Flowers Oxford Privacy Policy and GDPR Commitments

Privacy Policy for Flowers Oxford Customers

This Privacy Policy explains how Flowers Oxford collects, uses, stores and protects personal data relating to customers placing Flowers Oxford orders from Oxford and surrounding districts. It also describes your rights under the UK General Data Protection Regulation (UK GDPR) and related data protection laws. By placing an order or otherwise engaging with Flowers Oxford, you acknowledge that you have read and understood this Privacy Policy.

Scope of this Privacy Policy

This policy applies to all customers placing Flowers Oxford orders from Oxford and surrounding districts, whether orders are made online, in person or by any other ordering channel. It covers personal data relating to order placement, payment processing, deliveries, customer service and marketing preferences. This policy does not apply to third-party websites or services that may be referenced separately by Flowers Oxford but are operated independently.

Who We Are and Our Role as Data Controller

Flowers Oxford acts as the data controller for the personal data described in this Privacy Policy. As data controller, Flowers Oxford determines the purposes and means of processing your personal data and is responsible for ensuring that such processing complies with applicable data protection laws.

Types of Personal Data We Collect

Flowers Oxford may collect and process the following categories of personal data when you place an order or interact with us:

1. Identity and contact details: your name, title, billing address, delivery address, and any contact details you choose to provide (such as postal address or other contact channels).
2. Order and delivery information: order details, bouquet or product selections, delivery dates and times, recipient names and addresses, delivery instructions and gift message content.
3. Payment and transaction data: details relating to your purchases, such as transaction amounts, payment method, and order history. Payment card details are processed securely by our payment processors and are not stored in full by Flowers Oxford.
4. Communication records: records of your communications with us, including order queries, feedback, complaints or customer service interactions.
5. Technical and usage data: limited technical data where applicable, such as device type, browser type, and basic usage statistics relating to our online ordering platforms.

Lawful Bases for Processing Your Data

Flowers Oxford relies on the following lawful bases under UK GDPR to process your personal data:

1. Contractual necessity: we process your personal data when it is necessary to enter into and perform a contract with you, for example to accept and fulfil your order, deliver flowers, manage payments and provide customer support.
2. Legal obligations: we may process certain data to comply with legal obligations, such as accounting, taxation or record-keeping requirements, and to respond to lawful requests from regulatory or law enforcement bodies.
3. Legitimate interests: we process personal data where necessary for our legitimate business interests, provided that these interests are not overridden by your rights and interests. Examples include improving our services, managing customer relationships, preventing fraud, and protecting our business and customers.
4. Consent: in limited cases, we may rely on your consent to process data, for example for certain direct marketing activities. Where processing is based on consent, you may withdraw your consent at any time.

How We Use Your Personal Data

Flowers Oxford uses your personal data for the following purposes:

1. To process and deliver orders: managing orders placed by customers from Oxford and surrounding districts, preparing floral products, and arranging deliveries to you or your recipients.
2. To manage payments and billing: confirming payment, preventing payment fraud, issuing receipts and handling refunds where appropriate.
3. To provide customer service: handling queries, complaints or change requests, and communicating with you about your orders and deliveries.
4. To improve our services: analysing order patterns, customer preferences and operational performance to enhance our offerings and customer experience.
5. To send marketing communications (where permitted): informing you of offers, seasonal products or updates about Flowers Oxford, in accordance with your communication preferences and applicable laws.
6. To ensure security and legal compliance: protecting our systems, preventing misuse, and complying with legal and regulatory obligations.

Data Sharing and Use of Processors

Flowers Oxford may share your personal data with carefully selected third parties who act as data processors on our behalf. These processors are only permitted to process your data in accordance with our instructions and are required to implement appropriate security measures.

Typical processors may include:

1. Payment service providers: to securely process payments, prevent fraudulent transactions and handle refunds.
2. IT and hosting providers: to host and maintain our ordering systems, website and associated infrastructure.
3. Delivery and logistics partners: to arrange and complete delivery of orders within Oxford and surrounding districts.
4. Professional advisers: such as accountants or legal advisers, where necessary to manage our business and comply with legal requirements.

Flowers Oxford does not sell your personal data. Data sharing is limited to what is necessary for the purposes described in this Privacy Policy or as required by law.

International Data Transfers

Where Flowers Oxford or its processors transfer personal data outside the UK or European Economic Area, such transfers will be carried out in compliance with applicable data protection laws. This may include the use of adequacy decisions or appropriate safeguards, such as standard contractual clauses, to protect your personal data.

Data Retention Periods

Flowers Oxford retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting or reporting requirements. The specific retention period will vary according to the type of data and the context in which it was collected.

In general:

1. Order and transaction records are retained for a period required by tax and accounting laws.
2. Customer service records are retained for a reasonable period after resolution of your enquiry or complaint.
3. Marketing data is retained until you opt out of receiving marketing communications or until it is otherwise no longer necessary for the purpose for which it was collected.
4. Technical and usage data is retained for a limited period necessary to support security, troubleshooting and analytics.

When data is no longer required, Flowers Oxford will delete or anonymise it securely.

How We Protect Your Data

Flowers Oxford implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include restricted access controls, secure storage, encryption or pseudonymisation where appropriate, staff training, and regular review of security practices.

Your Data Protection Rights

Under UK GDPR and related data protection laws, you have a number of rights regarding your personal data, subject to certain conditions and exemptions:

1. Right of access: you can request confirmation that we process your personal data and obtain a copy of that data.
2. Right to rectification: you can request correction of inaccurate or incomplete personal data.
3. Right to erasure: you can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (if consent was the basis for processing), or where processing is unlawful, subject to legal retention requirements.
4. Right to restriction of processing: you can request that we restrict processing of your data in certain circumstances, for example while we verify its accuracy or assess an objection.
5. Right to data portability: for data you provided to us on the basis of consent or contract and processed by automated means, you can request to receive it in a structured, commonly used and machine-readable format, and have it transmitted to another controller where technically feasible.
6. Right to object: you can object at any time to processing based on our legitimate interests, including profiling, and to processing for direct marketing purposes.
7. Rights related to automated decision-making: Flowers Oxford does not rely on solely automated decisions that produce legal or similarly significant effects for customers. If this changes, we will update this policy and explain your related rights.

To exercise your rights, you may contact Flowers Oxford using the contact details provided in our customer communications or on our ordering materials. We may need to verify your identity before responding to your request.

Children's Data

Flowers Oxford services are not specifically directed at children. We do not knowingly collect personal data from children without appropriate consent or as otherwise permitted by law. If we become aware that personal data has been collected from a child in a manner that does not comply with applicable law, we will take steps to delete that data.

Updates to This Privacy Policy

Flowers Oxford may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational needs. Updated versions will apply to new orders and interactions from the date of publication. Where appropriate, we may also inform you directly of significant changes that affect how your personal data is handled.

Complaints and Further Information

If you have concerns about how Flowers Oxford handles your personal data, you are encouraged to contact us so that we can address your concerns. You also have the right to lodge a complaint with the relevant data protection supervisory authority in the UK if you believe that your data protection rights have been infringed.

Customers placing Flowers Oxford orders from Oxford and surrounding districts are invited to review this Privacy Policy regularly to stay informed about how their personal data is collected, used and protected.