers are delivered to another person, we may collect the recipient’s name, delivery address, and any information necessary to complete the delivery, such as access instructions.

4. Communication records: Records of communications you have with us, for example order confirmations, notes from telephone conversations, and any correspondence relating to queries, complaints or feedback.

5. Technical and usage data: If you place orders or interact with us through online channels, we may collect limited technical data such as browser type, device type, and basic usage data required to operate and secure our online services. We do not intentionally collect more data than is necessary for these purposes.

We do not intentionally collect special categories of personal data (such as health information or information about your beliefs) unless you provide such information voluntarily in your instructions to us. We ask that you only provide information that is necessary for us to fulfil your order.

Purposes and Lawful Bases for Processing

We process your personal data only when we have a lawful basis under the GDPR. The main purposes and lawful bases are:

1. To process and fulfil your orders: We use your identification, contact, and order details to confirm and deliver your orders, manage payments, handle substitutions, and provide customer support. The lawful basis for this processing is that it is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.

2. To manage our customer relationship: We may use your data to handle queries, complaints, refunds, and to keep a record of your transactions. The lawful basis is our legitimate interest in managing our business and providing good customer service, and, where relevant, performance of a contract.

3. To communicate with you about orders and service updates: We may contact you regarding order status, delivery arrangements, operational notices, or important changes to our terms or policies. The lawful basis is performance of a contract and our legitimate interests in ensuring the smooth delivery of our services.

4. To keep appropriate business and financial records: We retain transaction and invoice information for accounting, tax, and legal compliance purposes. The lawful basis is compliance with legal obligations and our legitimate interests in maintaining accurate records.

5. To improve and protect our services: We may use limited technical and usage data to help operate, maintain and secure our ordering systems, to troubleshoot issues, and to analyse service performance. The lawful basis is our legitimate interests in operating a reliable and secure business.

Where we rely on legitimate interests, we have considered your interests and rights and have concluded that our processing does not unduly infringe your privacy. You have the right to object to processing based on legitimate interests, as set out below.

Data Retention

We keep your personal data only for as long as is necessary for the purposes for which it was collected, and to meet our legal and regulatory obligations.

1. Order and customer records: We typically retain order details, invoices, and related customer information for a period that is consistent with applicable legal and tax requirements. After this period, data is securely deleted or anonymised.

2. Communication records: Messages and correspondence relating to your orders or queries are retained for a reasonable period to allow us to respond, resolve any issues, and maintain a record of our interactions, after which they are securely deleted or anonymised.

3. Technical and usage data: Technical logs and similar data are kept only for as long as is needed to ensure the security and proper functioning of our systems, and are then deleted or aggregated.

The exact retention periods may vary depending on the type of data and legal requirements. When personal data is no longer needed, we will take appropriate steps to ensure it is securely disposed of or irreversibly anonymised.

Data Processors and Sharing of Personal Data

We do not sell your personal data. However, in order to provide our services and run our business, we may share your personal data with certain third parties acting as data processors or, in some cases, as separate controllers.

1. Payment and financial service providers: When you make a payment, your payment-related data may be processed by external payment processors or financial institutions. These organisations process your data only to the extent necessary to complete the transaction and meet their own legal obligations.

2. IT and system providers: We may use third-party providers for order management, customer records, secure data storage, or communication tools. These providers act as data processors and process personal data only according to our documented instructions and under appropriate confidentiality and security commitments.

3. Professional advisers and legal authorities: We may share personal data with professional advisers (for example, accountants or legal advisers) and with regulatory or law enforcement authorities where this is necessary to comply with legal obligations, to protect our rights, or to respond to lawful requests.

We require all processors to implement appropriate technical and organisational measures to protect personal data and to process it only for the purposes specified by us. Where data is shared with independent controllers, each party is responsible for complying with data protection laws for its own processing activities.

International Transfers

Our primary focus is to keep customer data within jurisdictions that offer an adequate level of data protection. If we ever need to transfer personal data outside the European Economic Area or the United Kingdom as part of using a particular service provider, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, in accordance with applicable data protection laws.

Security of Your Personal Data

We take reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures may include access controls, secure storage, and procedures designed to maintain the confidentiality and integrity of your information.

While no system can be guaranteed as completely secure, we continuously review and improve our security measures, taking into account the nature of the data we process and the risks associated with its processing.

Your Data Protection Rights

Under the GDPR and other applicable data protection laws, you have certain rights in relation to your personal data. These rights include:

1. Right of access: You have the right to request confirmation as to whether we are processing your personal data and, if so, to receive a copy of that data together with certain information about how we use it.

2. Right to rectification: You have the right to request correction of personal data that is inaccurate or incomplete.

3. Right to erasure: In certain circumstances, you have the right to request that we delete your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (if consent was the lawful basis).

4. Right to restrict processing: You may request that we restrict the processing of your personal data in certain situations, such as while we are verifying the accuracy of the data or handling an objection.

5. Right to object: You have the right to object to processing based on our legitimate interests, on grounds relating to your particular situation. We will stop such processing unless we have compelling legitimate grounds which override your interests, rights, and freedoms, or where the processing is needed for legal claims.

6. Right to data portability: Where processing is based on your consent or on a contract and carried out by automated means, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

To exercise any of these rights, you can contact us using the contact details we provide on our customer communications or at our business premises. We may need to verify your identity before responding to your request. We aim to respond within the time limits set out by data protection law.

You also have the right to lodge a complaint with your local data protection authority if you believe that your data protection rights have been infringed. We encourage you to contact us first so that we can try to resolve any concerns.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, in data protection laws, or in our internal practices. When we make significant changes, we will take appropriate steps to bring them to your attention, for example by updating the date of the policy and making the updated version available where you place orders with us.

We encourage you to review this Privacy Policy periodically so that you remain informed about how we process your personal data as a Flowers by Patricia customer in Patricia and the surrounding districts.