Chessington Flowers Privacy Policy

Introduction

At Chessington Flowers, we are committed to safeguarding the personal information of our customers. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Chessington Flowers from Chessington and surrounding districts.

What Data We Collect

When you place an order with Chessington Flowers, we may collect the following data:

  • Contact Information: Your name, address, and telephone number for the purposes of fulfilling your order and keeping you updated on its status.
  • Recipient Information: Name, address, and (optionally) telephone number of the intended recipient in order to deliver the flowers effectively.
  • Order Details: Information relating to your purchase, such as the type of flowers, special instructions, delivery time preferences, and any personalized messages.
  • Payment Information: Payment method details (processed securely via third-party payment processors; Chessington Flowers does not store full card details).
  • Communication Records: Any email or written correspondence relating to your order, queries, feedback, or complaints.
  • Technical Data: IP addresses, browser type, and cookies to aid website functionality, analytics, and improve your experience.

Lawful Basis for Processing Personal Data

Under the GDPR, we rely on several lawful bases for processing your personal data:

  • Contractual Necessity: Data required to process and fulfill your order, deliver products, and manage payments.
  • Consent: In some cases, such as for marketing communications, we will request your explicit consent.
  • Legal Obligation: We may process and retain data where the law requires us to, such as for tax and accounting purposes.
  • Legitimate Interests: We may process data to improve our services, prevent fraud, and manage our relationship with customers, provided these interests are not overridden by your individual rights.

How We Use Your Data

Your personal data is used solely for the purposes for which it was collected, including:

  • Fulfilling and processing your orders
  • Communicating with you regarding your order or customer service inquiries
  • Ensuring timely delivery of products to you or your recipient
  • Managing payments and refunds
  • Improving our services and website
  • Complying with our legal and regulatory obligations
  • Where appropriate, sending marketing communications if you have consented

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically:

  • Customer Orders: Data is kept for up to 7 years to comply with financial and tax obligations.
  • Marketing Data: If you have consented to receive marketing communications, we will retain your data until you withdraw that consent.
  • Technical Data: Data related to website analytics may be kept for up to 2 years for performance and improvement analysis.

After the retention period expires, all personal data is securely deleted or anonymized.

Data Processors and Third Parties

Chessington Flowers may engage trusted third-party processors to help deliver our services. These include:

  • Payment processors to securely handle transactions
  • Delivery partners to fulfill the dispatch and delivery of orders
  • IT and cloud service providers for hosting and data storage solutions
  • Accountants and regulatory bodies for legal compliance

All third-party processors are required to adhere to data protection standards in accordance with GDPR and may only process your data for specified purposes and in line with our instructions. No data is sold or disclosed to any unrelated third parties for marketing or similar purposes.

Your Data Protection Rights

Under the GDPR, you have several rights in relation to your personal data:

  • Right to Access: You can request copies of your personal data held by us.
  • Right to Rectification: You can request correction of any inaccurate or incomplete data.
  • Right to Erasure: You can request the deletion of your data where there is no lawful reason for us to continue processing it.
  • Right to Restrict Processing: You can ask us to temporarily halt the processing of your data in certain circumstances.
  • Right to Object: You can object to processing based on legitimate interests, or to receiving marketing communications at any time.
  • Right to Data Portability: You can request that we transfer your personal data to another provider, where applicable.
  • Right to Withdraw Consent: Where we rely on your consent for processing, you may withdraw this at any time without detriment.
  • Right to Complain: If you believe your data rights have been infringed, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

Data Security

We take the security of your personal data very seriously. All information is stored using secure systems with appropriate technical and organisational measures to prevent unauthorised access, loss, misuse, or disclosure. Transfer of data to our processors is encrypted where appropriate.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Material changes will be communicated to customers where required.

Contact and Queries

If you have any questions about this Privacy Policy or your personal data, or wish to exercise any of your data protection rights, please contact us using the details provided on our website or in your order confirmation.