Longford Florist GDPR Privacy Policy

Welcome to Our Privacy Policy

This Privacy Policy explains how Longford Florist collects, uses, retains, and protects your personal data when you place an order with us. We are committed to safeguarding your privacy and ensuring that your rights under the General Data Protection Regulation (GDPR) are respected. This policy applies to all customers placing orders with Longford Florist from Longford and surrounding districts.

What Personal Data We Collect

When you make a purchase or contact us to enquire about our services, we may collect the following categories of personal data:

  • Identification and Contact Information: Full name, address, telephone number, and other necessary contact details.
  • Order Details: Delivery address (if different from contact address), recipient’s name (for gift deliveries), order notes, specific delivery instructions.
  • Payment Information: Transaction data (such as payment method and payment confirmation), but we do not store your full credit/debit card numbers or financial details, as payments are processed via secure third-party systems.
  • Communication Records: Records of email communications, order confirmations, customer service queries, and any correspondence, whether by phone or written form.
  • Website Usage Information: Data collected via cookies and similar technologies to enhance user experience, such as your IP address, browser type, and the pages you visit on our website.

Lawful Basis for Processing Your Data

Under GDPR, we must have a lawful basis for processing your personal data. For Longford Florist customers, we rely on the following lawful bases:

  • Contractual necessity: We process your personal data to carry out our contract with you, for example, to fulfill and deliver your order, provide customer support, or manage billing queries.
  • Legal obligation: We may need to retain certain data to comply with tax, accounting, or other legal requirements.
  • Legitimate interests: We may use your information to develop and improve our services and to ensure the security of our operations. We balance these interests with your rights and freedoms.
  • Consent: Where required by law, we may seek your consent to send you marketing communications. You have the right to withdraw your consent at any time.

How We Use and Share Your Data

Your personal data is used solely for the purposes highlighted above, including order processing, payment processing, customer service, and website functionality. We do not sell or rent your personal data to third parties.

We may share your data with trusted third-party processors who help us provide our services. These include:

  • Payment service providers: To securely process your payments.
  • IT and website service providers: To maintain our online store and related digital infrastructure.
  • Delivery partners: For fulfilling local deliveries, where necessary.
  • Legal and regulatory authorities: If required by law.

We ensure all processors are compliant with GDPR and only act on our instructions regarding your data.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, we keep order and transaction data for up to seven years to comply with relevant laws on accounting and taxation. Communication records may be retained for up to two years for customer service purposes.

Once your data is no longer needed, we will securely delete or anonymise it.

Your Rights Under GDPR

As a customer of Longford Florist, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure: You can request that we delete your personal data where there is no lawful reason for us to retain it.
  • Right to Restrict Processing: You can ask us to suspend the processing of your data in certain circumstances.
  • Right to Data Portability: You can ask for a copy of your data in a commonly used, machine-readable format and, where feasible, have it transferred to another provider.
  • Right to Object: You can object to our processing of your data when it is based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw your consent at any time.

Security Measures

We implement appropriate technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. Access to your personal data is limited to staff and processors who need it to perform their duties.

We regularly review and enhance our security policies and practices to maintain the integrity and confidentiality of your data.

International Data Transfers

All your personal data is stored and processed within the European Economic Area (EEA), unless explicitly stated otherwise. Should there ever be a need to transfer data outside the EEA, we will ensure adequate protection is in place, such as EU-approved standard contractual clauses.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other reasons. Any updates will be published on our website, and we encourage you to review the policy regularly.

Contact and Further Information

If you have any questions about this Privacy Policy, your rights under GDPR, or how we manage your personal data, please get in touch using our published contact details.