Florist Millbank Privacy Policy for Customers

Scope of This Privacy Policy

This Privacy Policy describes how Florist Millbank ('we', 'our', 'us') collects, uses, stores, and protects the personal data of all customers who place orders with us from Millbank and the surrounding districts. We are committed to processing your personal information responsibly and in accordance with the General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order or interact with Florist Millbank, we may collect the following types of personal data:

  • Identification Data: Your name, and if ordering for someone else, the recipient's name.
  • Contact Information: Address for delivery, billing address, and contact details such as phone number (if supplied) or postal address.
  • Order Details: Items ordered, delivery instructions, and special messages.
  • Payment Information: Payment method and transaction reference — please note we do not store your full card details after payment processing is complete.
  • Communication Data: Any correspondence you send us, including enquiries, feedback, or complaints.
  • Technical Information: For online orders, technical data like IP address, browser type, and device information may be collected through cookies and similar technologies.

Lawful Basis for Processing Your Data

Florist Millbank processes your personal data on one or more of the following lawful bases, as set out by the GDPR:

  • Performance of Contract: We need to process your personal data to fulfill your orders, manage deliveries, and provide customer service as part of our contract with you.
  • Legitimate Interests: In certain cases, we may process your data to pursue our legitimate business interests, such as improving our services, fraud prevention, or communicating relevant updates. We always ensure these interests do not override your data protection rights.
  • Legal Obligations: We may be required to retain or share personal data to comply with legal and regulatory requirements, such as tax or accounting obligations.
  • Consent: Where none of the other bases apply, for example, when sending direct marketing communications, we will ask for your explicit consent, which you may withdraw at any time.

How We Use Your Personal Data

We use the collected data solely for the purposes for which it was provided and in connection with our business relationships with you. Specifically, we use your data to:

  • Process and fulfil your flower and gift orders.
  • Arrange for deliveries within Millbank and nearby areas as instructed by you.
  • Communicate with you about your orders, delivery status, and any issues that arise.
  • Respond to your enquiries, requests, or feedback.
  • Keep financial and transaction records for audit, legal, or tax purposes.
  • Improve our services and customer experience, based on feedback and analytics.

Retention of Personal Data

Florist Millbank retains your personal data only for as long as it is necessary for the purpose for which it was collected, or as required by law. This means:

  • Order and Transaction Data: Kept for up to seven years in line with accounting and tax regulations.
  • Correspondence: Retained for up to two years after resolution for quality assurance and record purposes.
  • Marketing Data: If you have opted in, retained until you withdraw consent or request erasure.
  • Technical Data: Stored for up to one year for analytics and website operation purposes.

After these periods, your personal data is securely deleted or anonymized.

Processors and Sharing Your Data

Florist Millbank works with trusted third-party processors who help us provide our services. We only share your personal data with these providers when it is necessary and under strict conditions that ensure your privacy and data security. Typical categories of processors include:

  • Payment Processors: Securely handle your payments on our behalf.
  • Delivery Partners: Assist in delivering your orders to the correct address.
  • IT and Website Service Providers: Support our online operations and data storage solutions.

We do not sell or lease your personal data to any third parties. Should we be required to disclose your data for legal purposes, we will do so only when legally obligated.

User Rights Under the GDPR

As a data subject under the GDPR, you have considerable rights regarding your personal information held by Florist Millbank. These rights include:

  • Right of Access: Request access to your personal data held by us and receive a copy.
  • Right to Rectification: Ask us to correct inaccurate or incomplete data about you.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data where there is no valid reason for us to continue processing it.
  • Right to Restriction: Ask us to restrict the processing of your data in certain circumstances.
  • Right to Data Portability: Obtain and reuse your personal data across different services.
  • Right to Object: Object to the processing of your data based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw this at any time without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

To exercise any of your rights, please contact us through the channels described on our website or in customer correspondence. We aim to respond promptly and always within the timeframes specified by law.

Data Security

We take the protection of your personal data seriously. Florist Millbank implements a combination of organizational and technical measures designed to safeguard your data from unauthorized access, alteration, or loss. These include secure payment processing, staff training, and data minimization policies. While we take appropriate efforts to protect your information, please note that no transmission over the internet is completely secure, and you provide data at your own risk.

Policy Changes

From time to time, we may update this Privacy Policy to reflect changes in law or our data processing practices. We will notify customers of any substantial changes in policy where required to do so. The most up-to-date version will always be available on our website.

Contact for Privacy Concerns

If you have any questions about this Privacy Policy or how we process your data, please refer to the contact details provided on our website or accompanying documentation. We value your privacy and will address your concern promptly.