Florist Fortis Green Privacy Policy

Introduction

This Privacy Policy sets out how Florist Fortis Green collects, uses, stores, and protects your personal information when you place an order with us. This policy applies to all customers placing Florist Fortis Green orders from Fortis Green and the surrounding districts. We are committed to ensuring that your privacy is protected and that we remain in full compliance with the UK General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order or contact us, we may collect the following information:

  • Your name
  • Contact details such as billing and delivery addresses, email, and telephone number
  • Order details, including purchase history and special requests
  • Payment details (only such details as needed to process payment, handled securely via payment processors)
  • Recipient details (name, delivery address, and optional message)
  • Technical data such as IP address, browser type, and device information when you use our website

The Lawful Basis for Collecting Data

Under GDPR, we must have a lawful basis for collecting and processing your data. For Florist Fortis Green, the lawful bases we rely on include:

  • Contractual necessity: Your personal data is required to process your order and to deliver our products or services as agreed with you.
  • Legal obligations: Some details may be required for tax, accounting, and regulatory compliance.
  • Legitimate interests: We may use your data to improve our services, manage our business, and notify you of significant service updates, provided these do not override your own rights and freedoms.
  • Consent: In particular instances, such as direct marketing communications, we will rely on your consent, which you may withdraw at any time.

How We Use Your Data

Your information is used for the following purposes:

  • Processing and fulfilling your orders, including arranging delivery and handling payment
  • Providing customer service and responding to your queries
  • Internal record-keeping, auditing, and compliance with regulatory requirements
  • Improving our products, services, and website
  • Where you agree, sending marketing communications related to Florist Fortis Green. You can opt-out at any time

Data Retention

Florist Fortis Green only retains your personal data for as long as necessary to fulfil the purposes outlined in this policy, including legal and accounting requirements. Typically:

  • Order and transaction data is retained for up to 7 years to meet accounting and tax obligations
  • Customer service messages are retained for up to 2 years after resolution
  • Where you have opted into marketing communications, your contact data will be retained until you withdraw consent

Once the relevant retention period expires, your information will be securely deleted or anonymised.

Third-Party Data Processors

We may use reputable third-party service providers (processors) to help deliver our services. These can include:

  • Payment processing providers
  • Delivery and courier services
  • IT support and hosting services
  • Analytics and website performance providers

All processors are carefully selected, operate under written contracts, and are required to adhere to GDPR responsibilities. They may only process your data in strict accordance with our instructions and not for their own purposes.

Data Transfers

Your information is generally processed within the UK and European Economic Area (EEA). If your data is ever transferred outside the EEA, we ensure that appropriate safeguards are in place to keep your data secure and that your rights are maintained, in compliance with GDPR.

Protecting Your Data

Florist Fortis Green employs a variety of suitable technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, or disclosure. These measures are regularly reviewed and updated as necessary.

Your Rights

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You may request corrections to your personal data if it is inaccurate or incomplete.
  • Erasure: You can request we delete your personal information under certain circumstances ("right to be forgotten").
  • Restriction: Ask us to suspend processing your data, for example if you contest its accuracy.
  • Data Portability: You can request your data in a machine-readable format for your own use or so it can be transferred to another provider.
  • Objection: You may object to our processing where we rely on legitimate interests. You also have the absolute right to object to direct marketing.

To exercise these rights, or to raise a concern about our use of your information, please contact us using the details provided when placing your order or on our website.

Children's Privacy

Our products and services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please let us know so we can address the issue promptly.

Updates to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. We encourage you to review this policy periodically for the latest information regarding our privacy practices.

Contacting Us

If you have any queries or concerns about this Privacy Policy or how we use your personal data, please reach out to us via our customer contact channels as set out on our website or via your order confirmation documents.