How We Protect Your Personal Information at Elephant and Castle Flowers

Privacy Policy for Elephant and Castle Flowers Customers

This Privacy Policy explains in detail how Elephant and Castle Flowers collects, processes, retains, and protects your personal data. This policy applies to all customers placing orders with Elephant and Castle Flowers from Elephant and Castle and the surrounding districts.

1. What Personal Data We Collect

When you place an order or communicate with us, we collect and process personal data necessary to fulfil your request. The categories of information we collect include:

• Identity Data: Name, surname, and (if applicable) title.
• Contact Data: Delivery address, recipient address, and phone number associated with the order or delivery.
• Order Data: Flowers, products ordered, order date/time, card message, and payment amount.
• Payment Data: Payment status and transaction details (we do not store full card details; payments are handled via secure third-party processors).
• Correspondence: Any feedback, queries, or complaints sent to us, including the content and related contact details.

We do not intentionally collect or process sensitive personal data (special categories) unless you explicitly provide them in a message or note. If you disclose such information, it will be treated with strictest confidentiality.

2. Lawful Basis for Processing Data

Elephant and Castle Flowers processes your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We rely on the following lawful bases:

• Contractual necessity: To take steps at your request prior to entering into a contract, and to fulfil your orders placed with us (purchasing products, arranging delivery, handling queries and complaints).
• Legal obligation: To comply with laws and regulations (for financial records, fraud prevention, and tax purposes).
• Legitimate interests: To conduct business operations, improve our services, communicate with you about your order, and maintain records, provided these do not override your rights and interests.
• Consent: Where required by law, for example for marketing communications. You have the right to withdraw consent at any time.

3. How Long We Keep Your Data

We retain personal information only for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, data relating to orders and customer correspondence is kept for a period of 7 years after your order to comply with tax and statutory regulations. After this period, your data will be securely deleted or anonymised unless further retention is justified for legitimate legal reasons.

4. Data Processors and Sharing

Elephant and Castle Flowers uses trusted third-party processors to assist in fulfilling orders, processing payments, and managing delivery logistics. These may include:

• Payment service providers (for secure payment processing).
• Delivery partners or couriers (for fulfilling deliveries).
• IT and systems support partners (for hosting and maintaining our order management systems).

All third-party processors are contractually obligated to safeguard your personal data and use it only for the purposes specified by Elephant and Castle Flowers. We do not sell or rent your personal data to third parties. We may disclose your information if required by law or to enforce our terms and protect our legal rights.

5. Data Security Measures

Your personal data is protected with appropriate technical and organisational measures to prevent unauthorised access, loss, misuse, or breach. These security measures include encryption, secure access controls, and regular review of our data handling practices. Our staff and trusted suppliers are trained and committed to respecting your confidentiality.

6. Your Rights under GDPR

As a customer within Elephant and Castle and the surrounding districts, GDPR grants you several rights regarding your personal data. These include:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can have inaccuracies in your data corrected.
• Right to erasure: In certain cases, you can ask for your personal data to be erased.
• Right to restriction: You can request us to limit how we use your data.
• Right to data portability: You can ask to receive your personal data in a machine-readable format.
• Right to object: You can object to processing where we rely on legitimate interests or direct marketing.
• Right to withdraw consent: Where consent is our basis for processing, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights or make a complaint related to your data, please contact Elephant and Castle Flowers using the contact details provided on our official correspondence or in store. We may need to confirm your identity before processing your request to ensure your data’s security.

7. Updates to This Policy

This Privacy Policy may be reviewed and updated from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Updated versions will be made available on request and in our premises. The date of the latest revision will always be indicated at the end of the policy.

8. Scope of the Policy

This policy applies specifically to all customers and recipients placing or receiving orders from Elephant and Castle Flowers, in Elephant and Castle and surrounding districts. By placing an order or providing your data, you acknowledge the practices described in this Privacy Policy.

Last updated: June 2024.