Your Privacy at St Luke's Florist: Our Commitment and Practices

Introduction

This Privacy Policy explains how St Luke's Florist processes the personal data of customers who place orders with us, whether for delivery or collection in St Luke's and surrounding districts. We are committed to protecting your privacy and handling your information in compliance with the EU General Data Protection Regulation (GDPR). Please read this policy carefully to understand our approach to your personal data.

Scope of This Policy

This policy applies to all customers placing orders from St Luke's and surrounding districts, regardless of whether orders are completed in person, over the phone, or online. By placing an order with us, you acknowledge the practices described in this policy.

What Data We Collect

We collect and process various categories of personal data necessary for providing our services. Data we may collect include:

  • Identity Data: Your full name, delivery recipient's name (if different).
  • Contact Data: Delivery address, billing address, contact phone number, and (where applicable) email address.
  • Order Details: The floral products and services you purchase, card messages, special requests.
  • Payment Data: Details relating to the means of payment (e.g., transaction references from third-party payment providers). St Luke's Florist does not store credit or debit card numbers directly.
  • Customer Communications: Correspondence relating to enquiries, orders, complaints, or feedback.
  • Technical Data: Where you order through our website, basic browser and device data necessary for processing your order.

We do not collect or process sensitive categories of personal data (also called 'special categories') such as health or religious information, unless explicitly provided by you as part of a card message or special request. If such information is provided, we will treat it confidentially and only use it to fulfil your order.

Lawful Basis for Processing Personal Data

St Luke's Florist always processes your data based on at least one of the lawful bases defined by the GDPR:

  • Contract: For the purposes of fulfilling your order, processing payment, and delivering flowers as requested.
  • Legitimate Interests: To provide improved customer service, respond to enquiries, and (where appropriate) inform you of similar services you may be interested in. We always balance these interests against your rights and expectations.
  • Legal Obligation: To meet our obligations under applicable law, such as keeping accurate financial records for tax or accounting purposes.
  • Consent: Where required (for example, direct marketing communications not related to your order), we will ask for your explicit consent and provide the option to withdraw it at any time.

How We Use Your Data

We use your personal data:

  • To process and deliver your floral order to the specified recipient.
  • To communicate with you regarding your order or any services you request from us.
  • To improve our services, including reviewing customer feedback and resolving complaints.
  • To meet our legal obligations, such as for tax or audit purposes.
  • With your consent, to provide you with information about our products and services that may be of interest to you.

Data Retention: How Long We Keep Your Data

St Luke's Florist retains your personal data only as long as necessary for the purposes for which it was collected. Customer and order information is retained for a period of up to seven (7) years to satisfy accounting and tax requirements. After this period, data is securely deleted or anonymised, unless a longer retention period is required by law or necessitated by a legal claim.

For data provided solely with your consent and without any ongoing business or legal reason to keep it, you may request that it be deleted sooner (see 'Your Rights').

Data Processors and Sharing of Data

We restrict access to your data and only share personal information where necessary with trusted third-party service providers (data processors), including:

  • Payment processors for the safe and secure completion of your purchase.
  • Delivery couriers or drivers to ensure your flowers are delivered to the correct recipient and address.
  • IT infrastructure or website hosting providers for order processing and secure data storage.
  • Professional advisors (e.g., accountants, auditors) as required for legal compliance.

All third-party processors are required to comply with data protection regulations and to use data only as instructed by St Luke's Florist. We do not sell or rent your personal data to third parties under any circumstances. Personal data is not transferred outside the United Kingdom or European Economic Area unless necessary and subject to appropriate data protection measures.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct any inaccurate or incomplete data.
  • Right to Erasure: Request the deletion of your data, subject to legal and contractual restrictions.
  • Right to Restrict Processing: Limit how your data is processed in certain circumstances.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Data Portability: Receive your data in a structured, commonly-used, machine-readable format, or have it transferred to another provider where applicable.
  • Right to Withdraw Consent: You can withdraw your consent at any time where processing is based on consent.

To exercise these rights, or if you believe your data has been handled improperly, please contact us using the details set out at the end of this policy or in-store. Additionally, you have the right to file a complaint with the relevant data protection authority.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The updated privacy policy will be posted in our shop and will be available on our website. Please review this policy periodically to stay informed.

Contact and Further Information

If you have any questions about this policy, your rights, or how we process your personal data, please get in touch with us in person at St Luke's Florist. We will always do our best to answer your queries promptly and transparently.