Brompton Flowers Privacy Policy: Data Protection for Customers

Introduction

At Brompton Flowers, your privacy is a priority. This Privacy Policy applies to all individuals who place orders with Brompton Flowers from Brompton and the surrounding districts. It explains how we collect, process, and store your personal data in compliance with the General Data Protection Regulation (GDPR), and outlines your rights regarding your information.

What Data We Collect

To offer our products and services, we may collect and process the following categories of personal information:

  • Identification Information: Your name, address, and contact details (excluding phone numbers or emails in this policy).
  • Order Details: Information about the floral products or services you order, delivery instructions, and transaction details including billing addresses.
  • Payment Information: Non-sensitive payment details may be processed, such as payment status, but full credit/debit card numbers are handled exclusively by our third-party payment processors and not retained by us.
  • Correspondence: Communication records relating to your enquiries, feedback, or customer service interactions.
  • Website Usage Information: Basic analytics data such as IP addresses, browser types, and device identifiers, collected when you visit our website, to help us improve user experience.

Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis to collect and process personal data. For Brompton Flowers customers, we process your data under the following legitimate grounds:

  • Contractual Necessity: To fulfill and deliver your orders, process payments, and carry out our obligations arising from contracts with you.
  • Legitimate Interests: To improve our services, prevent fraud, ensure network security, and respond to your queries.
  • Legal Obligations: To comply with applicable laws and maintain proper business records for tax and audit purposes.
  • Consent: Where explicit consent is needed (for example, for optional marketing communications), we will seek your agreement before processing.

How We Use Your Information

Your personal data is used only for the following purposes:

  • Processing and fulfilling your flower orders and managing deliveries.
  • Handling payments and refunds securely through authorized third-party processors.
  • Providing customer support before, during, and after your order.
  • Improving our website, services, and customer experience.
  • Complying with legal obligations including record-keeping and anti-fraud measures.
  • Sending optional marketing communications, only where you have provided explicit consent.

Retention of Personal Data

We retain your personal information only for as long as necessary to fulfill the purposes listed in this policy, and to comply with applicable legal, accounting, and reporting requirements. Typically, customer and transaction data are kept for up to six years to meet tax, audit, or regulatory obligations unless a shorter or longer retention period is required by law. Once the retention period expires, your data is securely deleted or anonymized.

Processors and Third Parties

To provide our services, Brompton Flowers may engage reputable third-party service providers (“processors”) who process data strictly on our behalf and according to our instructions. These may include:

  • Payment Processors: To securely handle and process payments for your orders. We do not store complete payment card information ourselves.
  • Delivery Partners: To deliver your flower orders to the intended recipients.
  • IT and System Support: To support our ordering platform, maintain the security of our systems, and manage website analytics.

We carefully select our processors and require them to comply with strict data protection and confidentiality requirements. Personal data is not transferred outside the European Economic Area unless appropriate safeguards are in place.

Your Rights Under GDPR

As a customer of Brompton Flowers, you have enhanced rights under the GDPR with respect to your personal information. These include:

  • Right of Access: Request confirmation and a copy of the personal data we hold about you.
  • Right of Rectification: Request correction of any inaccurate or incomplete data about you.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances, such as when data is no longer necessary for our original purpose.
  • Right to Restrict Processing: Ask us to restrict how we process your data while disputes about accuracy or objections are resolved.
  • Right to Data Portability: Receive your data in a structured, commonly-used format for transfer to another provider, where applicable.
  • Right to Object: Object to processing based on our legitimate interests or for direct marketing purposes at any time.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You may complain to a data protection authority if you believe your rights have been infringed.

How We Protect Your Data

We are committed to ensuring the security of your personal information. Appropriate technical and organizational measures are in place to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures are regularly reviewed and enhanced in line with technological advancements and regulatory guidance.

Policy Scope and Updates

This Privacy Policy applies to all customers placing orders with Brompton Flowers from Brompton and the surrounding districts. Brompton Flowers may occasionally update this policy to reflect changes in legal requirements, our services, or privacy best practices. Any significant changes will be highlighted to our customers when placing orders or through updated documentation.

Contact and Further Information

If you have questions about the data we hold or wish to exercise your rights as described, please contact us using the methods provided on our main website or by written enquiry to our business address. We aim to respond to all rights requests promptly and in accordance with GDPR obligations.