Flowers Norbiton Privacy Policy

About This Privacy Policy

This Privacy Policy explains how Flowers Norbiton collects, uses, stores, and protects your personal data when you place orders with us from Norbiton and the surrounding districts. Protecting your privacy and ensuring data transparency is an integral part of our commitment to you. This policy complies with the General Data Protection Regulation (GDPR) and applies to all our customers in the areas we serve.

What Data We Collect

To provide our services, we may collect the following categories of personal information:

  • Contact Information: such as your full name, billing address, delivery address, and occasionally your telephone number for delivery coordination.
  • Order Details: including purchase history, product selections, order notes, and recipient information if flowers are being delivered to someone other than yourself.
  • Payment Information: We process your payment through secure payment processors and may collect payment status (e.g., whether your order is paid), but we do not retain your complete card or account details on our systems.
  • Communication Records: including correspondence and queries you may have with us via forms or customer service.
  • Technical Data: including IP addresses, browser types, and device information gathered in aggregate for website analytics and site security.

How We Collect Your Data

Data is collected directly from you when you place an order, make an inquiry, or communicate with us. Some technical data may be collected automatically through your interaction with our website via cookies or similar technologies strictly necessary for the proper functioning of our service.

Lawful Basis for Processing

Under GDPR, we will only use your personal data where legally permitted to do so. The main grounds upon which we process your data are:

  • Contractual necessity: To fulfill our service agreement by processing, confirming, and delivering your order.
  • Legitimate interest: For improving our service, managing customer relationships, and preventing fraud—provided these interests are not overridden by your rights.
  • Legal obligation: For compliance with bookkeeping, tax, or regulatory requirements as required by law.
  • Consent: Where required by law, for example, in sending you direct marketing communications (which you may opt out of at any time).

How Your Data is Used

We use your personal data exclusively to:

  • Process, confirm, and deliver your orders
  • Contact you regarding your order or respond to your inquiries
  • Manage and improve our services and customer experience
  • Comply with applicable legal and tax obligations
  • Send you updates or relevant information (if you agree)

Data Retention

We will retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Order and invoicing data is typically kept for up to seven years in accordance with tax and accounting laws. Correspondence and other personal data relating exclusively to customer service queries are retained for up to two years following the resolution of the inquiry unless a longer period is required by law.

Processors and Data Sharing

We may engage trusted third-party processors to provide necessary business functions, such as payment processing, delivery logistics, and IT support. All such partners are contractually required to process your data exclusively under our instructions, maintain strict confidentiality, and uphold appropriate security measures in line with GDPR requirements. We do not sell or rent your personal information to third parties. Your data will not be transferred outside the United Kingdom or European Economic Area unless such transfer is justified, lawful, and suitably protected.

User Rights and Your Choices

As a customer in Norbiton and neighbouring districts, you have the following rights regarding your data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can request corrections to any inaccurate or incomplete information.
  • Right to Erasure: Under certain circumstances, you can request deletion of your data.
  • Right to Restrict Processing: You may ask us to temporarily suspend the processing of your data.
  • Right to Object: You have the right to object to certain processing (e.g., direct marketing).
  • Right to Data Portability: Where applicable, you can request a copy of your data in a structured, machine-readable format.
  • Right to Withdraw Consent: If processing is based on consent, you may withdraw this at any time.
  • Right to Complain: You can raise a complaint with the relevant data protection authority should you feel your data has been misused.

How We Protect Your Data

We implement appropriate technical and organisational measures to secure your personal information against unauthorised access, alteration, disclosure, or destruction. This includes secure servers, restricted access, regular reviews of data management practices, and training staff in data protection principles.

Policy Updates

This policy may be updated from time to time. Any substantial changes will be highlighted at the top of this page, and the latest version will always be available to you before placing an order.

Contact and Questions

If you have questions or requests concerning your data or wish to exercise your data rights as described above, please contact us using our standard communication channels for privacy matters. We will endeavour to respond promptly to all requests and uphold your rights in accordance with applicable regulations.