Pinner Flowers Privacy Policy – Customer Data & Rights

Introduction

This Privacy Policy outlines how Pinner Flowers collects, uses, retains, and protects the personal data of customers placing orders in Pinner and surrounding districts. We are committed to protecting your privacy and handling your personal information transparently and securely, in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy applies to every individual who places an order with Pinner Flowers, whether through our website, by phone, or in person at our store.

What Personal Data We Collect

When you place an order with Pinner Flowers, we collect specific personal data to process your request and provide our services efficiently. The types of personal data we may collect include:

  • Contact Information: Full name, email address, telephone number, and delivery address.
  • Order Details: Items purchased, delivery instructions, card messages, requested delivery dates, and purchase history.
  • Payment Information: Payment method details (please note, any card payments made online or by phone are securely processed by third-party payment providers and are not stored by Pinner Flowers).
  • Recipient Information: Name, address, and contact details of individuals receiving flowers or gifts at your request.
  • Communication History: Correspondence between you and Pinner Flowers, including queries, feedback, complaints, and call recordings if applicable.

Lawful Basis for Processing Your Data

Under GDPR, we are required to identify a lawful basis for each type of data processing. Our lawful bases include:

  • Contractual Necessity: Processing your data is necessary to fulfill the contract when you place an order or request a service from Pinner Flowers – for example, to deliver flowers to your specified address.
  • Legal Obligation: We may process and retain your data to comply with accounting, taxation, or other legal obligations.
  • Legitimate Interest: Data is sometimes processed for legitimate business interests, such as handling order enquiries, improving our products and services, or preventing fraud. Where we rely on legitimate interests, we ensure these do not override your fundamental rights.
  • Consent: Where required, such as for marketing communications, we process your data based on your explicit consent, which you can withdraw at any time.

How We Use Your Personal Data

Pinner Flowers uses your data for several purposes, all aligned with the lawful bases described above:

  • Processing and fulfilling your orders, including arranging delivery and personalising your order as requested.
  • Communicating with you regarding your order status, customer service enquiries, and feedback.
  • Administering payments, refunds, or exchanges through secure third-party payment processors.
  • Maintaining internal records for accounting, compliance, and service improvement.
  • Sending marketing communications (where consented) regarding new products, services, offers, or events; you may opt out at any time.
  • Ensuring the security of our services and preventing misuse or fraud.

Retention of Your Personal Data

Pinner Flowers will retain your personal data only for as long as necessary to fulfill the purposes it was collected for, including satisfying legal, accounting, or reporting obligations. Typically, order and associated data are retained for up to six years after your last transaction for auditing and compliance purposes. Communication records and correspondence are retained for no longer than three years unless otherwise required by law. Once data is no longer required, it will be deleted or securely anonymised.

Processors and Data Sharing

Pinner Flowers may share necessary personal data with selected third-party service providers (processors) who assist in:

  • Processing payments (e.g., banks, payment gateways).
  • Delivering orders (e.g., local couriers or delivery partners).
  • Maintaining IT and website infrastructure (e.g., web hosting, software support).
  • Providing customer support services (where required).

These processors are contractually bound to handle your personal data securely, confidentially, and only in accordance with our instructions. Pinner Flowers does not sell, rent, or trade your data with any third parties for their own marketing or commercial purposes. We do not transfer your personal data outside the United Kingdom unless adequate safeguards are in place.

Your Rights Under GDPR

As a customer of Pinner Flowers, you have several rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete data held about you.
  • Right to Erasure: You can request deletion of your data when it is no longer necessary for us to retain it, provided there is no overriding legal reason to keep it.
  • Right to Restrict Processing: You can request to limit the way we use your data in certain circumstances.
  • Right to Data Portability: You may request your data in a commonly used, machine-readable format to transfer to another provider.
  • Right to Object: You have the right to object to certain types of data processing, such as direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time.

To exercise any of these rights, you may contact us using the contact methods provided on our official site or in store. We will respond to your request as soon as possible and always within one month, unless the request is complex.

Security of Your Personal Data

Pinner Flowers takes robust technical and organisational measures to protect your data from accidental loss, unauthorised access, or misuse. This includes secure storage systems, staff training, and strict access controls. While we do our utmost to safeguard your information, remember that no method of transmission over the Internet or electronic storage is completely secure.

Updates to This Privacy Policy

We may update this Privacy Policy on occasion to remain compliant with changes to legal requirements or our business practices. Customers will be notified of any material changes through our website or by other appropriate means. We encourage you to review this policy regularly to stay informed about how we process and protect your personal data.

Contact and Complaints

If you have any questions about this Privacy Policy or concerns about how your data is handled, please use the contact information provided on our official website or in our shop. If you are not satisfied with our response or believe your data protection rights have been infringed, you may lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.