Flowers Tring GDPR Privacy Policy

Our Commitment to Privacy

At Flowers Tring, we prioritise the privacy and protection of our customers’ personal information. This Privacy Policy outlines how we collect, use, store, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR). If you place orders for flowers through Flowers Tring within Tring and the surrounding districts, this policy applies to you.

Personal Data We Collect

To fulfil your orders and provide quality customer service, Flowers Tring may collect and process the following categories of personal data:

• Identity Information: Name (including recipient’s name if the order is a gift)
• Contact Information: Address, postcode, telephone number
• Order Details: Products ordered, delivery instructions, personal messages on cards
• Payment Information: Payment card details (processed securely via third-party payment processors; Flowers Tring does not directly store card numbers)
• Communications: Any correspondence with us regarding your order, queries, or feedback

This information is either provided directly by you when you place your order or when you contact us with queries, and occasionally collected automatically through essential website functions (such as anonymised usage logs).

Purpose and Lawful Basis for Processing

Flowers Tring processes your personal data for the following purposes, relying on specific lawful bases:

• Order Fulfilment: To process, deliver, and manage your orders (Contract)
• Customer Service: To communicate regarding orders, address queries or complaints, and provide updates (Contract and Legitimate Interest)
• Payment Processing: To take payment for orders using secure external payment providers (Contract)
• Legal Obligations: To comply with local laws regarding record-keeping, accounting, and consumer protection (Legal Obligation)
• Operational Improvement: To securely improve services and website experience (Legitimate Interest)

Retention of Personal Data

Flowers Tring retains your personal data only for as long as necessary to fulfil the purposes for which it was collected. After your order is completed, most personal data is retained for up to seven years to comply with tax and accounting regulations, as well as to resolve any post-sale queries, complaints, or disputes. Where legally permitted, some details (such as names and messages) may be deleted sooner when no longer required. Anonymised aggregated data may be retained for longer to improve our business operations, but cannot be used to identify individuals.

Data Processors and Third Parties

To provide our services, Flowers Tring engages certain third-party service providers (data processors) who process your personal data on our behalf. These may include:

• Payment Processors: Secure third parties who process your payment card details
• Delivery Partners: Couriers and delivery services responsible for fulfilling your orders
• IT and Website Providers: Website hosting companies, IT maintenance, and secure cloud storage providers

All processors are chosen with care and are subject to contractual requirements to process personal data only in accordance with our instructions, to protect your data, and to comply with GDPR regulations. We do not sell your personal data to any third parties. If legally required, certain data may be shared with government bodies or law enforcement agencies.

Security of Your Data

Your personal information is protected by appropriate technical and organisational measures. We use secure systems to store and transmit your data, strict access controls, and regular staff training in data protection compliance. Payment information is handled by secure and PCI-compliant payment processors. While we take reasonable steps to protect your data, no online system can be guaranteed fully secure; we encourage you to contact us if you suspect any issues concerning your data privacy.

Your Rights under the GDPR

As a data subject under the GDPR, you have the following rights in relation to your personal data held by Flowers Tring:

• Right of Access: You can request details of any personal data we hold about you.
• Right to Rectification: You can ask us to correct or update inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data where we have no longer any lawful grounds to process it.
• Right to Restrict Processing: You can ask us to limit how we process your data in certain circumstances.
• Right to Data Portability: Where applicable, you can request a copy of your personal data in a commonly used, machine-readable format.
• Right to Object: You can object to how we use your data in certain cases, such as direct marketing or based on legitimate interests.
• Right to Withdraw Consent: Where you have given consent (for example, to receive marketing updates), you may withdraw consent at any time.

If you wish to exercise any of your rights, please contact us with sufficient information to identify you and your request. We may need to confirm your identity before processing your request. We will respond within the timelines set out under the GDPR.

Policy Scope and Updates

This policy covers all customers placing orders with Flowers Tring from within Tring and neighbouring districts. We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or service offerings. Updated policies will be made available on our website or upon request. We encourage you to review this policy periodically.

Contacting Us

If you have any questions, concerns, or wish to exercise your data protection rights regarding your personal data at Flowers Tring, please contact us using the contact methods provided on our website or through your usual point of contact with us. We are committed to promptly addressing any data privacy requests, concerns, or complaints.