Mayfair Florist Privacy Policy

Introduction

This Privacy Policy describes how Mayfair Florist manages, processes, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). The policy applies to all individuals placing orders for Mayfair Florist’s products and services in Mayfair and the surrounding districts. By using our services and placing orders, you agree to the collection and use of your information in accordance with this Privacy Policy.

What Personal Data We Collect

When you place an order with Mayfair Florist, we collect and process several categories of personal data necessary to fulfill your order and deliver customer service. The types of data we may collect include:

  • Identity Data: Your full name and, if relevant, the name of the recipient of the flower order.
  • Contact Data: Your billing and delivery addresses, telephone numbers, and (if provided) email address.
  • Order Information: Details of your flower order, purchase history, personalized messages, and delivery preferences.
  • Payment Data: Transaction details (handled securely by authorized payment processors), payment method, and billing information. We do not store your full payment card details on our systems.
  • Technical Data: When you interact with our website, we may collect technical information such as your IP address, browser type, device identifiers, visit duration, and browsing behavior. These are used for website security, analytics, and improving user experience.
  • Communications: Any correspondence you send to us, such as queries or complaints, and records of your interactions with our customer service.

Lawful Basis for Processing

Mayfair Florist processes personal data under several lawful bases, as provided by the GDPR:

  • Contractual Necessity: To take steps at your request prior to placing an order and to fulfill the contract between you and Mayfair Florist upon order placement.
  • Legal Obligation: To comply with laws and regulations concerning transaction records, tax, and accounting.
  • Legitimate Interests: To protect the security of our services, prevent fraud, manage business operations (such as analytics and service improvements), and in pursuit of ongoing customer relationship management. We balance our legitimate interests against your data protection rights.
  • Consent: On occasions when we process data based on your consent (for example, direct marketing communications where consent is required), you may withdraw your consent at any time.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes we collected it for, including to satisfy legal, accounting, or reporting requirements. Generally, we retain order-related information for up to six years to comply with accounting and tax obligations. Data retained for marketing purposes is kept until you unsubscribe or withdraw your consent. Technical data held for analytics is anonymised or deleted after a period no longer than three years. When data is no longer necessary, it is securely deleted or anonymised.

Data Processors and Third Parties

Mayfair Florist uses a variety of trusted third-party processors to help provide our services securely and efficiently. These may include:

  • Payment Processors: Authorized third-party companies that handle your payments securely. We do not retain your full payment card details.
  • IT & Hosting Providers: Companies providing website hosting, data storage, and security services.
  • Delivery Partners: Courier and logistics companies responsible for delivering orders to your specified addresses.
  • Professional Advisors: Accountants and legal advisors, where necessary for business operations and compliance.

We ensure that all processors comply with GDPR requirements and process your data only as instructed by us. Data is not transferred outside the United Kingdom or European Economic Area without appropriate safeguards.

User Rights Under GDPR

As a customer of Mayfair Florist, you have multiple rights in relation to your personal data under GDPR. These include the right to:

  • Access: Request access to your personal data and obtain a copy of the information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data when there is no legitimate reason for us to continue processing it.
  • Restriction: Request restriction of processing where you contest the accuracy or lawfulness of our processing.
  • Portability: Request transfer of your data to you or another service provider in a structured, commonly used, and machine-readable format.
  • Objection: Object to the processing of your data where we are relying on legitimate interests, including for direct marketing purposes.
  • Withdraw Consent: If we process your data based on consent, you have the right to withdraw this at any time.

To exercise any of these rights, please contact us using the contact information provided on our website. We will respond to your request in accordance with applicable data protection laws and may require proof of identity to process your request.

Data Security

Mayfair Florist is committed to protecting your personal data. We have implemented physical, electronic, and managerial procedures designed to safeguard and secure the information we collect. Access to your data is limited only to those employees, agents, and third-party processors who have a business need to know. All data is processed in a confidential and secure manner, and we regularly review our security measures.

Changes to This Privacy Policy

We reserve the right to update our Privacy Policy from time to time to reflect changes in our practices or relevant regulations. The latest version of the policy will always be available on our website. Substantial changes will be brought to your attention where appropriate.

Contact and Complaints

If you have any questions or concerns about this Privacy Policy or how your personal data is handled, please refer to the contact details provided on the Mayfair Florist website. You also have the right to lodge a complaint with the Information Commissioner’s Office or your local data protection authority.