Privacy Policy for Barnes Florist Customers

Introduction

At Barnes Florist, we deeply value the privacy of our customers. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable UK privacy laws. It applies to all customers who place orders with Barnes Florist, whether online, by telephone, or in person, covering Barnes and the surrounding districts.

Personal Data We Collect

When you place an order or interact with Barnes Florist, we collect identifiable and non-identifiable information to provide you with our products and services. The types of personal data we collect include:

  • Contact Information: Such as your full name, address, delivery address, and contact details.
  • Order Details: Information relating to your purchase, including product choices, any card message, and special instructions.
  • Payment Information: Details relating to your payment method (provided directly to our payment processor and not stored by Barnes Florist).
  • Communication Records: Copies of correspondence you have with us, including queries, complaints, or feedback.
  • Marketing Preferences: Your choices regarding marketing communications, if you consent to receive them.

Lawful Basis for Processing

We process your personal data in accordance with GDPR requirements based on one or more of the following lawful bases:

  • Contractual Necessity: To fulfil and process your orders and to take steps at your request before entering into a contract.
  • Legal Obligation: To comply with legal and regulatory requirements, including tax and record-keeping obligations.
  • Legitimate Interests: To improve our services, manage our relationship with you, and ensure our business runs effectively. We balance these interests against your rights and freedoms.
  • Consent: Where required, we obtain your consent, particularly for direct marketing purposes. You can withdraw your consent at any time.

How We Use Your Data

Your information is used for the following purposes:

  • To process, confirm, and deliver your orders
  • To send service-related communications regarding your order
  • To respond to your inquiries, feedback, or complaints
  • To improve our products and customer service
  • If consented, to send marketing and promotional materials
  • To comply with legal and regulatory requirements

Retention of Personal Data

We hold your personal data only as long as necessary for the purpose for which it was collected. Typically, this means:

  • Order Information: Retained for up to seven years to fulfill contractual, tax, and accounting requirements.
  • Marketing Data: Held until you withdraw your consent or opt-out of marketing communications.
  • Correspondence: Retained for as long as needed to resolve your query or issue and to comply with our legal obligations.

When data is no longer required, it is securely deleted or anonymised.

Processors and Third Parties

We work with reputable third-party service providers (data processors) to assist in delivering our services, including:

  • Payment Processors: To securely facilitate your payments
  • Delivery Partners: To ensure your order arrives at the intended recipient
  • IT and Hosting Providers: To maintain and securely store digital records

All processors are contractually obliged to safeguard your data in line with GDPR. We only share the minimum data necessary for them to perform their services and ensure that your data is not used for their own purposes.

Data Security

We implement technical and organisational measures to ensure your data is protected against loss, unauthorised access, alteration, or disclosure. These measures include staff training, secure systems, and physical safeguards.

Your Data Protection Rights

Under GDPR, you have rights regarding your personal data. These include:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your personal data, subject to legal or contractual obligations.
  • Right to Restrict Processing: Ask us to suspend or limit the processing of your data.
  • Right to Data Portability: Request that we provide your data in a commonly used, machine-readable format or transfer it to another provider where technically possible.
  • Right to Object: Object to processing of your data for direct marketing or where processed on legitimate interests.
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details available on our website or in store. We may need to verify your identity before fulfilling your request.

Applicability of Policy

This privacy policy applies to all individuals placing orders with Barnes Florist from Barnes and the surrounding districts. It does not cover links to external websites or third-party services not operated by Barnes Florist.

Updates to this Policy

We may update this policy from time to time to reflect changes in legal requirements or our processing practices. Updates will be published on our website and effective from the date of posting.

Contact and Further Information

For questions about this privacy policy or how your personal data is handled at Barnes Florist, please get in touch using the contact details provided on our website or in store. We are committed to working with you to resolve any concerns in a fair and transparent manner. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data has not been handled in accordance with the law.