Mayfair Flowers GDPR Privacy Policy

About This Privacy Policy

This Privacy Policy describes how Mayfair Flowers collects, processes, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). It applies to all individuals placing orders with Mayfair Flowers, both within Mayfair and in the surrounding districts. Mayfair Flowers respects your privacy and is committed to handling your personal information responsibly and transparently.

What Personal Data We Collect

When you interact with Mayfair Flowers, such as by placing an order, making an enquiry, or browsing our website, we may collect a variety of personal data including, but not limited to:

  • Contact information: name, delivery address, and billing address
  • Order details: products ordered, delivery instructions, messages for recipients
  • Payment information: order value, payment method (such as credit/debit card details, though these may be processed by our payment partners rather than us directly)
  • Communication records: correspondence or feedback provided by you
  • Technical data: IP address, browser type, device information, and cookies data for website analytics

Lawful Bases for Processing Your Data

Under GDPR, we must have a lawful basis for processing your personal data. Mayfair Flowers relies on the following lawful bases:

  • Contractual necessity: Processing your data is necessary to fulfil your order and deliver goods and services as requested.
  • Legitimate interests: We may process your data to improve our products and services, manage your account, or contact you with relevant information, provided these interests do not override your fundamental rights.
  • Legal obligation: Certain data may be processed and retained to comply with statutory or regulatory requirements (for example, tax and accounting records).
  • Consent: Where required, such as for certain marketing communications, we will seek your explicit consent to process your data. You may withdraw your consent at any time.

How We Use Your Data

Mayfair Flowers only uses your personal data for specified purposes, including:

  • Processing and delivering your orders
  • Providing customer support and managing your relationship with us
  • Improving our website, products, and services
  • Fulfilling legal, accounting, and tax obligations
  • Sending marketing communications (if you have opted in)

Data Retention

Your personal data will be kept only for as long as necessary for the purposes set out in this Privacy Policy. The specific retention periods are determined in accordance with the following criteria:

  • Order information: Retained for as long as required to fulfil your order and comply with applicable legal or accounting requirements (typically up to 7 years).
  • Marketing data: Retained until you withdraw consent or indicate you no longer wish to receive marketing from us.
  • Technical data: Retained for security and analytics purposes for a period appropriate to the original collection.

Once retention periods expire, personal data is securely deleted or anonymised.

Third-Party Processors and Data Sharing

We use trusted third-party service providers ("processors") to help deliver our products and services and to manage our business operations. These may include:

  • Payment processors, for secure handling of payment transactions
  • Website hosting and analytics providers
  • Delivery couriers and logistics firms
  • IT and system support providers
  • Marketing and communications platforms (for newsletter distribution, if consented)

All processors are contractually obliged to process your data only for specified purposes and according to our instructions. They must comply with strict confidentiality and security obligations under GDPR. Mayfair Flowers does not sell your data to any third party. Data may be shared with regulatory authorities or law enforcement where required by law.

Your Rights Under GDPR

As a data subject, you have several rights regarding your personal data under GDPR:

  • Right of access: Obtain a copy of your personal data held by us
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where there is no lawful reason for continued processing
  • Right to restriction: Ask us to restrict processing in certain circumstances
  • Right to data portability: Receive your data in a portable format and transmit it to another controller
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you can withdraw this at any time

If you wish to exercise any of these rights, please contact us via the method outlined on our website. For your security, we may require proof of identity before fulfilling your request.

Data Security

We take data security seriously and have implemented appropriate physical, technical, and organisational measures to safeguard your data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. Access to your personal data is restricted to those employees, agents, contractors, and processors who need to know and are bound by confidentiality obligations.

International Data Transfers

In some cases, your data may be processed or stored outside the UK or European Economic Area (EEA). If so, we ensure such transfers are compliant with GDPR, using suitable safeguards such as Standard Contractual Clauses or ensuring the third country has adequate data protection laws.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The latest version will always be available on our website, and material changes may be notified to you directly where relevant.

Contact and Complaints

If you have any questions about this Privacy Policy, our handling of your data, or if you wish to make a complaint, please refer to the contact information provided on the Mayfair Flowers website. You also have the right to file a complaint with your local Data Protection Authority if you believe your rights have been infringed.