Mortlake Florist Privacy Policy

Introduction

This Privacy Policy explains how Mortlake Florist collects, uses, stores, and protects your personal data when you place orders with us. The policy applies to all customers placing orders from Mortlake and surrounding districts. We are committed to preserving your privacy and handling your information in a transparent manner, in accordance with the General Data Protection Regulation (GDPR).

What Personal Data We Collect

Mortlake Florist collects different types of personal data depending on your interaction with us and the services you use. The data we routinely collect includes the following:

  • Contact Information: such as your name, address, phone number, and delivery address.
  • Order Details: including the products ordered, delivery instructions, messages for recipients, and payment reference information (e.g., order number).
  • Payment Data: note that payment processing is conducted through secure third-party providers; we do not store your card numbers or payment details on our systems.
  • Correspondence: records of any correspondence you have with us, including emails and order inquiries.
  • Website Usage Data: data about your browsing activity on our website (through cookies and similar technologies), such as IP address, device type, and interaction patterns (where permitted by your device/browser settings and applicable law).

Lawful Basis for Processing

Under GDPR, Mortlake Florist processes your personal data only where there is a lawful basis for doing so:

  • Contractual necessity: When you place an order, we need your personal details to process, fulfil, and deliver your purchase.
  • Legal obligation: Certain data may be processed to comply with legal or regulatory requirements, for example, to retain purchase records for tax purposes.
  • Legitimate interests: We may process your information to improve services, respond to queries, or prevent fraud, provided our interests are not overridden by your rights.
  • Consent: We may ask for your consent to send you marketing communications. This consent can be withdrawn at any time.

How We Use Your Data

Mortlake Florist uses your personal data for the primary purposes of processing orders and providing customer service. Additional reasons may include:

  • Communicating order updates, delivery information, or responding to your inquiries.
  • Fulfilling our legal and regulatory requirements.
  • Internal analysis to improve our website, products, and customer experience.
  • Sending you information about similar goods or promotions if you have opted in to receive marketing communications (with the option to opt out at any time).

Data Retention

Mortlake Florist retains your personal data only as long as is reasonably necessary for the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Typically, order and transaction records are retained for a period defined by tax laws (normally seven years), after which they are securely deleted or anonymised. Customer correspondence, if unrelated to orders, may be retained for up to two years for quality assurance and dispute resolution before being deleted.

Data Processors and Sharing

We may share your data with trusted third parties (data processors) to deliver our services effectively. These processors may include:

  • Delivery companies and couriers working with Mortlake Florist to deliver your orders.
  • Payment service providers to securely process your transactions.
  • IT service providers and website hosts to support our business and maintain security.

All processors are bound by contractual obligations to keep your data confidential and use it only for the purposes we specify. Your data will not be sold, rented, or traded to third parties for their own marketing purposes.

Your Rights Under GDPR

Under GDPR, you have specific data subject rights, including:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request corrections if your data is incomplete or inaccurate.
  • Right to erasure: Request deletion of your data in certain circumstances, except where we are legally obliged to retain it.
  • Right to restrict processing: Ask us to restrict the processing of your data under certain conditions.
  • Right to data portability: Request your data in a commonly used digital format for transfer to another provider.
  • Right to object: Object to processing for specific purposes, such as direct marketing.
  • Right to withdraw consent: Withdraw your consent at any time where processing is based on consent (e.g., for marketing emails).
  • Right to lodge a complaint: If you believe your data has been processed unlawfully, you have the right to contact the relevant supervisory authority.

Data Security

Mortlake Florist takes appropriate technical and organisational security measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. This includes using secure servers, restricting access to data, and training staff in data protection obligations.

International Data Transfers

Generally, we store your data within the United Kingdom or the European Economic Area. If any service providers we use transfer data outside these areas, such transfers will only occur with appropriate safeguards to protect your information, consistent with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes in our practices or legal obligations. Any significant changes will be communicated clearly and the updated policy will be made available to all customers.

Contact and Further Information

If you have questions about this Privacy Policy or wish to exercise your rights under GDPR, please get in touch with us via our website contact form or by writing to us at our physical shop address. We are always happy to assist with privacy-related enquiries.