Privacy Policy for Customers of Manor House Florist

Introduction and Scope

This Privacy Policy explains how Manor House Florist (“we”, “us”, or “our”) collects, uses, processes, and safeguards the personal data of customers placing orders in Manor House and the surrounding districts. We are committed to maintaining and protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and relevant UK law.

What Personal Data We Collect

When you place an order or interact with Manor House Florist, we may collect, process, and store the following categories of personal data:

  • Identity Data: Name, title, and, if you create an account, username or similar identifier.
  • Contact Data: Delivery address, billing address, recipient address, and telephone numbers where supplied.
  • Order Data: Details of products or services you have ordered, delivery preferences, and any special instructions.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us (excluding card or bank details, as these are processed via secure payment gateways).
  • Technical Data: Where applicable, IP address, browser type, and operating system if you interact through our website.
  • Correspondence Data: Any communications or feedback you send to us, including messages submitted via our website or provided by phone or in person as part of your order.

Lawful Bases for Processing Your Data

Manor House Florist collects and processes your personal data in accordance with one or more of the following lawful bases under GDPR:

  • Contractual Necessity: Most of the data we process is necessary for the performance of a contract with you (for example, to fulfill your order and deliver flowers to your specified address).
  • Legal Obligations: We may process data to meet our legal requirements, such as maintaining proper business records or responding to lawful requests from authorities.
  • Legitimate Interests: We may process your data for legitimate business interests, provided these do not override your rights and freedoms. This includes ensuring our services run smoothly and securely and understanding customer purchasing patterns to improve our offerings.
  • Consent: Where required, we will seek your consent before processing your personal data, for example, to send you marketing materials.

How We Use Your Personal Data

We use your personal data to:

  • Process and deliver your floral orders accurately and securely.
  • Communicate with you about your order status or to clarify delivery instructions.
  • Handle payment processing through secure third-party providers.
  • Comply with legal requirements, including tax and accounting regulations.
  • Respond to your queries, feedback, or complaints.
  • Improve our products, services, and customer experience.
  • If you have given explicit consent, send you occasional updates about our services or offers.

How Long We Retain Your Data

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, we retain:

  • Order and transaction data for up to seven years, as required by tax and accounting laws.
  • Customer correspondence for up to three years after the last contact, unless a longer retention period is required by law or necessary for dispute resolution.
  • Marketing and consent records for as long as you remain subscribed, or until you withdraw your consent.

Processors, Sub-Processors, and Data Sharing

We do not sell or rent your personal data to third parties. However, to provide our services and operate our business, we may share your data with trusted third-party processors who act only under our instruction and in accordance with GDPR. These may include:

  • Payment processors, to securely manage card or online payments.
  • IT and website hosting providers, to ensure secure storage and management of our data.
  • Courier or delivery services, for the purpose of delivering your floral order to its intended recipient.
  • Professional service providers such as accountants or legal advisors, where required for compliance or dispute resolution.

All third-party processors are required to adhere to GDPR and to maintain the confidentiality and security of your data. They are not permitted to use your data for their own purposes.

Your Data Protection Rights

Under GDPR, you have the following rights with respect to your personal data:

  • The right to be informed about how your data is collected and used.
  • The right of access to the personal data we hold about you.
  • The right to rectification if your personal data is inaccurate or incomplete.
  • The right to erasure (the ‘right to be forgotten’) in certain circumstances.
  • The right to restrict processing of your personal data in certain situations.
  • The right to data portability, allowing you to obtain and reuse your personal data for your own purposes.
  • The right to object to certain types of processing, such as direct marketing.
  • Rights in relation to automated decision-making and profiling (Manor House Florist does not carry out any automated decision-making or profiling).

You can exercise your rights at any time by contacting us using the contact details provided on our website or in-store. We may need to verify your identity before processing your request to protect your data and prevent unauthorised access.

Security and International Data Transfers

Your personal data is stored and processed within the UK or the European Economic Area (EEA). We employ a range of technical and organisational measures to protect your data from unauthorised access, misuse, loss, or disclosure. Where we need to transfer data outside the EEA, we ensure appropriate safeguards are in place in accordance with data protection law.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The date of the latest revision will be indicated at the top of the policy. We encourage you to review this page periodically to stay informed of any updates.

Contact and Complaints

If you have any questions, concerns, or would like to exercise your rights under GDPR, please contact us by using the contact form or details provided on our website or visiting our store in Manor House. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.