Morden Florist Privacy Policy

Introduction

This Privacy Policy outlines how Morden Florist (“we”, “us”, “our”) collects, uses, shares, and protects the personal data of its customers. It applies to all individuals placing orders with Morden Florist from Morden and surrounding districts. We are committed to ensuring your privacy is protected in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

What Data We Collect

When you place an order, interact with our website or contact our customer service, Morden Florist may collect the following categories of personal data:

  • Contact Information: Name, billing and delivery address, and occasionally a contact number as provided by the customer during the order process.
  • Order Information: Details about the flowers or products ordered, delivery instructions, order history, and payment method (note: we do not store your card details after payment is processed).
  • Communications: Records of communications (such as customer inquiries, messages, or feedback for service quality and dispute resolution).
  • Technical Data: When using our website, information such as IP addresses, browser type, device information, and cookies may be collected to enhance site functionality and user experience.

Lawful Basis for Processing Your Data

In accordance with GDPR, we only process your personal data where there is a lawful basis. These include:

  • Contractual Necessity: Processing data to fulfill your flower order, deliver products and provide after-sales support.
  • Legal Obligation: Retaining transaction records for tax, accounting, or regulatory purposes.
  • Legitimate Interest: Using data for business operations, such as quality assurance, fraud prevention, and service improvements – in ways that do not unduly impact your privacy.
  • Consent: Where required, we seek your explicit consent (e.g., for certain marketing communications). You may withdraw consent at any time.

How We Use Your Information

Your data is used only for the purposes described at the time of collection or as otherwise permitted by law. This includes:

  • Managing, processing, and delivering your orders.
  • Answering your questions and resolving any issues with your order.
  • Improving our products, services, and website performance.
  • Complying with our legal and regulatory obligations.
  • Sending updates only if you have agreed to receive them.

Retention of Personal Data

Morden Florist will only retain your personal information for as long as is necessary for the purposes for which it was collected, including for the fulfilment of any legal, accounting, or reporting requirements. Typically, order-related data is retained for a period of 7 years from the date of transaction to comply with our obligations. Data used for marketing purposes is kept until you withdraw your consent or request deletion.

Our Data Processors

We may share your personal data with trusted service providers who perform functions on our behalf, strictly following our instructions and data protection requirements. Such processors may include:

  • Payment processing companies to securely handle transactions.
  • Delivery services for dispatch and delivery of orders.
  • IT and website support partners who help manage our systems.
  • Analytics providers to help us understand site usage and customer preferences (using anonymised or aggregated data wherever possible).

All third parties engaged by Morden Florist are contractually required to treat your data with strict confidence, only process it for specified purposes and comply with GDPR.

How We Protect Your Data

We take data security seriously and use appropriate technical and organisational measures to safeguard your personal information against accidental or unlawful loss, alteration, unauthorised disclosure, access, or destruction. These include secure servers, data encryption, controlled access and staff training in data privacy and protection protocols.

Your Rights Under GDPR

Under the GDPR, you have several rights regarding your personal data. Subject to conditions and certain exemptions, these include:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct any inaccuracies or incomplete data held about you.
  • Right to Erasure: You may, in certain circumstances, request the deletion of your personal data.
  • Right to Restrict Processing: You have the right to request that processing of your data be limited under certain conditions.
  • Right to Data Portability: You may request a portable copy of your data for your own purposes across different services.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where consent is our basis for processing, you have the right to withdraw consent at any time.

If you wish to exercise any of these rights, please contact us via the methods listed on our website. We will respond to all requests within the timeframes required by law and may require you to confirm your identity.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us as soon as possible.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in how we process your data, legal requirements, or other operational reasons. The latest version will always be available on our website. We encourage customers to review this policy periodically.

Contact and Complaints

If you have any questions about this Privacy Policy or how we use your personal data, please consult our contact page for ways to get in touch. If you are not satisfied with our response or believe our processing of your data is unlawful, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).