Hatton Florist Privacy Policy

Privacy Policy for Customers of Hatton Florist

This Privacy Policy outlines how Hatton Florist collects, processes, uses, and protects your personal data in full compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Hatton Florist from Hatton and the surrounding districts. We are dedicated to maintaining your trust by handling your personal information with care and transparency.

Personal Data We Collect

When you place an order with Hatton Florist, we may collect and process certain types of personal data. Depending on the nature of your interaction with us, we may collect the following information:

  • Identity Data: Your name, and if ordering on behalf of someone else, the recipient's name.
  • Contact Information: Email address, telephone number, and delivery address.
  • Order Details: Products purchased, order value, quantities, delivery instructions, and any notes you provide for us or the recipient.
  • Payment Information: Depending on payment method, we may receive confirmation of payment from our payment processor, but we do not store your full payment card details.
  • Communications: Details of correspondence with our team, including queries and feedback related to your experience.

How We Use Your Data

We process your personal data for specific purposes, using only the minimum necessary information for each. The ways in which your data is used include:

  • To fulfill your flower order, including processing payment, arranging for delivery, and communicating updates regarding your order.
  • To respond to customer enquiries, requests, or complaints, and provide customer support.
  • To meet our legal obligations, including record-keeping, tax, and regulatory compliance.
  • To improve our products and services based on your feedback and preferences.

Lawful Basis for Processing

Hatton Florist processes your personal data on the following lawful bases as permitted by the GDPR:

  • Contractual Necessity: Most processing is required to fulfill our contract with you to provide the goods and services you have ordered – for example, collecting delivery details to ensure your flowers reach the intended recipient.
  • Legal Obligation: We retain certain data to comply with legal, tax, and accounting obligations as required under UK and EU law.
  • Legitimate Interests: In some cases, we may use your data for our legitimate business interests, such as communicating with you about your order or seeking feedback to improve our services. We will always balance our interests with your rights and freedoms before processing in this way.

Retention of Your Data

Hatton Florist retains your personal data only for as long as necessary to accomplish the purposes described in this policy. Typically, we maintain order and transaction records for up to seven years to comply with our legal obligations regarding accounting and taxation. After this period, data that is no longer required will be securely deleted or anonymised.

For data collected solely on the basis of customer service queries or marketing preferences (where applicable), this data may be retained for a shorter period, unless you request its erasure sooner.

Sharing and Data Processors

We do not sell your personal data to third parties. However, to provide our services, we may share necessary information with carefully selected third-party service providers. These entities act as data processors on our behalf and are bound by contractual obligations to protect your data. Examples of data processors include:

  • Payment service providers who process your payment securely.
  • IT service providers who host our website or facilitate our order management system.
  • Delivery partners responsible for bringing your flowers to their destination.
  • Accountants and legal advisors who require access to transaction records for compliance.

All our data processors are required by law and by contract to follow our documented instructions and maintain appropriate data protection and security measures. Your data is never transferred outside the United Kingdom or European Economic Area unless adequate safeguards are in place, in accordance with GDPR requirements.

Your Rights Under GDPR

As a customer within Hatton and the surrounding districts, you have certain rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: If your information is inaccurate, you can ask us to update or correct it.
  • Right to Erasure: You can request that we delete your personal data where there is no legal reason for its continued processing.
  • Right to Restrict Processing: You can ask us to suspend processing your personal data in certain scenarios.
  • Right to Data Portability: You can request to receive your data in a portable format.
  • Right to Object: You have the right to object to processing based on legitimate interests or direct marketing (if applicable).

If you wish to exercise any of these rights, please contact us. To protect your privacy and security, we may require you to verify your identity before processing your request.

Protecting Your Personal Data

Hatton Florist is committed to the security of your personal data. We implement appropriate technical and organisational measures to protect your data against accidental loss, unauthorised use, access, disclosure, alteration, or destruction. Access to your data is limited to staff and providers who need it to fulfill their responsibilities.

Changes to This Policy

We may update this policy from time to time to reflect legal, technical, or operational changes. When we update the policy, we will provide appropriate notification and keep the most recent version available to you. Continued use of our services constitutes acceptance of changes to the privacy policy.

Contact Information

Should you have any questions or wish to exercise your rights regarding your personal data, please reach out to us using the contact details provided on our website or in your order confirmation documents. If you are dissatisfied with our handling of your data, you are entitled to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.