Kensington Flowers Privacy Policy

Scope of This Privacy Policy

This Privacy Policy sets out how Kensington Flowers ("we" or "our") collects, uses, stores, processes, and protects personal data of customers who place orders with us in Kensington and surrounding districts. We are committed to ensuring that your privacy is safeguarded and that all personal data is handled in accordance with the principles of the General Data Protection Regulation (GDPR).

What Personal Data We Collect

In the course of providing our floral arrangement and delivery services, we collect the following categories of personal data:

  • Contact Information: such as your name, delivery address, billing address, and telephone numbers.
  • Order Details: including details of the products you order, delivery instructions, and any special requests or messages.
  • Payment Information: payment confirmation details (note: we do not store full card details; processing is handled by secure third-party payment providers).
  • Correspondence: records of any communications you have with us, including enquiries, feedback, complaints, or requests.
  • Recipient Data: names, addresses, and contact details of recipients for delivery, if you are sending flowers to someone else.
  • Technical Data: such as Internet Protocol (IP) address, browser type, and information that helps us improve our website experience and security.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a legal basis for processing your personal data. We process your data for the following lawful purposes:

  • Contractual Necessity: Processing your data is required to fulfil your orders and provide the services you request, including payment processing and delivery.
  • Legal Obligation: We are required to keep certain records for tax, accounting, and compliance with statutory obligations.
  • Legitimate Interests: Processing your data helps us improve our services, ensure the security of our operations, handle customer complaints, and manage our business efficiently. This does not override your fundamental rights and freedoms.
  • Consent: Where we conduct marketing activities, such as sending promotional offers by email or text, we will only do so with your explicit consent. You may withdraw this consent at any time.

Data Retention

We retain your personal data only as long as is necessary for the purposes for which it was collected, including the fulfilment of orders, legal requirements, and our legitimate business interests. Typically, order and transaction data may be retained for up to seven years to meet accounting and legal obligations. Communication and correspondence are stored for up to two years. When your data is no longer needed, it will be securely deleted or anonymised.

Sharing Data with Third-Party Processors

We may share your personal data with carefully selected third-party service providers ("processors") to support the operation of our business and the delivery of your orders. These processors include:

  • Payment Processors: to securely process your payments.
  • Delivery and Courier Services: to deliver flowers or related items to you or your chosen recipients.
  • IT and Hosting Services: for website functionality, data storage, and security purposes.
  • Professional Advisors: such as accountants, auditors, or legal advisors when necessary.

All processors operate under contractual obligations to keep your data secure, confidential, and process it only as instructed by us. We do not sell, rent, or share your information for commercial purposes with unrelated third parties.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request information about the data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your data, subject to legal and contractual obligations.
  • Right to Restrict Processing: Request restrictions on how we process your data.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time.

To exercise your rights, you may contact us using our website’s contact form or by sending a written request. We may need to verify your identity before processing your request, and in some cases, certain legal obligations or exemptions may apply.

Data Security

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, loss, misuse, alteration, or disclosure. These include secure servers, encryption, password protection, restricted access controls, and staff training on data privacy awareness.

International Data Transfers

Kensington Flowers is based in the UK and processes most data within the UK and European Economic Area. Where data may be transferred outside these jurisdictions, we take steps to ensure that appropriate safeguards are in place, such as standard contractual clauses or the use of processors certified under relevant data protection frameworks.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the scope of our services. The latest version will always be available on our website and will include the date of the most recent revision. We encourage you to review the policy periodically.

Contacting Kensington Flowers About Privacy

If you have questions, concerns, or requests about this Privacy Policy or your personal data, please contact us in writing using the details provided on our website.