Privacy Policy for Flowers at Tomorrow's People

Introduction

This Privacy Policy explains how Flowers at Tomorrow's People collects, uses, stores, and protects your personal data when you place an order with us, whether you are located within Tomorrow’s People or the surrounding districts. We are fully committed to complying with data protection obligations under the General Data Protection Regulation (GDPR) and to protecting your privacy and personal information.

Scope of This Policy

This policy applies to all existing and prospective customers who place Flower orders from Flowers at Tomorrow’s People, including orders placed either directly with us or for delivery to Tomorrow’s People and adjacent districts.

What Data We Collect

We collect and process a range of personal data necessary for fulfilling your order and managing our customer relationships, including:

  • Identity Data: Name, title, and contact details such as address, phone number, and delivery address.
  • Order Details: Information about the bouquets, arrangements, and messages you select, special notes, and dates for delivery.
  • Transaction Data: Details about payments and your purchasing history with us.
  • Correspondence: Records of your communication with us including queries, feedback, or complaints.

We do not seek to collect sensitive personal data (such as health or religious information) unless you provide specific instructions that contain such information in your order notes, in which case the information will be processed only as necessary to fulfil your order.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. For Flowers at Tomorrow’s People, the lawful bases include:

  • Contractual Necessity: Most of the data we collect is required in order to enter into and fulfil our contract to provide you with flower arrangements and related services.
  • Legal Obligation: In certain cases, we are required by law to retain or process data (such as for tax purposes).
  • Legitimate Interests: Occasionally, we process your data to pursue our legitimate interests, for example, carrying out direct marketing or improving our services, provided these interests are not overridden by your rights and interests.
  • Consent: Where required, we seek your explicit consent, such as when you opt in to receive marketing communications. You may withdraw your consent at any time.

How We Use Your Personal Data

Your personal data is used for the following purposes:

  • To process and deliver your flower orders, including managing payments, delivery logistics, and customer requests.
  • To communicate with you regarding your order, requested services, and customer support issues.
  • For internal record keeping, analytics, quality assurance, and service improvement.
  • To comply with legal and regulatory obligations as required.
  • With your explicit consent, to send promotional information about new products, offers, or newsletters.

Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. Generally, we keep order and contact data for up to six years after your transaction or last contact, unless a longer retention period is required by law. Marketing preferences and communications history will be retained until you withdraw your consent.

Data Processors and Third Parties

We engage third-party service providers (data processors) to assist in delivering our services, for example:

  • Payment processing companies (to handle transactions securely)
  • Logistics and courier partners (for flower deliveries)
  • IT providers (including website hosting and customer database management)

All processors are carefully selected and required under contract to comply with GDPR’s requirements on data security and confidentiality. We do not sell or rent your data to third parties. If legally required, we may disclose personal data to authorities or regulatory bodies.

International Data Transfers

Your personal data is primarily processed within the United Kingdom or the European Economic Area. If personal data is transferred outside these regions, we will ensure an adequate level of protection in compliance with GDPR requirements, for example by relying on appropriate safeguards or standard contractual clauses.

Your Rights Under the GDPR

As a customer, you have important rights under GDPR. These include:

  • Right of Access: You can ask us for details of what personal data we hold about you and how it is processed.
  • Right to Rectification: You may correct inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request the deletion of your personal data when there is no legitimate reason for us to retain it.
  • Right to Restrict Processing: You may request the restriction or suppression of your personal data processing in certain circumstances.
  • Right to Data Portability: You can request your personal data be sent directly to you or another organisation in a structured, machine-readable format.
  • Right to Object: You have the right to object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: If your data is processed based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided on our website. We may need to verify your identity before processing your request.

Data Security

We implement a range of appropriate technical and organisational measures designed to safeguard your personal data from unauthorised access, loss, misuse, or disclosure. This includes encrypted storage, secure payment processing, and restricted access to customer data by authorised personnel only.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The latest version will always be available from our website or by request. Please review this policy regularly to stay informed of any changes.

Further Information

If you have any questions or concerns about how we handle your personal data, or if you wish to lodge a complaint, please refer to the contact information available on our website. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.