Privacy Policy for Sipson Florist Customers

Introduction

At Sipson Florist, the privacy and protection of your personal data are of the utmost importance. This Privacy Policy describes how we collect, use, store, and process personal information in compliance with the UK General Data Protection Regulation (GDPR). This policy applies to all customers placing orders through Sipson Florist, either online, by phone, or in person, within Sipson and the surrounding districts.

What Data We Collect

When you place an order with Sipson Florist, we collect certain personal data necessary to fulfil your order and provide our services. The types of data we typically collect include:

  • Contact Information: Name, address, phone number, and, if applicable, email address.
  • Order Details: Items purchased, delivery recipient’s details, special instructions, notes, or messages.
  • Payment Information: Payment card details (processed by a secure third-party provider), records of payments.
  • Communication Records: Records of correspondence with you, such as queries, complaints, or order updates.
  • Technical Data: IP address, browser type, device information, and cookies (when using our website).

Lawful Basis for Processing

We process your personal data on the following lawful bases, as provided by GDPR:

  • Contractual Necessity: To process and fulfil your orders, handle payments, deliver products, and communicate with you about your purchase. This is essential for performing our contract with you.
  • Legal Obligation: To comply with legal and regulatory obligations, such as tax and accounting requirements.
  • Legitimate Interests: To improve our products and services, manage and protect our business, and handle customer queries made in the course of providing our service. We ensure such interests do not override your data protection rights.
  • Consent: Where required, we may seek your explicit consent, for example, if we wish to send marketing communications. You are free to withdraw your consent at any time.

How We Use Your Data

Your personal data is used solely for the purposes specified in this policy, including:

  • Processing and delivering flower orders and gifts
  • Communicating order updates, confirmations, and addressing any issues or queries
  • Arranging delivery logistics within Sipson and the surrounding districts
  • Processing payments through secure payment providers
  • Fulfilling legal and financial obligations

Who Processes Your Data

Personal data may be processed by Sipson Florist staff and approved third parties (“data processors”) involved in providing our services. These include:

  • Delivery Partners: Local couriers or delivery drivers who need information to deliver your order.
  • Payment Processors: Reputable payment gateways securely process your payment information; Sipson Florist itself does not store payment card numbers.
  • IT and System Support: Providers who maintain our website and order management systems, strictly for service provision.

All data processors act on Sipson Florist’s instructions, comply with written data processing agreements, and are required to maintain confidentiality and adequate security standards.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes described above and to comply with legal, regulatory, and accounting obligations. Typically, order and delivery records are retained for up to seven years after your last transaction to meet tax and financial reporting requirements. Routine customer correspondence and non-essential data are deleted sooner, unless needed for ongoing service or legal matters.

Once the relevant retention period has expired, your personal data will be securely deleted or anonymised so that you are no longer identifiable.

Your Rights

Under the GDPR, as a data subject, you have several important rights regarding your personal data:

  • Right of Access: You can request confirmation of whether we hold personal data about you and receive a copy of your information.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal information.
  • Right to Erasure: You can request deletion of your data when it is no longer necessary for its original purpose, or you withdraw your consent.
  • Right to Restrict Processing: You can request we suspend processing under certain circumstances.
  • Right to Data Portability: You can request your data in a structured, commonly used electronic format and ask that it be transferred to another provider.
  • Right to Object: You can object to the use of your personal data based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on consent for processing, you may withdraw it at any time.

To exercise any of your rights, contact us using the contact information available on our website or at our shop premises. We may need to verify your identity before processing your request. We aim to respond to all requests within one month.

Data Security

Sipson Florist takes the security of your personal data very seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. This includes restricted access to personal data, encrypted transmissions, and secure physical and digital storage solutions.

International Data Transfers

We generally do not transfer your personal data outside the United Kingdom or the European Economic Area. If, in the future, such transfers are required (for purposes such as using international service providers), we will ensure that your data remains protected by adequate safeguards in accordance with UK GDPR requirements.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other reasons. When we do so, we will post the updated policy on our website and note the date of the latest revision. Please review this policy periodically to stay informed about how we protect your information.

Contact and Complaints

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us through the methods published on our website or via our store. If you believe your data protection rights have been infringed, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority.

Scope of Policy

This policy applies to all customers placing orders with Sipson Florist and covers personal data collected through all order channels in Sipson and its surrounding districts.