Florist Bayswater Privacy Policy

Our Commitment to Your Privacy

Florist Bayswater is committed to protecting your privacy and ensuring you are fully informed of how your personal data is collected, used, and stored. This privacy policy applies to all customers placing orders with Florist Bayswater from Bayswater and surrounding districts. Please review this document carefully to understand our practices in compliance with the General Data Protection Regulation (GDPR).

What Data We Collect

When you interact with Florist Bayswater—such as by visiting our website, placing an order, or contacting us—certain personal information may be collected. These types of data include:

  • Identification Data: Full name, delivery recipient’s name, and, if applicable, company name
  • Contact Data: Billing and delivery addresses, phone numbers, and email addresses
  • Order Details: Product preferences, delivery instructions, card messages, and special notes
  • Payment Information: Payment card details (processed securely via third-party payment processors), transaction amount, and payment confirmation status
  • Technical Data: IP address, browser type, access times, website referral details, and cookies (as described in our cookie policy)
  • Communication Data: Correspondence history with customer support and feedback on services

Lawful Bases for Data Processing

Under GDPR, we must have a legitimate reason to process your personal data. We rely on the following lawful bases:

  • Contractual Necessity: Most of your personal data is processed because it is necessary for the performance of a contract—namely, fulfilling your order and delivering products as requested.
  • Legal Obligation: Certain data may be retained to comply with relevant legal or tax obligations.
  • Legitimate Interests: We may process your personal data to improve services, respond to enquiries, manage relationships, and ensure network security, provided these interests are not overridden by your rights.
  • Consent: Where required, we will seek your explicit consent, especially before sending marketing communications. You have the right to withdraw your consent at any time.

How We Use Your Data

Your personal data is used to:

  • Process and deliver your floristry orders
  • Contact you regarding your order status or any required clarifications
  • Facilitate payment processing via secure external providers
  • Respond to your queries, requests, or feedback
  • Improve and personalise your customer experience
  • Comply with legal obligations and resolve disputes

Data Retention

Florist Bayswater will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. In practice, this typically means we will keep order, payment, and contact information for up to six years from the date of your last purchase, unless a longer retention period is required by law. After this period, your personal data will be securely deleted or anonymised.

Processors and Data Sharing

We may share necessary information with trusted third-party service providers who act as data processors on our behalf. These may include:

  • Payment Processors: To process card payments securely (we do not store full card details ourselves)
  • Delivery Partners: For the purpose of delivering your order to the specified address
  • IT Support and Hosting Services: To ensure our website and ordering system operate securely and efficiently
  • Professional Advisors: If required for accounting or legal purposes

All third-party service providers are carefully selected and required to respect the security of your personal data, to use it only for the specified purpose, and to act strictly in accordance with our instructions under data processing agreements. Florist Bayswater will never sell or lease your personal data to third parties for marketing purposes.

International Transfers

Where data processors are located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place (such as standard contractual clauses or adequacy decisions) to protect your information and your rights under GDPR.

Your Rights Under GDPR

You have rights regarding your personal data. These include:

  • Right of Access: You can request a copy of your personal data held by us.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
  • Right to Erasure: In certain circumstances, you may request deletion of your personal data.
  • Right to Restrict Processing: You may ask us to limit the way we use your data in certain circumstances.
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly-used format.
  • Right to Object: You may object to our processing of your information on grounds relating to your particular situation.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw this consent at any time without affecting the lawfulness of prior processing.

If you wish to exercise any of these rights, please contact us with sufficient detail to identify yourself and the specific data concerned. We may need to verify your identity before responding to your request. Generally, no fee is required, unless requests are unfounded, repetitive, or excessive, in which case a reasonable charge may be applied.

Data Security

We have implemented suitable organisational and technical measures to prevent the accidental loss, misuse, unauthorised access, disclosure, or alteration of your personal data. Only employees and approved partners who need to know your information to fulfil their duties have access to your data.

Changes to This Policy

This privacy policy may be updated to reflect changes in our practices or for legal reasons. Any updates will be effective when posted and clearly indicated at the top of this document. We encourage you to review this policy regularly.

Contact and Complaints

If you have any questions or are unsatisfied with our handling of your personal data, please contact us. If you remain unsatisfied, you have the right to lodge a complaint with your local data protection authority.

This policy was last revised on 1 June 2024.