Flower Delivery Tunbridge Wells – Customer Privacy Policy

Introduction

This Privacy Policy sets out how Flower Delivery Tunbridge Wells (“we”, “us”, “our”) collects, uses, stores, and protects the personal data of all customers who place orders with us from Tunbridge Wells and the surrounding districts. We are committed to ensuring that your privacy is protected in line with UK General Data Protection Regulation (“GDPR”) as well as the Data Protection Act 2018.

Scope of This Policy

This Privacy Policy applies to all flower order transactions undertaken by customers of Flower Delivery Tunbridge Wells, including orders placed via our website, by telephone, or in person, from Tunbridge Wells and surrounding areas. It explains how we manage and secure your data throughout your ordering experience with us.

What Data We Collect

When you place an order or interact with our services, we may collect and process the following personal data:

  • Identification Data: Name and title
  • Contact Data: Billing and delivery address, email address, and phone number (if provided)
  • Order Details: Information about your flower delivery purchase (types of flowers, notes, special instructions)
  • Recipient Information: Name, address, and contact information for individuals receiving a delivery
  • Payment Information: Payment card details or online payment confirmation
  • Technical Data: IP address, device type, browser type, operating system, and other technical information if ordering online
  • Correspondence: Records of your communications with us, including queries and feedback

Lawful Basis for Processing Your Data

Under the GDPR, we must have a valid lawful basis for each type of personal data processing. For our flower delivery and related customer service, we rely on the following lawful bases:

  • Contractual Necessity: Most data is processed to fulfil your flower delivery order or to take steps at your request prior to entering a contract (Article 6(1)(b) GDPR).
  • Legal Obligations: Retaining certain data for legal or tax purposes (Article 6(1)(c) GDPR).
  • Legitimate Interests: For customer service, quality assurance, internal record keeping, fraud prevention, and business analytics (Article 6(1)(f) GDPR). We always balance our legitimate interests with your rights and freedoms.
  • Consent: Where required by law, such as for marketing communications, we will seek your clear consent. You can withdraw consent at any time.

How We Use Your Data

We use your personal information for the following purposes:

  • To process and deliver your flower orders
  • To communicate with you about your order, including confirmation and delivery updates
  • To manage payment transactions securely
  • To respond to your queries, feedback, or complaints
  • To improve our services by analysing purchase trends
  • To comply with applicable legal obligations
  • To send occasional satisfaction surveys (with your consent)

How We Share Your Data

We never sell your data. However, to fulfil your order or provide our services, your information may be shared with trusted third-party processors, such as:

  • Payment Processors: To securely process your payments
  • Delivery Partners: For delivery logistics within Tunbridge Wells and nearby districts
  • IT & Hosting Providers: For secure data hosting and website management

We only work with service providers who meet GDPR requirements, and all processing takes place in the UK or countries with adequate data protection laws.

Data Retention

Your personal data is retained only for as long as necessary for the purposes described. Typically, we keep:

  • Order records and related data for 7 years to comply with legal, regulatory, and accounting requirements
  • Marketing data until you withdraw consent or unsubscribe
  • Customer service correspondence for up to 3 years, unless needed to resolve ongoing disputes
Once retention periods have expired, we securely delete or anonymise your data.

How We Protect Your Data

Your data’s security is our priority. We apply appropriate technical and organisational measures to safeguard your data, including encryption, secure storage, access controls, and regular staff training on data protection best practices.

Your Rights Under GDPR

As a customer, you have the following rights regarding your personal data:

  • Right of Access: Obtain a copy of your personal data held by us
  • Right of Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request that we delete your data, where applicable
  • Right to Restrict Processing: Ask us to limit how your data is used
  • Right to Object: Object to certain data uses, such as direct marketing
  • Right to Data Portability: Request a copy of your data in a standard format
  • Right to Withdraw Consent: Withdraw any consents you have given, at any time
  • Right to Complain: Lodge a complaint with the UK Information Commissioner’s Office if you believe your data rights have been infringed

To exercise your rights, please contact us using your preferred method, making clear which right you wish to exercise. We will respond as required by law.

Changes to This Policy

We may update this Privacy Policy as our services and legal obligations evolve. The effective date of this policy will always be displayed at the top. We encourage you to review this policy periodically for updates.

Contact and Queries

If you have any questions about this Privacy Policy or your personal data, please reach out to us via your chosen communication method. Our team will respond to your request promptly and in accordance with GDPR requirements.