Privacy Policy for Cheam Flowers Orders

Introduction

This Privacy Policy explains how Cheam Flowers collects, uses, retains, and protects your personal information in line with the General Data Protection Regulation (GDPR). The policy applies to all customers ordering from Cheam Flowers within Cheam and the surrounding districts. We are committed to respecting your privacy and ensuring that your personal data is handled responsibly and lawfully.

What Data We Collect

When you place an order with Cheam Flowers, we may collect the following types of personal data:

  • Identification Details: Name, title, and, where necessary, company name.
  • Contact Information: Delivery address, billing address, phone number, and (if applicable) email address.
  • Order Details: Recipient details, order history, purchase preferences, and special instructions for delivery.
  • Payment Information: Payment method (e.g., credit/debit card details or bank transfer information). Please note, we do not store full card details.
  • Correspondence: Any communications with Cheam Flowers, including emails, letters, or conversations over the phone regarding your order or related queries.

Lawful Basis for Processing

Under GDPR, Cheam Flowers must have a lawful basis to process your personal data. We process your data on the following bases:

  • Contractual Necessity: Most data is collected to fulfil our contract with you (e.g., to deliver flowers, process payment, or communicate about your order).
  • Legitimate Interest: We use order and contact details to ensure efficient service, maintain records, and respond to queries. These uses do not override your data rights or interests.
  • Legal Obligation: When required, we may process data to comply with laws or respond to regulatory requests.
  • Consent: In cases where none of the above bases apply (such as direct marketing via email, if applicable), we will ask for your explicit consent before using your data for those purposes.

How We Use Your Data

Your personal data is used only for the purposes it was collected. These purposes include:

  • Processing your orders and arranging delivery
  • Contacting you about your order
  • Handling payment and fulfilling invoices
  • Responding to your requests and queries
  • Improving our products and services (using aggregated or anonymised data where possible)
  • Complying with regulatory and legal obligations

Data Retention

Your personal data will be retained for as long as is necessary to fulfil the purpose for which it was collected. Generally, this means we will keep order and delivery records for up to six years after an order has been fulfilled. This retention allows us to comply with accounting obligations and resolve any disputes or claims. If you contact us merely for an enquiry, and no purchase is made, your data will be retained only as long as is necessary to respond and for a reasonable period thereafter to maintain records of our interactions.

Data Processors and Third Parties

To operate our services efficiently, Cheam Flowers may share your personal data with trusted third-party service providers (“processors”) strictly for the purposes listed above. Such processors might include:

  • Delivery partners or couriers tasked with delivering your order
  • Payment processing providers
  • IT and systems support providers, where required for the operation of our services
  • External accountants or legal advisors (only when necessary for business or legal reasons)

All processors are bound by contracts requiring them to safeguard your data, comply with applicable laws, and not use personal data for their own purposes. Cheam Flowers does not sell or rent your personal information to third parties.

Your Rights

Under the GDPR, you have various rights regarding your personal data. These include:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Ask for your personal information to be deleted in certain circumstances (for example, if the data is no longer needed).
  • Right to Restrict Processing: Ask us to restrict the processing of your data while a query or request is being resolved.
  • Right to Data Portability: Request transfer of your data to you or another organisation in a commonly used, machine-readable format, where the lawful basis was consent or contract.
  • Right to Object: Object to the processing of your data on grounds relating to your particular situation, including for direct marketing (if applicable).
  • Right to Withdraw Consent: If we process your data based on consent, you may withdraw that consent at any time.

To exercise your rights or if you have any questions about your data, please contact Cheam Flowers using the contact information available on the website or documents provided to you during your order, and we will respond in a timely manner.

Data Security Measures

We take the security of your personal data seriously. Cheam Flowers implements appropriate technical and organisational measures to protect your data, including secure storage, limited access controls, and staff training. Where third-party processors are used, we ensure they also meet our data protection standards.

International Data Transfers

Your data is stored and processed within the United Kingdom or European Union, and we do not transfer your personal data outside these territories. Should this ever be required, we will ensure that adequate safeguards are in place in accordance with GDPR requirements.

Changes to This Policy

Cheam Flowers may update this privacy policy periodically to reflect changes in law or our practices. The most current version of the policy will always be available to customers prior to placing orders. Please check this page for the latest information.

Contact and Complaints

If you have any concerns regarding your personal data, please contact us using the contact information provided on your order documentation or on our official website. You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been violated.