Privacy Policy for Florist St Luke's Customers

Introduction to Our Privacy Policy

This Privacy Policy describes in detail how Florist St Luke's ("we", "us", or "our") collects, uses, retains, and protects your personal data. This policy applies to all individuals who place orders with Florist St Luke's in St Luke's and the surrounding districts. Compliance with the General Data Protection Regulation (GDPR) is fundamental to our operations, and we are committed to safeguarding your privacy at every stage of your interaction with us.

What Data We Collect

We collect and process different types of personal data to provide and improve our services. The information we gather may include:

  • Identification Information: Name and surname.
  • Contact Details: Delivery address, billing address, email address (if provided), and contact telephone number (if provided).
  • Order Details: Details of bouquets or products ordered, delivery instructions, requested delivery date, and gift card messages.
  • Payment Information: Order value, method of payment, and associated transaction references. Please note that we do not store your complete payment card details; card payments are processed via secure payment gateways.
  • Correspondence: Records of communication, such as any messages, notes, or queries you submit to us in relation to your order.
  • Technical Data: If you interact with our website, we may collect technical information such as IP address, browser type, device type, website usage statistics, and cookies (where applicable and with your consent).

Lawful Basis for Processing Personal Data

Florist St Luke's processes your personal data on the following lawful bases as provided for under Article 6 of the GDPR:

  • Contractual Necessity: Most data collected (such as name, address, product details) is required to fulfil your order contract with us. Without this information, we would be unable to deliver or process your order.
  • Legal Obligations: Certain information may be retained or shared to comply with legal requirements, such as accounting, tax, or law enforcement requirements.
  • Legitimate Interests: Where necessary, we may process data for legitimate business interests, such as responding to queries, resolving issues, or improving our services, provided these interests do not override your rights.
  • Consent: In specific cases (such as marketing communications or Cookies), we process your data only with your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • To process, confirm, and deliver your order.
  • To communicate with you regarding your order or any customer service inquiries.
  • To manage payments, refunds, and troubleshooting issues.
  • To meet legal and regulatory obligations.
  • With your consent, to send marketing or promotional offers (for instance, future discounts or special events).
  • To improve website functionality and user experience, where applicable.

How Long We Retain Your Data

We keep your personal data only for as long as is necessary for the purposes described in this Policy:

  • Order Information: We retain details of your orders and related communications for up to seven years to comply with accounting and legal obligations.
  • Marketing Information: If you provide consent to receive marketing, we retain your contact details until you opt-out or withdraw consent.
  • Cookies and Technical Data: Retention depends on your browser settings and the type of cookies; some may last only for a session while others for up to 12 months.

Upon expiry of the retention period, personal data is securely deleted or anonymized.

Processors and Third-Party Services

To provide our services efficiently, we may share your personal data with third parties acting as data processors. These may include:

  • Payment Processors: Secure platforms managing payments, refunds, or fraud checks.
  • Delivery Partners: Couriers or delivery services used to deliver your order.
  • IT and Hosting Providers: Companies providing infrastructure, hosting, and IT support for our website or digital records.
  • Professional Advisors: Accountants, auditors, or legal advisors who may require access for compliance or legal purposes.

All processors are contractually bound to handle your data in accordance with GDPR requirements, ensuring security and confidentiality. We do not sell your personal data to any third party.

Your Rights Under GDPR

You have several important rights under data protection law. In summary, these include the right to:

  • Access: Request and receive a copy of your personal data held by us, free of charge.
  • Rectification: Request corrections to incomplete or inaccurate information.
  • Erasure: Request the deletion of your data where there is no longer a legal reason for us to retain it.
  • Restriction: Ask us to limit the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests, or direct marketing.
  • Portability: Request to transfer your data to another service provider, where technically feasible.
  • Withdraw Consent: Where our processing is based on consent, you may withdraw this at any time without affecting the lawfulness of prior processing.

To exercise your rights, please contact us using the details provided at the end of this policy or on our website. We will respond to all data requests as required by law and within applicable timescales.

Data Security

Florist St Luke's takes data security seriously. We use appropriate organizational and technical measures to safeguard your data from unauthorized access, misuse, loss, or disclosure. These measures include encryption, access controls, secure data storage, and staff training. Where we use third-party processors, we ensure they meet the same standards of security and GDPR compliance.

Policy Scope and Changes

This Privacy Policy applies to all customers placing orders with Florist St Luke's in St Luke's and neighboring districts. We may update this policy to reflect new legal requirements or changes in data processing practices. When changes are made, the updated policy will be made accessible with a clear revision date. We recommend reviewing this document periodically to stay informed of how we protect your information.

Contact and Complaints

If you have any questions, concerns, or would like to exercise your data protection rights, please contact us via the channels listed on our website. If you remain dissatisfied, you have the right to lodge a complaint with your national supervisory authority or data protection regulator.

We are dedicated to treating your data with care and transparency. Thank you for trusting Florist St Luke's.