Notting Hill Flowers Privacy Notice for Customers

Introduction

This Privacy Policy describes how Notting Hill Flowers (‘we’, ‘us’, ‘our’) collects, uses, and protects the personal information of all customers placing orders with us from Notting Hill and surrounding districts. We adhere to the principles of the General Data Protection Regulation (GDPR), ensuring your personal data is handled lawfully, transparently, and securely at all times.

Scope of this Policy

This policy applies to all individuals who purchase flowers or related products and services from Notting Hill Flowers, whether ordered in person, by telephone, on our website, or through other communication channels serving Notting Hill and the neighbouring districts. It does not extend to third-party websites or services that may be linked to or recommended by us.

What Personal Data We Collect

When you place an order or interact with us as a customer, we may collect the following types of personal data:

  • Identification Data: Name, delivery address, billing address.
  • Contact Information: Telephone number, email address (if provided).
  • Order and Transaction Details: Items ordered, order value, payment status, delivery instructions and any gift messages or notes.
  • Payment Information: Payment method details (we do not retain full card details; these are managed securely by authorized payment processors).
  • Communication Records: Records of correspondence, including requests, complaints, and feedback.
  • Technical Data: If you use our website, data such as IP address, browser type, and cookies may be collected for functionality, analytics, and fraud prevention.

Lawful Basis for Processing Personal Data

Processing your personal data is based on the following lawful grounds in accordance with GDPR:

  • Contractual Necessity: Processing is necessary to fulfill the contract with you, such as delivering your flower order or managing payments.
  • Legitimate Interests: We may use your data for our legitimate business interests, such as communicating order status, improving services, fraud prevention, and responding to your queries. Your rights and interests are always balanced against ours.
  • Legal Obligations: We process some data to comply with tax, accounting, or other legal requirements.
  • Consent: Where legally required, such as sending marketing communications, we obtain your explicit consent, which you may withdraw at any time.

How We Use Your Personal Data

Your personal information is used only for the following purposes:

  • Processing and fulfilling your orders.
  • Contacting you about your purchases or delivery arrangements.
  • Managing payments, refunds, and resolving order issues.
  • Responding to your requests, feedback, or complaints.
  • Legal compliance and record keeping.
  • Where you have consented, sending you information about our products, services, offers, or events. You may opt-out at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described above, including for legal, accounting, and reporting obligations. Typically, customer order records are retained for up to six years to comply with tax and business regulations, unless a longer retention period is required or permitted by law. After this period, personal data is securely deleted or anonymised.

Disclosure to Processors and Third Parties

We may share your personal data with trusted third-party service providers (processors) who help us operate our business and provide services to you. Typical examples include:

  • Payment processors (to securely process transactions).
  • Delivery couriers (to deliver your orders).
  • IT and website support providers (to maintain our systems and website).
  • Professional advisors (such as accountants or legal consultants, where required).

All processors act only on our documented instructions, are subject to strict confidentiality, and are required to maintain appropriate security measures. We do not sell or rent your personal information to any third parties for their own marketing purposes.

International Data Transfers

In most cases, your personal data is stored and processed within the United Kingdom and the European Economic Area (EEA). If it is necessary to transfer data outside the UK or EEA, we shall ensure adequate safeguards are in place as required by GDPR to protect your privacy rights.

Your Rights Under GDPR

As a data subject, you have a range of rights regarding your personal data, including:

  • The right to access: You may request a copy of the personal information we hold about you.
  • The right to rectification: You can ask us to correct any inaccurate or incomplete data.
  • The right to erasure (‘right to be forgotten’): In certain circumstances, you may request your personal data be deleted.
  • The right to restrict processing: You can ask us to limit the way we use your data in specific situations.
  • The right to data portability: You can request your data be provided in a structured, commonly used, and machine-readable format, or transferred to another provider.
  • The right to object: You have the right to object to our processing of your data based on legitimate interests or for direct marketing purposes.
  • The right to withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting prior processing.
  • The right to lodge a complaint: If you are concerned about our handling of your data, you have the right to contact the relevant data protection supervisory authority.

How We Protect Your Data

We implement appropriate technical and organizational measures to safeguard your personal data. This includes secure storage systems, encryption where suitable, staff training, regular reviews of our data handling procedures, and strict contracts with all processors. Access to personal data is restricted to authorized personnel who require it for business purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our business, legal requirements, or data processing practices. Any changes will be immediately effective upon posting. We recommend reviewing this notice regularly to stay informed about how we protect your information.

Contact and Further Information

If you have questions, requests, or concerns regarding this Privacy Policy or how your personal data is handled by Notting Hill Flowers, please contact us using the communication methods provided on our website or at our premises. We are committed to responding promptly to all enquiries concerning your data and privacy rights.