WHO WE ARE
We are Windmills Florist Woodbridge, Suffolk (VAT No: 815753617) who provide flowers, arrangements and gifts, including a local delivery service. These can be ordered directly from our shop at 3A Cumberland Street, Woodbridge, Suffolk, IP12 4AH or online from our website at https://www.windmillsflorist.co.uk. Contact us either by direct mail at the above address, by email on firstname.lastname@example.org or by telephone on 01394 384109.
WHAT PERSONAL DATA WE COLLECT
We collect information about you during the checkout process on our store and while you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, may ask you to provide information including:
- Your name
- Billing address
- Shipping address
- Email address
- Phone number
- Credit card/payment details
If you create a user account on our website you may also provide information (such as username and password) and we may use this information for purposes such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages (if you choose to receive them)
PLEASE NOTE: If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. We advise that you keep your password private and avoid using the same password for other online accounts. We recommend regularly changing your password, which you can do within your account.
PROTECTION OF PERSONAL DATA
Windmills Florist takes all measures reasonably necessary to protect against the unauthorised access, use, alteration or destruction of your personal information. We are committed to protecting and respecting your privacy rights, and to ensuring that your personal data is safe and secure. We only disclose personal information when required to do so by law, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Windmills Florist, third parties or the public at large.
WHO HAS ACCESS TO YOUR PERSONAL DATA
Members of our team have access to the information you provide us – for example website administrators, shop managers and staff can access:
- Order information such as what was purchased, when it was purchased and where it should be sent
- Customer information like your name, email address and billing/shipping information.
- Our team members only have access to this information to help fulfil orders, process refunds and support you throughout the process.
HOW LONG DO WE STORE YOUR PERSONAL DATA
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes which includes your name, email address and billing and shipping addresses.
For users that register on our website we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. In order to update your personal data, please contact us or visit your ‘My Account’ if you have subscribed to our website.
RIGHTS OVER YOUR PERSONAL DATA
We fully respect that your personal data is owned by you and that you have certain rights in that respect. Our aim is to respect your rights but please understand that we may have certain obligations to maintain personal data records despite your requests to exercise your rights, such as for legal and accounting purposes.
You may opt out of marketing communications or change your preferences with respect to marketing communications by unsubscribing from emails using the unsubscribe link found in all marketing emails.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
PERSONAL DATA BREACH
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data. Personal data breaches can include:
- Access by an unauthorised third party
- Deliberate or accidental action (or inaction) by a controller or processor
- Sending personal data to an incorrect recipient
- Computing devices containing personal data being lost or stolen
- Alteration of personal data without permission
- Loss of availability of personal data
RESPONDING TO A PERSONAL DATA BREACH
If a personal data breach occurs, we need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then we must notify the ICO but if it’s unlikely then we don’t have to report it. However, if we decide not to report the personal data breach, we must justify this decision and document it.
We must report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it and must give the reasons for any delay. For more information please see the ICO pages on reporting a personal data breach here: REPORTING A DATA BREACH