Flower Delivery Maidenhead GDPR Privacy Policy

Our Commitment to Your Privacy

At Flower Delivery Maidenhead, we take your privacy seriously and remain fully committed to safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you place an order with us in Maidenhead and its surrounding districts. We ensure all data processing adheres to the UK General Data Protection Regulation (UK GDPR) and all relevant data privacy laws.

Scope of This Policy

This Privacy Policy applies to all customers placing orders with Flower Delivery Maidenhead, whether you reside or send floral gifts to locations in Maidenhead, Bray, Taplow, Cookham, Holyport, and other nearby areas.

What Data We Collect

To process your orders and deliver our services efficiently, we collect the following categories of personal information:

  • Identity Data: Your full name, and, if applicable, the recipient's name.
  • Contact Data: Delivery address, billing address, postcode, and contact phone numbers (if provided for delivery updates).
  • Order Data: Details about the flowers or products you purchase, delivery preferences, and any special instructions related to your order.
  • Payment Data: Information required to process your payment, such as payment card details (handled securely by our payment processor), billing address, and transaction records.
  • Communication Data: Your correspondence with us, including enquiries, order confirmations, complaints, and requests.
  • Technical Data: If you visit our website, data may be collected via cookies or similar technologies, such as IP address, device type, and browsing patterns (if applicable).

We do not intentionally collect or process special categories of personal data (such as health data, racial or ethnic origin, or religious beliefs) unless you provide such data to fulfil a delivery instruction (e.g., allergy notifications).

Our Lawful Basis for Processing

Under GDPR, all personal data processing requires a lawful basis. Flower Delivery Maidenhead processes your data on the following bases:

  • Contract: Most personal information is processed to fulfil our agreement with you to deliver floral products, including handling payment, delivery, and any customer service correspondence.
  • Legal Obligations: We may process certain data to comply with legal or regulatory requirements, such as maintaining tax records.
  • Legitimate Interests: We may use your data to enhance our services, respond to your queries, or prevent fraud, provided these interests do not override your rights and freedoms.
  • Consent: In specific cases, such as sending marketing communications, we process your data only if you have given explicit consent. You may withdraw this consent at any time through your account preferences or by contacting us.

How We Use and Store Your Data

We use your personal data solely for purposes related to order processing, customer support, and improving our services. Your data is stored securely on our systems protected by up-to-date security measures, including encryption, access controls, and regular data protection reviews.

Your payment card details are processed securely through our authorized payment processor and are not stored on our servers after transaction completion.

Data Retention Policy

We hold your personal data only as long as necessary to fulfil the purposes outlined in this Privacy Policy and to comply with legal or accounting requirements. In most cases, customer order and contact data are retained for up to seven years, in line with legal obligations for accounting and tax records. Unnecessary or redundant data will be securely deleted or anonymised at the end of the retention period.

Data Processors and Sharing Information

To provide our services effectively, we may share your data with trusted third-party service providers ("processors"), including:

  • Payment Processors: To manage secure payment transactions.
  • Delivery Partners: For fulfilling and tracking deliveries in Maidenhead and the surrounding areas.
  • Technical Service Providers: For hosting our website and managing order processing systems.
  • Professional Advisors: Such as accountants or legal experts, as required for compliance.

All processors act only on our instructions, are subject to robust data security requirements, and may not use your data for their own purposes. We do not sell or rent your personal data to third parties.

International Transfers

On occasion, our service providers may process data outside the United Kingdom. In such cases, we ensure that we or our partners safeguard your data through data transfer agreements and relevant legal mechanisms, ensuring the same level of protection required by the UK GDPR.

Your Rights Under GDPR

You have several rights relating to your personal data held by Flower Delivery Maidenhead. These include:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: If your data is inaccurate or incomplete, you may ask for it to be corrected.
  • Right to Erasure: In certain circumstances, you can request the deletion of your personal data.
  • Right to Restrict Processing: You may request we limit how we use your data in particular situations.
  • Right to Data Portability: Where applicable, request the transfer of your data to another service provider.
  • Right to Object: You may object to the processing of your data for direct marketing or legitimate interest purposes.
  • Right to Withdraw Consent: If you have provided consent for specific processing, you may withdraw it at any time.

To make any request regarding your data rights, please contact us using the details provided on our website or your order correspondence. We will respond to your request in accordance with GDPR and typically within one month.

How We Protect Your Data

We implement strict technical and organisational measures to keep your data safe. This includes encrypting payment transactions, restricting access to data, conducting regular security assessments, and ensuring data is only accessible by authorized staff and processors.

Cookies and Tracking Technologies

If our website uses cookies or similar technologies, you will be informed upon your visit. These may collect non-personal technical data to improve your browsing experience and analyse usage patterns. You may manage cookie preferences in your browser settings. No unnecessary cookies are set without your consent.

Policy Updates

We periodically review and may update this Privacy Policy to reflect changes in regulation, our practices, or customer feedback. Updated policies will be published on our website with the effective date of change.

Contact and Complaints

If you have questions, concerns or wish to exercise any of your rights concerning your personal data, please refer to the contact options provided on our website or customer communications. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator.

Effective from: 1 June 2024