Brixton Flowers Privacy Policy for Customers

Overview

This Privacy Policy outlines how Brixton Flowers ('we', 'us', 'our') collects, uses, stores, and protects your personal information in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers who place flower orders with Brixton Flowers, whether for delivery or collection, within Brixton and the surrounding districts.

Personal Data We Collect

When you interact with Brixton Flowers, we may collect, use, store, and transfer different kinds of personal data about you, including:

  • Identity Data: Name, title, and, where relevant, company name.
  • Contact Data: Billing address, delivery address, and other delivery information.
  • Communication Data: Preferences for receiving communications and your correspondence with us (including by post and other forms as provided).
  • Transaction Data: Details about orders you place with us, payments made, and payment methods (we do not store your full payment card details).
  • Technical Data: IP address, browser type and version, time zone setting, and other technology on the devices you use to access our services.

Lawful Basis for Processing Your Data

Under GDPR, we can only collect and use your personal data if we have a lawful basis. Our primary lawful bases include:

  • Performance of a Contract: Processing your orders and managing payments and deliveries.
  • Legal Obligation: Complying with requirements such as record-keeping and accounting.
  • Legitimate Interests: Operating and improving our business, including record management and customer service, when these interests are not overridden by your rights and interests.
  • Consent: Where you have provided explicit permission, such as opting into marketing communications. You may withdraw consent at any time.

How We Use Your Personal Information

We use your personal data to:

  • Fulfil and deliver the flower orders you place with us, including processing payments and managing delivery logistics.
  • Provide you with customer support and respond to your enquiries.
  • Manage our business operations, such as maintaining business records and planning deliveries.
  • Send you service communications related to your order, such as delivery updates.
  • Contact you regarding your preferences for future offers if you have consented to marketing communications.
  • Comply with legal and regulatory obligations as required by applicable laws.

How We Store and Retain Your Data

We take suitable security measures to protect your information and ensure it is not lost, used, accessed, altered, or disclosed in an unauthorised way. Personal data is stored securely, whether in digital or physical form, and processed according to this policy.

We retain your data for as long as necessary to fulfil the purposes we collected it for, including for satisfying legal, accounting, or reporting obligations. In general, we will keep order details and contact data for up to six years after your last transaction, unless a longer retention period is required by law. After this period, your data will be securely deleted or anonymised.

Processors and Data Sharing

We may share your personal data with selected third-party service providers (processors), strictly for the purposes outlined in this policy. These may include:

  • Payment processors who handle your payment transactions securely on our behalf and do not retain your full card details.
  • Delivery partners or couriers who may process your name, address, and contact details to deliver orders.
  • Providers of IT and system administration services who support our business processes.

All third-party service providers are required to process your data only according to our instructions, to use adequate security measures, and to comply with GDPR requirements. We do not sell or rent your personal data for marketing purposes.

We may also disclose your information where required by law or in response to legal requests by public authorities.

Your Data Protection Rights

Under GDPR, you have rights in relation to your personal data. These include:

  • Right of Access: You have the right to request access to your personal data held by us.
  • Right to Rectification: You can ask us to correct incomplete or inaccurate data we hold about you.
  • Right to Erasure: In certain circumstances, you may request the deletion or removal of your personal data.
  • Right to Restrict Processing: You have the right to request a restriction on the processing of your information, under certain conditions.
  • Right to Data Portability: You can request to receive your personal data in a machine-readable format or ask us to transfer it to another data controller.
  • Right to Object: You may object to processing where the lawful basis is our legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where our processing is based on your consent, you may withdraw it at any time.

To exercise these rights, please contact us through our standard communication channels. We may need to verify your identity before complying with your request, for your security.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law or our data practices. The latest version will always be available to customers who place orders from Brixton and surrounding districts. Please check back regularly for updates.

Contact and Concerns

If you have questions or concerns about how Brixton Flowers uses your personal data or wish to exercise your GDPR rights in relation to this policy, please contact us using our usual customer service channels. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority.

This Privacy Policy was last updated in June 2024.