Cowley Flowers GDPR Privacy Policy

Introduction to Our Privacy Policy

This Privacy Policy explains how Cowley Flowers ("we" or "us") handles, stores, and processes your personal information as a customer placing orders for flowers and related goods in Cowley and surrounding districts. Our commitment to your privacy is guided by the requirements of the General Data Protection Regulation (GDPR) and all applicable United Kingdom data protection laws.

Scope of This Policy

This policy applies to all individuals who place orders with Cowley Flowers, whether through our physical shop, by phone, or via our online ordering platform, provided their order is to be fulfilled in Cowley and the neighbouring districts. The contents explain the types of personal data we collect, the lawful bases for processing, how long we retain your information, the use of third-party service providers (processors), and your rights regarding your personal data.

What Data We Collect

Depending on how you use our services, Cowley Flowers may collect the following types of personal data:

  • Contact Information: Name, delivery address, billing address, and contact details such as phone number and, where applicable, email address.
  • Order Details: Product selections, special instructions (e.g., gift messages), delivery times and dates.
  • Payment Information: Details required to process your payment via our approved payment providers. We do not store full card details on our systems.
  • Correspondence: Records of communications with you, such as queries, complaints or requests for information.
  • Website Usage Data: If you use our website, we may collect technical data including IP address, browser type, and details about your visit for site analytics and security purposes.

Lawful Bases for Processing Your Data

Cowley Flowers will only use your personal data when permitted by law. Under GDPR, the lawful bases we rely on include:

  • Performance of a Contract: Processing is necessary to fulfil orders placed by you and to provide customer service regarding those orders.
  • Legal Obligations: We may process your data to comply with legal and regulatory requirements (e.g., for tax records).
  • Legitimate Interests: This may include quality assurance, improving our services, or direct marketing related to our services, provided that these interests are not overridden by your rights and interests.
  • Consent: Where required by law or where we are not relying on another legal basis, we will obtain your consent before processing your data (e.g., for direct marketing by email). You have the right to withdraw your consent at any time.

How We Use Your Data

Your personal data is used to:

  • Process and fulfil your orders, including arranging delivery and addressing special requests.
  • Contact you regarding your order status, payment, or any service updates.
  • Improve our services and customer experience.
  • Maintain records to comply with any applicable legal obligations.

Retention: How Long We Keep Your Information

We retain your personal data only as long as necessary for the purposes described above, or as required by law. Standard retention periods are as follows:

  • Order and transaction records: Retained for up to 7 years to satisfy legal, accounting, and tax obligations.
  • Marketing consents: Retained until you withdraw your consent or unsubscribe from marketing communications.
  • Website analytics: Technical data is generally retained for a maximum of 26 months, after which it is securely deleted or anonymised.

After the applicable retention periods, your personal data is securely erased or anonymised so that it can no longer be associated with you.

Processors: Sharing and Protecting Your Data

We may share your personal data with trusted third-party service providers (data processors) who help us deliver our services, such as payment processing companies, website hosting providers, IT maintenance partners, and delivery companies. All such processors are contractually obligated to handle your data securely and only process it on our instructions, in compliance with this Privacy Policy and GDPR requirements.

Except as described above or as required by law, we do not share your personal information with external parties. We do not sell or rent your data for marketing purposes.

Your GDPR Rights

Under GDPR, as a customer of Cowley Flowers, you have key rights regarding your personal data:

  • Right to Access: You have the right to request a copy of your personal data that we hold.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete data about you.
  • Right to Erasure (‘Right to be Forgotten’): You can request deletion of your personal data where there is no legal reason for us to continue holding it.
  • Right to Restriction: In certain circumstances, you may ask us to restrict the processing of your data.
  • Right to Data Portability: Where applicable, you can obtain and reuse your data for your own purposes across different services.
  • Right to Object: You have the right to object to processing where we are relying on legitimate interests, including profiling or direct marketing.
  • Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.

If you wish to exercise any of your rights, please contact us. We will respond to all requests in accordance with applicable law and within the timeframes stipulated by the GDPR.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or for other operational reasons. Where appropriate, significant changes will be notified to customers in a timely manner. We encourage you to review this policy periodically to stay informed.

Contact and Queries

If you have any questions about this Privacy Policy, our data practices, or your rights under GDPR, please contact us. Your privacy is important to us and we are dedicated to addressing any concerns you may have.