Privacy Policy for Chase Cross Flowers Customers

Introduction

This Privacy Policy outlines how Chase Cross Flowers collects, uses, retains, and protects personal data relating to customers who place orders from Chase Cross and the surrounding districts. We are committed to complying with the General Data Protection Regulation (GDPR) and handling your information with transparency and care. This policy applies to all our customers, whether ordering in person, by phone, or through our website.

What Data We Collect

When you place an order or interact with Chase Cross Flowers, we may collect the following types of data:

  • Contact Information: Name, address, and telephone number, needed to fulfil orders and communicate with you.
  • Order Details: Information about the products ordered, delivery instructions, order history, and recipient’s details (for delivery purposes).
  • Payment Information: Depending on payment method, we may be provided with limited payment details (such as the last four digits of a card number) via our secure payment processor. We do not store full card numbers or security codes.
  • Communication Records: Notes of enquiries, complaints, or feedback to help us serve you efficiently.
  • Technical Information (if ordered via our website): IP address, browser type, and related technical data collected through cookies to facilitate order processing and site functionality.

Lawful Basis for Processing Data

Chase Cross Flowers processes your personal data under one or more of the following lawful bases:

  • Contractual Necessity: Most personal data is collected and used to fulfil our contract with you, such as delivering your flower order.
  • Legitimate Interests: We may use your data for our legitimate business interests, where doing so does not override your own interests or rights. Examples include improving our products and services, keeping records, or responding to queries.
  • Legal Obligations: Certain data may be processed to comply with legal requirements, such as recordkeeping for tax purposes.
  • Consent: If we wish to use your data for additional purposes, such as marketing, we will seek your explicit consent first. You have the right to withdraw this consent at any time.

How We Use Your Data

Your personal data is used strictly for purposes such as processing your order, arranging deliveries, communicating with you regarding your purchase, and improving our services. We may also anonymise data and use it for analytical purposes to better understand customer preferences and enhance our offerings.

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. Typically, order-related data is kept for up to seven years in line with tax and accounting regulations. Communication records may be retained for up to two years for customer service and quality monitoring purposes. Upon expiry of the relevant periods, your data is securely deleted or anonymised.

Data Processors and Sharing

Chase Cross Flowers may share your data with trusted third-party service providers (known as data processors) to assist us in fulfilling your order and operating our business. These may include payment processors, delivery companies, IT service providers, and web hosting companies. Only the minimum necessary information is provided to these processors, and all are required to comply with GDPR and to safeguard your data at all times.

Your data is never sold or shared for external marketing purposes. We do not transfer your personal information outside the United Kingdom or European Economic Area unless adequate safeguards are in place as mandated by the GDPR.

Your Rights Under GDPR

As a customer, you have the following data protection rights:

  • The right to access: Obtain a copy of your personal data processed by us.
  • The right to rectification: Request corrections to any inaccurate or incomplete personal data.
  • The right to erasure: Ask us to delete your personal data in certain circumstances (for example, if it’s no longer needed for the purpose it was collected).
  • The right to restrict processing: Request that we limit the way we use your personal data under certain conditions.
  • The right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format.
  • The right to object: Object, on grounds relating to your particular situation, to our processing of your data where we are relying on a legitimate interest.
  • Rights related to automated decision making and profiling: We do not carry out automated decision making or profiling with your data.
  • The right to withdraw consent: Where data processing is based on your consent, you can withdraw it at any time.
  • The right to complain: You can lodge a complaint with a supervisory authority if you believe your data protection rights have been breached.

Protecting Your Data

We implement appropriate technical and organisational measures to ensure your personal data is securely stored and processed. This includes secure storage systems, access controls, password protection, and staff training on data protection responsibilities.

Policy Updates

This Privacy Policy is reviewed and updated periodically to ensure continued compliance with regulatory requirements and evolving best practices. The current version of the policy will always be available to all customers placing orders from Chase Cross and its surrounding districts.

Contact and Further Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need more information about how we handle your data, please contact us through our usual communication channels or in person at our premises. We are committed to resolving any requests or concerns as efficiently as possible.