Florist Pentonville Privacy Policy

Scope and Purpose of this Privacy Policy

This Privacy Policy outlines how Florist Pentonville collects, uses, stores, and protects the personal data of our customers. It describes your rights under the General Data Protection Regulation (GDPR) and demonstrates our commitment to transparency. This policy applies to anyone placing orders with Florist Pentonville from Pentonville and surrounding districts.

What Data We Collect

Florist Pentonville collects and processes a range of personal data required to fulfill your order and provide a seamless customer experience. The types of personal data we may collect include:

  • Identity Data: Full name, billing and delivery addresses
  • Contact Data: Telephone number (where provided), and any correspondence with us regarding orders
  • Order Information: Details of products and services ordered, order history, delivery instructions, and recipient's name and address (if different from the customer)
  • Payment Information: Payment confirmations and billing information, although complete payment card details are processed securely by our payment processors and are not stored by Florist Pentonville
  • Usage Data: How you use our website, including order processes and frequency of interactions

We do not intentionally collect or process sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, or health information), except where such information is voluntarily provided in the context of specific order requests (e.g., allergy instructions).

Lawful Basis for Processing Personal Data

Under GDPR, we must identify a lawful basis for every instance of personal data processing. Florist Pentonville predominantly relies on the following lawful bases:

  • Contractual Necessity: Processing your personal data is required to take steps at your request prior to entering into a contract and to fulfill orders placed with us, including processing payments and delivering products.
  • Legal Obligations: We may process and retain certain information, such as transaction records, where required to comply with applicable local and national legal obligations.
  • Legitimate Interests: In some cases, we process data to pursue our legitimate interests as a business (for example, to improve our services, prevent fraud, or manage business operations), where such interests are not overridden by your rights and freedoms.
  • Consent: Where legally required, we will ask for your explicit consent (for example, when sending non-operational marketing communications or collecting optional feedback).

Data Retention Policy

Florist Pentonville retains personal data only as long as necessary to fulfill the purposes for which it was collected and to meet our legal obligations. Specifically:

  • Your order details and contact information will be retained for up to six years to comply with tax, accounting, and contractual record-keeping requirements.
  • Data collected solely for customer service or inquiry purposes is retained for up to two years following the last contact, unless you request erasure.
  • If you have consented to receive marketing communications, we will retain your contact data for as long as your consent remains valid, and you may withdraw it at any time.
  • Upon expiry of relevant timeframes, your personal data will be securely deleted or anonymized, unless legal or regulatory requirements extend the retention period.

Processors and Data Sharing

To process your orders and deliver services efficiently, Florist Pentonville works with trusted third parties, known as data processors. These typically include:

  • Payment Processors: Secure, PCI-compliant third-party services that handle card and electronic payment transactions. Payment details are transmitted securely and not stored by Florist Pentonville.
  • Delivery Partners: Local courier and transportation companies responsible for delivering your order to your chosen address.
  • IT and System Providers: Technology services for website operation, email processing, and secure data storage systems.

All data processors contracted by Florist Pentonville are required to protect your information in compliance with GDPR, process it only under our instructions, and never use it for their own purposes. We do not sell or rent customer personal data to unrelated third parties.

Personal data may also be disclosed where required by law or to protect our rights and property, or the safety of our customers and others.

Your Rights Under GDPR

As a data subject under GDPR, you have several important rights regarding your personal data, including:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Have any inaccurate or incomplete data corrected.
  • Right to Erasure: Request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: Request restriction of processing where you contest the accuracy or lawfulness of processing.
  • Right to Data Portability: Receive your data in a commonly used, machine-readable format and transfer it to another controller.
  • Right to Object: Object to processing based on legitimate interests or direct marketing at any time.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw this consent at any time without affecting the lawfulness of prior processing.

You may exercise these rights or make inquiries about how your data is used by contacting us through the details provided on our website, or in writing. For your protection, we may need to verify your identity before responding to your request.

If you believe your data protection rights have been violated, you also have the right to lodge a complaint with the supervisory authority responsible for data protection in your country or region.

Data Security

Florist Pentonville implements a range of organizational and technical measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. These measures include secure servers, encryption technologies, restricted access to information, and staff training regarding data privacy responsibilities.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Where changes are significant, we will take reasonable steps to inform you in advance by appropriate means. We encourage you to review this policy periodically to understand how your personal data is being protected and used.

Contact and Further Information

For additional details about this Privacy Policy, to exercise any of your data rights, or to make an inquiry, please contact us through the methods provided on our website. We are committed to addressing your request promptly and transparently.