Flowers Crawley Privacy Policy

Introduction

This Privacy Policy sets out how Flowers Crawley processes personal data for all customers placing orders from Crawley and its surrounding districts. The policy ensures our data handling practices are compliant with the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. By placing an order with Flowers Crawley, you acknowledge and accept the practices described within this policy.

Who We Are

Flowers Crawley operates as the data controller for the personal data you provide when purchasing flowers and related services. As the data controller, we decide how and why your information is processed and work diligently to keep your data safe and secure.

What Data We Collect

When you interact with Flowers Crawley, including placing orders or making enquiries, we collect the following types of personal data:

• Identification Information: Your name and, where relevant, the recipient’s name.
• Contact Details: Delivery address, billing address, and contact information such as telephone number (where provided).
• Order Details: Purchase history, flower preferences, delivery instructions, and any messages for recipients.
• Payment Information: Transaction details, excluding full payment card details which are securely processed by third-party payment processors (see “Processors”).
• Communication Data: Any emails or messages you send to us relating to orders, feedback, or customer service queries.

We do not seek to collect special category data such as data revealing racial or ethnic origin, political opinions, religious beliefs, health information, or data relating to children unless necessary for the purpose of fulfilling your order and with appropriate safeguards.

Lawful Basis for Processing Personal Data

We process your personal data only when we have a lawful basis under the UK GDPR:

• Contractual Necessity: The main reason we process your data is to fulfil the contract when you place an order (e.g., arranging for delivery of your flowers and communicating about your purchase).
• Legal Compliance: In some cases, we may need to process your data to comply with legal obligations such as tax and accounting requirements.
• Legitimate Interests: We may process your data for our legitimate business interests, for example, to prevent fraud, improve our services, or respond to customer queries, provided these interests do not override your fundamental rights and freedoms.
• Consent: Where required by law, such as for direct marketing or use of certain cookies, we will ask for your consent, which you can withdraw at any time.

How We Use Your Information

Your data is used exclusively for the following purposes:

• To manage and fulfil your orders, including confirming order details and arranging delivery
• To contact you regarding your order, including confirming or updating you on delivery status
• To handle customer enquiries, complaints, or feedback
• To comply with legal and regulatory obligations
• For internal record-keeping and auditing purposes
• With your permission, to send you marketing information about our products or services

Data Processors and Third Parties

We may share your personal data with trusted third-party processors who facilitate our services. Such processors are strictly required to process data according to our instructions and data protection law. These may include:

• Payment Providers: Securely process your payments and handle transaction information to complete purchases. We do not store your full payment card details; these remain with the payment processor.
• Delivery Couriers: Provide logistics for delivering flower orders to requested addresses in Crawley and surrounding districts.
• IT Service Providers: Maintain and support our ordering platform and communication systems, always under strict security and confidentiality agreements.
• Professional Advisors: Such as accountants or legal professionals, solely to the extent required for compliance or auditing purposes.

Your data is not sold or provided to third parties for marketing purposes, and will not be transferred to countries outside the United Kingdom or the EEA except where adequate protections are in place as required by GDPR.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the fulfilment of orders, ongoing customer service, legal or regulatory obligations, and resolving disputes. Regular data reviews are conducted, and information that is no longer required is securely deleted or anonymised. In most cases, order and transaction records are retained for six years in alignment with UK tax and accounting requirements. If you have provided consent for marketing, your contact details will be kept for marketing purposes until you opt-out or withdraw consent.

Security of Your Personal Data

We implement robust technical and organisational measures to protect your personal information from unauthorised access, use, alteration, or disclosure. This includes secure order processing, encryption where necessary, limited access controls, and regular employee training. While we strive to protect your personal data, we cannot guarantee its absolute security and encourage customers to take precautions such as not sharing sensitive information unnecessarily.

Your Rights Under GDPR

Under data protection law, you have rights regarding your personal data. You can:

• Access the personal information we hold about you
• Request Correction (rectification) of inaccurate or incomplete data
• Request Erasure ("right to be forgotten") in certain circumstances
• Object to processing, particularly direct marketing
• Request Restriction of processing in certain situations
• Request Data Portability of your personal data to another supplier
• Withdraw Consent at any time where processing is based on consent

If you wish to exercise any of your rights, please contact us using the details provided on our website. We will respond to all requests in accordance with legal requirements and within one month, subject to possible extensions for complex cases.

Changes to This Policy

Flowers Crawley may occasionally update this Privacy Policy to ensure compliance with latest data protection laws or to reflect changes to how we manage your personal data. Please check this policy regularly for updates, which take effect when posted on our website. Material changes will be highlighted, where appropriate, to ensure you are fully informed.

Contact and Complaints

If you have any questions about this Privacy Policy, our data handling practices, or if you wish to make a complaint, please refer to the contact information on our website. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with how your data is managed.