GDPR-Compliant Privacy Policy for Catford Flowers

Introduction

This Privacy Policy explains how Catford Flowers ("we", "our", or "us") collects, uses, stores, and protects your personal data when you place orders with us from Catford and the surrounding districts. As a business committed to protecting your privacy, we are fully compliant with the UK General Data Protection Regulation (GDPR). This policy describes your rights and choices regarding your personal information. By placing an order or interacting with Catford Flowers, you agree to the practices outlined in this Policy.

Scope of This Policy

This Privacy Policy applies to all customers who order Catford Flowers products and services within Catford and the local areas we serve. It covers data collected through our website, over the phone, or in person at our shop. Other services or websites referenced by us may be governed by their own separate privacy policies.

What Data We Collect

To fulfill your orders and provide an excellent customer experience, we may collect the following types of personal data:

  • Contact Information: Your name, delivery address, billing address (if different), and contact details such as phone number.
  • Order Details: Products and services purchased, delivery date and time requests, and occasional special instructions (for example, gift messages).
  • Payment Information: Details required to process your payment (e.g., the last four digits of a card, transaction reference numbers). Full card details are processed directly by our payment processor and are not stored by Catford Flowers.
  • Communications: Records of communications with us (for example, emails, messages, or notes from telephone calls), including queries, complaints, or feedback.
  • Website Usage Information: When you visit our website, we may collect technical data such as your IP address, browser type, time zone setting, and information regarding your visit through essential cookies (see our Cookies Policy for more details).

Lawful Basis for Processing

Under the GDPR, we may only process your personal data where we have a valid legal basis. Catford Flowers processes personal data based on the following lawful grounds:

  • Contractual necessity: Most of the data we collect is necessary to enter into or perform a contract with you, such as delivering your order or managing payment.
  • Legal obligation: We may process your data to comply with UK laws governing book-keeping, taxation, or other statutory requirements.
  • Legitimate interests: We may use your details to improve our services, respond to your queries, or send you information relating to your order. Where our interests do not override your fundamental rights and freedoms, this use is lawful and justified.
  • Consent: Where you opt-in to receive marketing communications or newsletters, we process your data based on your explicit consent. You can withdraw your consent at any time.

How We Use Your Data

We collect and use your data primarily to:

  • Fulfill, process, and deliver your orders.
  • Communicate with you about your order or to respond to queries and feedback.
  • Manage payment and billing, including fraud prevention.
  • Meet legal, regulatory, and compliance obligations.
  • Improve our services and enhance your customer experience.
  • Send you marketing offers (where you have opted-in).

How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, and to satisfy any legal, regulatory, or accounting obligations. The retention period for different types of personal data varies depending on the nature of the information.

  • Order and contact information may be kept for up to seven years to comply with legal and tax record-keeping obligations.
  • Communications and feedback may be retained for up to two years from your last contact with us to monitor service quality and assist with complaints or follow-up queries.
  • Marketing data is held until you withdraw consent or unsubscribe.

After the end of retention periods, your data will be securely deleted or anonymized so that it can no longer identify you.

Our Data Processors

To provide our services efficiently, we sometimes need to share personal data with third-party service providers (data processors) who act on our behalf. These may include payment processors, delivery companies, IT service providers (such as website hosting and email platforms), and accounting professionals. All such processors are required to treat your data confidentially, process it only for the purpose agreed with us, and implement suitable security measures.

Catford Flowers does not sell your personal data or share it with third parties for their marketing. Data transfers outside the UK or EEA are only made when adequate protection is in place consistent with data protection law.

Your Rights

Under the GDPR and UK data protection law, you have several rights in relation to your personal data held by Catford Flowers:

  • Right to Access: You can request confirmation of whether we process your data and ask for a copy of it.
  • Right to Rectification: You may request correction of any inaccurate or incomplete data we hold about you.
  • Right to Erasure: In specific circumstances, you may ask us to delete your personal data, for example where it is no longer necessary for us to retain it.
  • Right to Restrict Processing: You can request the restriction or suppression of your personal data under certain conditions.
  • Right to Object: You have the right to object to our processing of your data where it is based on legitimate interests or direct marketing.
  • Right to Data Portability: Where processing is based on consent or a contract, you have the right to request transfer of your data to another service provider.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw this at any time without affecting the lawfulness of prior processing.

If you wish to exercise any of these rights, please contact us using the details provided on our official website or at our Catford Flowers shop.

Data Security

We implement appropriate technical and organisational measures to keep your data secure, including firewalls, encryption, secure payment gateways, and staff training. Access is strictly limited to those who need it to fulfill your order.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our data handling practices. The latest version will always be available on our website or in-store upon request. We encourage you to review this policy periodically.

Contact Information

If you have questions or concerns about how we handle your personal data, want to exercise your rights, or wish to make a complaint, please refer to the contact methods listed on our website or visit our Catford premises for further assistance.