Covent Garden Flowers Privacy Policy

Privacy Policy Overview

At Covent Garden Flowers, we value your privacy and are committed to safeguarding your personal information in accordance with the General Data Protection Regulation (EU 2016/679, 'GDPR'). This policy outlines how we collect, use, and protect your data when you place orders with us in Covent Garden and surrounding districts.

Scope of This Policy

This privacy policy applies to all customers who place flower orders with Covent Garden Flowers, whether in person, over the phone, or online, within Covent Garden and neighbouring districts. By using our services, you consent to the data practices described here.

Personal Data We Collect

We collect only the information necessary to fulfil your order and ensure you receive the best possible service. The types of data we may collect include:

  • Contact Information: Name, delivery address, billing address, phone number.
  • Order Details: Delivery instructions, recipient’s name and address.
  • Payment Information: Details necessary for processing payments, such as card information (processed securely via our payment partners).
  • Communication Data: Your communications with us, including queries or feedback.
  • Technical Data: Device information, IP address, and other data arising from your use of our website (where applicable).

Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following grounds:

  • Contractual Necessity: We require your data to process, deliver, and fulfil your orders.
  • Legal Obligation: Certain information must be retained for accounting and tax reasons.
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security.
  • Consent: We may seek your express permission for secondary uses, such as marketing. You may withdraw your consent at any time.

How We Use Your Data

Your information may be used for purposes including:

  • Processing and delivering your order
  • Responding to your questions
  • Managing payments and preventing fraud
  • Complying with legal requirements
  • Carrying out analytics to improve services (where permitted)

Data Retention

We retain your personal data only as long as is necessary for fulfilling your order and for legitimate business or legal purposes. Typically, we retain order-related data for up to seven years in line with accounting and tax regulations. Data used for marketing, with your consent, will be kept until you withdraw your consent or request deletion. Once data is no longer required, it will be securely deleted or anonymised.

Sharing and Data Processors

We do not sell or rent your personal information. We may share your data with carefully selected third parties acting as processors, exclusively for the purposes outlined in this policy:

  • Payment Service Providers: To process payments securely.
  • Delivery Partners: To facilitate delivery of your flowers.
  • IT Support and Infrastructure Providers: For website hosting and email services.
  • Accountants and Legal Advisors: To comply with financial and legal obligations.

All such partners are required under contract to protect your data in accordance with GDPR and are not permitted to use it for other purposes.

International Data Transfers

In cases where your data may be transferred outside the European Economic Area (EEA), for example, if our IT providers store data abroad, such transfers are safeguarded in line with GDPR requirements, such as by relying on adequacy decisions or standard contractual clauses.

Your Rights Under GDPR

You have several important rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of incomplete or inaccurate information.
  • Right to Erasure: In certain circumstances, you may request deletion of your data (the ‘right to be forgotten’).
  • Right to Restriction: You may ask us to restrict processing of your data in specific situations.
  • Right to Object: You have the right to object to certain types of processing, including direct marketing.
  • Right to Data Portability: You may request transfer of your data to another provider, where applicable.
  • Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: You can contact the data protection supervisory authority if you believe your rights are infringed.

Data Security

We use appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include secure storage, encryption, and policies that restrict access to only those personnel who need the data to fulfil their duties.

Policy Updates

We keep our privacy policy under regular review and may update it as needed to stay compliant with legal, regulatory, or business developments. Customers using our services will be notified of major changes where appropriate.

Contact and Further Information

If you wish to exercise your data rights or have questions about our privacy practices, please contact the Covent Garden Flowers team via the contact form on our website or by requesting assistance in store.

This policy was last updated in June 2024 and applies to all orders placed with Covent Garden Flowers in Covent Garden and surrounding districts.