Abbey Wood Florist Privacy Policy

Privacy Policy Overview

This Privacy Policy explains how Abbey Wood Florist collects, uses, stores and protects your personal data when you place an order with us or otherwise interact with our services. It applies to all customers placing Abbey Wood Florist orders from Abbey Wood and surrounding districts, whether you order in person, by phone, or through online ordering platforms that we use.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR) where applicable, and relevant UK data protection laws. This Policy also describes your rights in relation to your personal data and how you can exercise them.

What Personal Data We Collect

We collect and process different types of personal data depending on how you interact with us. The categories of personal data we may collect include:

Customer and Recipient Identification Data – Name, title, and where relevant company or organisation name.

Contact and Delivery Details – Billing address, delivery address, postcode, and general area within Abbey Wood and surrounding districts; where provided, we also collect contact details such as email address or other messaging identifiers, but we do not require you to provide more than is necessary to fulfil your order.

Order and Transaction Data – Details of floral arrangements and related products ordered, card messages, special instructions, delivery date and time slot, order value, currency, order reference numbers, and summaries of your communication with us about the order.

Payment-Related Data – We may receive payment confirmation details and partial card details from payment processors (for example, the last four digits of a card number or a transaction reference). Full payment card details are handled directly by secure payment processors and are not stored by Abbey Wood Florist.

Preference and Communication Data – Your preferences about flowers, occasions, and communication channels, along with records of when you consent to or opt out of marketing communications.

Technical and Usage Data – When you place orders through online platforms, basic technical information such as device type, approximate location, and usage logs may be collected by those platforms and shared with us in a limited form to help manage your order and improve our services.

How and Why We Use Personal Data

We only use your personal data in line with data protection laws. The main purposes for which we process your personal data are:

To process and fulfil your orders – This includes confirming your order, preparing the floral arrangements, delivering to the recipient in Abbey Wood and surrounding districts, and keeping you informed about the status of your order.

To manage customer relationships – We use your data to respond to your queries, handle complaints, and provide after-sales support, including issues relating to delivery or product quality.

To manage payments and prevent fraud – We work with payment processors to take payments securely, process refunds where necessary, and help prevent fraudulent transactions.

To improve our products and services – We may analyse order patterns, preferences and feedback to improve our flower ranges, delivery processes, and customer experience, ensuring that our services remain relevant to customers in Abbey Wood and surrounding districts.

For marketing and promotions – Where permitted, we may use your contact details to inform you about offers, seasonal products, and services that may interest you. We will only send direct marketing communications where we have a lawful basis to do so, and you can opt out at any time.

To comply with legal obligations – We may need to process and retain certain data to meet tax, accounting, and other regulatory requirements, and to respond to lawful requests from public authorities.

Lawful Bases for Processing

Under the GDPR, we rely on several lawful bases for processing your personal data:

Contract – Processing is necessary to enter into and fulfil the contract when you place an order with Abbey Wood Florist, including delivery to the specified recipient in Abbey Wood and surrounding districts, handling payments, and providing customer service.

Legal obligation – Certain data must be processed to comply with legal and regulatory obligations, such as maintaining records for tax and accounting purposes.

Legitimate interests – We may process your data when it is necessary for our legitimate business interests, provided these are not overridden by your rights and interests. Examples include improving our products and services, managing our business operations, and preventing fraud.

Consent – We rely on your consent for activities such as sending certain types of marketing communications or, where required, storing specific preferences. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Data Sharing and Processors

We do not sell your personal data. We may share your data with carefully selected third parties who act as data processors on our behalf or as independent controllers where appropriate.

Payment processors – We use third-party payment providers to process card and electronic payments securely. These providers receive payment details directly from you and share with us only the information needed to confirm and reconcile transactions.

Delivery and logistics services – Where necessary, we may share relevant delivery information (such as recipient name and address in Abbey Wood and surrounding districts, and delivery instructions) with couriers or delivery partners to ensure your order reaches its destination.

IT and systems providers – We use providers for order management, customer relationship management, and secure data storage. These providers may process personal data solely to support our operations and are bound by contractual obligations to protect your data.

Professional and legal advisers – In limited circumstances we may share data with legal or professional advisers where needed to protect our rights, handle disputes, or comply with legal obligations.

Whenever we use data processors, we ensure that appropriate contracts and safeguards are in place so that your personal data is handled securely and in accordance with this Privacy Policy.

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Order and transaction records – Typically retained for a period required by tax and accounting laws, which will generally be up to several years from the end of the financial year in which the transaction occurred.

Customer service records – Retained for as long as needed to resolve queries or complaints and to demonstrate how we handled them, usually for a limited period following the last interaction.

Marketing data – Stored until you withdraw consent or object to receiving marketing communications, or until we determine that the data is no longer accurate or relevant.

When we no longer need your personal data, we will securely delete or anonymise it so that it can no longer be associated with you.

International Transfers

Most of the personal data we process is stored and handled within the United Kingdom or the European Economic Area. If we ever need to transfer your personal data outside these regions, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms approved under data protection laws, so that your data remains protected to GDPR standards.

How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data against unlawful or unauthorised processing, accidental loss, destruction, or damage. These measures include access controls, secure storage, and carefully selected processors that meet required security standards. While no system can guarantee absolute security, we continually review and update our practices to keep your data as safe as reasonably possible.

Your Data Protection Rights

You have a number of rights under data protection laws in relation to your personal data. These rights apply to all customers placing Abbey Wood Florist orders from Abbey Wood and surrounding districts where the GDPR or similar laws apply.

Right of access – You can ask for a copy of the personal data we hold about you, together with information about how we use it.

Right to rectification – You can request that we correct inaccurate or incomplete personal data concerning you.

Right to erasure – In certain circumstances, you can ask us to delete your personal data, for example where it is no longer needed for the purposes for which it was collected or where you have withdrawn consent.

Right to restriction of processing – You can ask us to restrict the processing of your data in specific situations, such as while we verify its accuracy or assess an objection you have raised.

Right to object – You can object to processing based on our legitimate interests, including profiling, and we will stop processing unless we have compelling legitimate grounds that override your interests or we need to continue for legal reasons. You always have the right to object to direct marketing.

Right to data portability – Where processing is based on consent or contract and carried out by automated means, you can request that we provide your personal data in a commonly used, machine-readable format or transfer it to another controller where technically feasible.

Right to withdraw consent – If we rely on your consent for certain processing, you may withdraw it at any time. This will not affect the lawfulness of processing that took place before withdrawal.

If you wish to exercise any of these rights, we may need to verify your identity before responding to your request. Once verified, we will respond within the time limits set out in relevant data protection laws.

Complaints and How to Contact Us

If you have concerns about how we handle your personal data, you can contact us using the details provided on our official customer communications or on your order confirmation documents. We will do our best to resolve your concerns promptly and fairly.

You also have the right to lodge a complaint with the relevant data protection supervisory authority in your country of residence or work, or where you believe a breach of data protection law has occurred. In the United Kingdom, the supervisory authority is the Information Commissioner's Office.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer in Abbey Wood and surrounding districts. When we make significant changes, we will take appropriate steps to make you aware, such as highlighting the changes in-store or within ordering platforms. The date of the latest revision will be indicated clearly, and we encourage you to review this Policy periodically to stay informed about how we protect your personal data.