Flowers Marylebone Privacy Policy

Introduction

This Privacy Policy describes how Flowers Marylebone ("we", "us", or "our") collects, uses, stores, and protects your personal data when you place orders with us in Marylebone and the surrounding districts. We are committed to ensuring that your privacy is protected and your personal information is handled in accordance with the UK General Data Protection Regulation (GDPR).

Scope of This Policy

This Privacy Policy applies to all customers who place orders with Flowers Marylebone, including those residing in Marylebone and surrounding districts. It covers data collected via telephone, in-person, online, and any other means through which you choose to interact with us to order our floral products or related services.

What Personal Data We Collect

In the process of providing flowers and related services, Flowers Marylebone collects the following categories of personal data:

  • Contact Information: Name, delivery address, contact phone number, and (where provided) email address.
  • Order Details: Information about the flowers and products you order, requested delivery dates and times, and card message contents (where applicable).
  • Payment Information: Depending on the payment method, limited payment information, such as the last four digits of a payment card, may be processed. We do not store full card details—these are managed by our secure payment processors.
  • Correspondence: Any communications you have with us, such as queries, feedback, or complaints.
  • Website Usage Data: If you visit our website, we may collect technical data such as your IP address, browser type, geolocation data, device identifiers, and browsing activity for analytics and service improvement purposes.

Lawful Basis for Processing Your Data

Flowers Marylebone processes personal data based on the following lawful bases under the GDPR:

  • Contractual Necessity: We process data such as your name, address, and order information as it is necessary to fulfill your order and deliver the requested products and services.
  • Legal Obligation: We may retain certain records as required to comply with legal, tax, and accounting obligations.
  • Legitimate Interests: We use your information to improve our services, ensure service quality, prevent fraud, and manage our operations, provided these activities do not override your rights and freedoms.
  • Consent: Where required (for example, for marketing communications), we ask for your explicit consent before processing your data for those specific purposes. You can withdraw this consent at any time.

How We Use Your Data

We use your personal data to:

  • Process and fulfill your flower orders and requests.
  • Communicate with you regarding your order, delivery updates, or any issues relating to your purchase.
  • Maintain business records and comply with legal requirements.
  • Improve the quality and performance of our services.
  • Respond to any queries or customer service requests you make.
  • Send you service-related or, with your permission, marketing communications.

Data Retention

Flowers Marylebone will only retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, including satisfying any legal, accounting, or reporting requirements. Typically, data associated with orders is retained for up to seven years in line with tax and accounting laws. Where data is held based on your consent (for example, for marketing), it is deleted promptly if you withdraw your consent.

Data Processors and Third Parties

We may share your personal data with trusted third-party service providers who assist us in delivering our services. These may include:

  • Payment processors (who handle your payment transactions securely and in compliance with applicable regulations).
  • IT service providers (who host and maintain our systems and website).
  • Delivery partners (who help us deliver your order to the requested address).
  • Professional advisors (such as legal or accounting services, as required for compliance).

All data processors and third-party service providers are contractually obliged to ensure the confidentiality and security of your data, and only process data as instructed by Flowers Marylebone in compliance with this Privacy Policy and data protection laws.

International Data Transfers

Your personal data is stored and processed within the United Kingdom and the European Economic Area (EEA) where possible. If data is transferred outside the UK or EEA, we ensure that appropriate safeguards—such as standard contractual clauses—are in place to protect your information and maintain GDPR standards of security and privacy.

Your Rights

As a customer of Flowers Marylebone, you have the following rights under the GDPR:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure: You may ask us to delete your personal data, subject to legal retention requirements.
  • Right to Restriction: You may request temporary suspension of processing where the accuracy or use of your data is contested.
  • Right to Data Portability: Where processing is based on consent or contract, and carried out by automated means, you may obtain your data in a structured, machine-readable format and transmit it to another provider.
  • Right to Object: You may object to processing based on legitimate interests or direct marketing at any time.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Security of Your Data

Flowers Marylebone is committed to ensuring your information is secure. We take appropriate physical, technical, and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include secure servers, restricted access, regular review of our security policies, staff training, and data encryption where appropriate.

Changes to This Policy

We reserve the right to amend this Privacy Policy from time to time. Any substantial changes will be communicated by updating this document. Please check back periodically to stay informed of any updates.

Contact and Complaints

If you have any questions about this Privacy Policy or how we handle your personal data, or if you wish to exercise any of your rights under the GDPR, please contact us using the contact options available through our official ordering channels.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or the supervisory authority in your country of residence.

This policy is effective as of June 2024.