EC2 Flowers Privacy Policy for Customers in EC2 and Surrounding Districts

Purpose and Scope of This Privacy Policy

This Privacy Policy explains how EC2 Flowers collects, uses, discloses, stores, and protects your personal data when you place an order with us from EC2 and surrounding districts. We are committed to only using your information in ways that comply with the UK General Data Protection Regulation (GDPR) and any applicable data protection legislation. This Privacy Policy applies to all customers who engage with EC2 Flowers for the provision of floral goods and related services within our delivery areas.

What Data We Collect

When you interact with EC2 Flowers—either by phone, in person, through our website, or via other ordering channels—we may collect the following categories of personal data:

  • Contact Information: Name, delivery address, billing address, and contact details.
  • Order Details: Products ordered, delivery instructions, special requests or messages related to the order.
  • Payment Information: Payment card details or transaction references (processed by secure third-party payment processors, and not stored by us directly).
  • Communication Records: Details of correspondence and communication relating to your order or customer service enquiries.
  • Customer Preferences: Preferences and feedback concerning our products and services.
  • Website Data (if applicable): IP address, device information, browser type, and cookies, to the extent necessary for website functionality and order processing.

Lawful Basis for Data Processing

Under GDPR, we must have a lawful basis for processing your personal data. For EC2 Flowers, data is processed on the following lawful bases:

  • Contractual Necessity: We process your data to take steps at your request prior to entering into a contract and to fulfill our contractual obligations (for example, processing, fulfilling, and delivering your flower order).
  • Legal Obligation: Certain data, such as order records and financial transactions, may be retained to comply with legal, regulatory, and taxation requirements.
  • Legitimate Interests: Where appropriate, we may process your data to improve our services, respond to enquiries, or protect our business from fraud or abuse, provided these interests are not overridden by your rights.
  • Consent: If we wish to send you marketing communications, we will only do so with your explicit consent, which you may withdraw at any time.

How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • Processing and delivering your flower orders.
  • Contacting you regarding your order or responding to enquiries.
  • Providing customer support and handling complaints or feedback.
  • Fulfilling our legal and contractual obligations.
  • Improving our products and the customer experience based on feedback and usage data.
  • Where you have consented, sending you updates, special offers, or marketing communications.

Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes described above or as required by law:

  • Order and transaction data: retained for up to six years to comply with financial and tax regulations.
  • Correspondence and communications: retained for up to two years following your last interaction with us, or longer if required to resolve a dispute.
  • Marketing consent: retained until you withdraw your consent, upon which the data is promptly deleted or suppressed from our marketing lists.
    • >
  • Website and technical data: retained according to our cookie and analytics policy, typically not longer than 12 months.

When the retention period ends, your data is securely deleted or anonymised unless further retention is justified by a specific legal requirement.

Sharing and Data Processors

We do not sell or rent your personal data. EC2 Flowers will only share your information where necessary, with:

  • Professional service providers supplying payment processing, IT systems, website hosting, and delivery logistics, all of whom are subject to data processing agreements and obliged to process data in accordance with GDPR.
  • Regulatory authorities, accountants, or legal advisors when required by law or necessary to protect our legal rights.

All third-party processors are thoroughly vetted, and we ensure they apply adequate security measures and process data solely for the agreed purposes.

Your Data Subject Rights

As a customer of EC2 Flowers, you are entitled to the following rights under GDPR:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct or update your personal data where it is inaccurate or incomplete.
  • Right to Erasure: In certain cases, you can request the deletion of your data ('the right to be forgotten').
  • Right to Restrict Processing: You may ask us to restrict the processing of your data in specific circumstances.
  • Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format.
  • Right to Object: You can object to data processing based on legitimate interests or to receiving direct marketing communications.
  • Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
  • Right to Complain: Should you have concerns about how your data is handled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, or if you require further clarification about how your data is managed, please contact EC2 Flowers through our standard communication channels. We will respond promptly and within the timeframe stipulated by data protection legislation.

Data Security

We are committed to keeping your personal data secure. EC2 Flowers implements technical and organisational safeguards to prevent unauthorised access, loss, or alteration of your data. These include, but are not limited to, secure payment processing, encrypted data transfers, access controls, and staff training on confidentiality and data protection.

Policy Updates

This Privacy Policy is subject to regular review and may be updated to reflect changes in our processing activities or legal obligations. We encourage you to refer to this policy each time you place an order to remain informed of how your data is used. The current version of our Privacy Policy is effective as of the date above.