Woodside Florist Privacy Policy

Introduction

At Woodside Florist, we are committed to safeguarding your personal information. This Privacy Policy outlines how we collect, use, share, and protect your data when you place an order with us. It applies to all customers ordering from Woodside and surrounding districts and is written in accordance with the General Data Protection Regulation (GDPR).

What Data We Collect

When you interact with Woodside Florist, we collect and process different types of personal data, depending on how you use our services. The categories of data we collect may include:

  • Identity Data: Your name and surname
  • Contact Data: Delivery address, billing address, phone number
  • Order and Transaction Data: Details of products and services you have purchased, purchase dates, and delivery instructions
  • Payment Information: Credit or debit card details (processed securely through payment processors)
  • Recipient Information: Name, address, and contact phone number of the recipient (where different from customer)
  • Correspondence: Any information provided when communicating with us, such as for queries or complaints
  • Technical Data: IP address and browser information, collected when you use our website

Lawful Basis for Processing

Woodside Florist only processes your personal data when we have a lawful basis to do so. We rely on the following bases under GDPR:

  • Contractual Necessity: To process and deliver your order, and to take payment, we must collect and use personal details.
  • Legal Obligation: We keep certain data for accounting and tax purposes as required by law.
  • Legitimate Interests: For example, using customer feedback to improve our services or ensuring network security.
  • Consent: In specific situations, such as when you opt in to receive marketing communications, we will ask for and rely on your explicit consent. You can withdraw your consent at any time.

How We Use Your Data

Your personal data is used for several purposes related to your transaction and interaction with Woodside Florist, including:

  • Processing and delivering your order efficiently and accurately
  • Communicating with you about your order status or any issues
  • Handling payments and refunds securely
  • Informing you about changes to our products, services, or terms (where appropriate)
  • Improving our products, services, and customer experience based on your feedback
  • Complying with our legal and regulatory obligations

Retention of Personal Data

Woodside Florist retains your personal data only as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. Typically, we keep order and transaction data for up to seven years to comply with legal and tax obligations. Recipient and contact details may be stored for a shorter duration unless required for ongoing customer service or as required by law.

Use of Data Processors

For certain business functions, we engage trusted third parties (data processors) who process data on our behalf. These may include:

  • Payment service providers for secure payment processing
  • Delivery and courier companies to help ensure prompt and accurate order delivery
  • IT service providers involved in the operation and maintenance of our ordering system and website

All data processors are required to act only on our instructions, comply with applicable data protection laws, and implement appropriate technical and organizational security measures to protect your information.

Sharing of Data

We do not sell or rent your personal information. Data is shared only as necessary for fulfilling your order, complying with the law, or for legitimate business purposes. In limited cases, we may disclose your personal data to authorities where required by law.

Your Rights under GDPR

The GDPR provides you with rights relating to your personal data processed by Woodside Florist. You have the right to:

  • Access: Request access to the personal data we hold about you
  • Rectification: Ask us to correct inaccuracies or incomplete information
  • Erasure: Request deletion of your data, subject to certain legal obligations
  • Restriction: Ask to restrict processing where you contest accuracy or object to processing
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes
  • Data Portability: Request a copy of your personal data in a commonly used, machine-readable format
  • Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time

To exercise your rights, you may contact us with a clear description of your request. Please note that we may need to verify your identity before fulfilling your request and that some rights may be subject to conditions or legal exemptions.

Keeping Your Data Secure

We take the security of your personal data seriously. We implement suitable technical and organizational measures designed to protect your information against unauthorized access, loss, alteration, or destruction. While we strive to use commercially acceptable means to protect your data, no system is 100% secure, and we cannot guarantee absolute security.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in our practices, legal requirements, or for other reasons. The latest version will always be available via our main information channels. We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact and Complaints

If you have any questions about this Privacy Policy or our data practices, or if you wish to make a complaint about how your personal information is handled, please reach out to us. You also have the right to lodge a complaint with your local supervisory authority if you are unsatisfied with our response.