Cowley Florist Privacy Policy – Protecting Your Personal Data

Introduction

This Privacy Policy explains how Cowley Florist collects, uses, stores, and protects your personal data when you place an order with us. This policy applies to all customers ordering flowers and related products from Cowley and the surrounding districts. We are committed to upholding the General Data Protection Regulation (GDPR) and safeguarding your privacy.

What Data We Collect

When you place an order with Cowley Florist, we may collect the following information:

  • Identification data: Name, title
  • Contact details: Address, phone number, and (when provided) other delivery details
  • Order details: Products ordered, delivery preferences, gift messages
  • Payment information: Payment card details (processed securely), transaction receipts
  • Communication records: Any messages or enquiries sent to us, including notes or instructions related to orders
  • Website usage data: Collected via cookies or similar technologies to help us improve our service (e.g., IP address, browser type and session data)

We do not collect any sensitive personal data unless it is voluntarily provided and relevant to your order.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The primary lawful bases applicable to our activities are:

  • Contractual necessity: Processing your data to fulfil your order, including arranging delivery and providing customer support
  • Legal obligation: Retaining certain records to comply with tax and accounting regulations
  • Legitimate interests: Improving our products and services, preventing fraud, and responding to customer enquiries
  • Consent: If we wish to use your data for marketing purposes, we will only do so with your express consent. You may withdraw your consent at any time.

How We Use Your Personal Data

We use your data for the following purposes:

  • Processing and delivering your floral order
  • Communicating with you about your order, deliveries, or any issues
  • Managing refunds, returns, and customer complaints
  • Maintaining our business records and fulfilling legal requirements
  • Improving our website, products, and services (using anonymised analytics wherever possible)
  • Providing marketing updates or special offers only if you have opted in

Data Retention

Your personal data will be retained only for as long as necessary to fulfill the purposes outlined above. In accordance with legal, tax, and accounting obligations, we typically retain order and transaction data for up to seven years. Other communications will be deleted when they are no longer needed for our business purposes or at your request, barring overriding legal requirements.

Data Processors and Sharing

To process and deliver your order, we may share your data with trusted third parties acting as data processors. These include:

  • Payment providers (for secure payment processing – we do not store your card details)
  • Delivery services and couriers (to complete your flower delivery)
  • IT and website hosting providers

All third-party processors are bound by contractual obligations to ensure your data remains confidential and is used only for the agreed purpose. We do not sell or rent your personal data to any third party.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct or update inaccurate personal data.
  • Right to erasure: You may request that we delete your personal data when it is no longer necessary for us to retain it.
  • Right to restrict processing: You may ask us to pause processing your data under certain circumstances.
  • Right to data portability: You may request a copy of your data in a commonly used, machine-readable format.
  • Right to object: You may object to processing of your data based on legitimate interests, direct marketing, or automated decision making.
  • Right to withdraw consent: Where we rely on consent for processing (such as marketing), you may withdraw your consent at any time.

If you would like to exercise any of these rights, please contact us using the contact options available on our website or when placing an order.

Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful access, loss, destruction, or disclosure. Our payment providers comply with strict security standards to protect your payment information.

International Transfers

Your data is stored and processed within the United Kingdom and the European Economic Area (EEA) wherever possible. Where data is processed or stored outside the UK/EEA, we ensure the transfer is protected by suitable contracts and safeguards, as required by GDPR.

Updates to This Policy

We may occasionally update this Privacy Policy to reflect changes in our practices, legal requirements, or customer feedback. The latest version will always be available on our website. We encourage you to review it from time to time.

Contact and Complaints

If you have any questions about this policy or how your data is used, please contact us via the methods listed on our website. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.