Belvedere Flowers Privacy Policy Overview

Introduction and Scope

This Privacy Policy outlines how Belvedere Flowers, as the data controller, processes and protects the personal data of all customers placing orders with us from Belvedere and the surrounding districts. We are committed to maintaining high standards of privacy and ensuring compliance with the General Data Protection Regulation (GDPR).

This policy explains what information we collect, how we use it, on what basis, with whom we share it, how long we keep it, and the rights you have regarding your personal data.

What Data We Collect

Belvedere Flowers collects and processes a range of information to fulfil your orders, provide customer service, and improve our services. The personal data we collect includes:

  • Identity and Contact Data: Name, delivery address, billing address, telephone number (if provided), and delivery instructions.
  • Order Details: Information about your purchases, recipient details (if you send flowers to someone else), and messages included with an order.
  • Payment Information: Payment card details or transaction references (processed securely by our payment processors; we do not store full card numbers or security codes).
  • Communications: Correspondence and customer queries via our website contact forms or when you call our customer service.
  • Technical Data: Your IP address, browser type, and browsing activities on our website through cookies and analytics tools (see our Cookies Policy for more details).

The Lawful Basis for Processing

Under the GDPR, we must have a lawful basis to process your personal data. Our primary bases include:

  • Contractual necessity: Most processing is necessary for fulfilling our contract with you, such as preparing and delivering your order and managing payments.
  • Legal obligation: We may process your data where required by law, such as for accounting, tax records, or regulatory purposes.
  • Legitimate interests: We process your data to improve our services, prevent fraud, and resolve disputes, provided these interests are not overridden by your rights.
  • Consent: For certain activities, such as sending marketing communication, we rely on your explicit consent, which you can withdraw at any time.

How We Use Your Data

Belvedere Flowers uses your information for various essential purposes:

  • Processing and delivering your orders efficiently and accurately
  • Communicating order updates, delivery status, and responding to your enquiries
  • Improving our website, products, and customer experience
  • Detecting and preventing fraudulent activities or misuse of our services
  • Meeting our legal obligations, such as for record-keeping and tax compliance
  • With your consent, sending you special offers, news, and marketing if you opt in

Data Retention – How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes it was collected, including fulfilling your orders and complying with legal or regulatory requirements.

  • Order and Transaction Data: Kept for a minimum of six years, as required by UK tax laws.
  • Customer Services Correspondence: Held for up to three years for quality assurance and dispute resolution.
  • Marketing Preferences: Stored until you withdraw your consent or request removal.
  • Technical Data (Cookies/Analytics): Kept in accordance with our Cookies Policy and applicable retention periods.

Once your data is no longer needed, it is securely deleted or anonymised so that you cannot be identified.

Data Sharing and Processors

We take your data privacy seriously and only share personal data where necessary. Your information may be shared with:

  • Payment Processors: Secure third-party gateways that manage payments and card transactions.
  • Delivery Service Providers: Couriers or delivery partners who fulfil your flower orders.
  • IT and Website Service Providers: Companies that help us maintain our website, manage email communications, or provide analytics.
  • Legal or Regulatory Authorities: Where legally required or to protect our rights and customers.

We do not sell or rent your data. All third-party processors are contractually obligated to safeguard your data according to GDPR standards and use it only for the services provided to Belvedere Flowers.

Your Data Protection Rights

Under GDPR, you have several important rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: In certain circumstances, you can ask us to delete your data (“the right to be forgotten”).
  • Right to Restrict Processing: You may request a pause or restriction of our processing in some scenarios.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used format and have it sent to another controller.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing at any time.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.

To exercise these rights, you may contact us via our website or by post. We will respond to your request within one month, or inform you if further time is needed due to the complexity or number of requests.

Data Security

We use organisational and technical measures to protect your personal data from loss, theft, misuse, or unauthorised access. Our website employs encryption and secure protocols for payment transactions. All staff and third-party processors accessing your data are bound by confidentiality obligations.

International Transfers

In most cases, your data will be processed within the United Kingdom or countries recognised as providing an adequate level of protection. If any data is transferred outside these areas, we ensure that appropriate safeguards are in place (such as standard contractual clauses) compliant with GDPR requirements.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website, and material changes will be highlighted when appropriate.

Contact and Complaints

If you have questions or concerns about this Privacy Policy or your personal data, please contact us using the contact form provided on our website. If you are not satisfied with our response, you also have the right to lodge a complaint with the UK’s Information Commissioner’s Office.