🌿 Pat’s Petals Privacy Policy

Last updated: April 2026

1. Who We Are

Pat’s Petals is an independent florist based in Kidderminster, Worcestershire. We provide fresh and artificial flowers, bouquets, gifts, and related services both in‑store and online.

Contact Details: Pat’s Petals 5 New Road, Kidderminster, DY10 1AF Email: flowers@pats-petals.co.uk Phone: 01562 541104

Data Controller: Pat’s Petals (Jack & Cammy Clarke)

2. What Data We Collect

We may collect the following information when you interact with us:

  • Your name and contact details (email, phone number, address)
  • Order details and delivery information
  • Payment information (processed securely via SumUp — we do not store card details)
  • Messages or enquiries sent through our website
  • CCTV footage (inside the shop area only)
  • Website usage data (via cookies — see Cookie Policy)

3. Why We Collect Your Data

We use your information to:

  • Process and deliver your orders
  • Contact you about your order, booking, or enquiry
  • Manage our accounts, tax records, and legal obligations
  • Improve our services and customer experience
  • Maintain shop safety and security (CCTV)
  • Send marketing updates only if you have given clear consent

You can unsubscribe from marketing emails at any time.

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following lawful bases:

  • Contract – to fulfil your flower order, booking, or enquiry
  • Legal obligation – for accounting, tax, and business records
  • Legitimate interests – shop security (CCTV), fraud prevention, service improvement
  • Consent – for marketing emails or optional updates

Where consent is used, you may withdraw it at any time.

5. CCTV Use

We use CCTV in our shop for:

  • Security and crime prevention
  • Protecting our staff, customers, and property

Footage is stored securely and automatically deleted after 30 days, unless required for an investigation. Clear signage is displayed in‑store to notify visitors.

6. Third‑Party Services (Data Processors)

We use trusted third‑party providers to help run our business. These include:

  • SumUp – secure payment processing
  • Website hosting provider – stores our website and email services
  • Email provider – for order confirmations and communication
  • Analytics tools – to understand website usage (see Cookie Policy)

These providers only receive the information necessary to perform their services and cannot use it for any other purpose.

We do not sell or share your data with third parties for marketing.

7. How We Protect Your Data

  • Computers, tills, and accounts are password‑protected
  • Only authorised staff can access order information
  • Payment details are processed securely and never stored by us
  • CCTV footage is encrypted and access‑restricted

8. How Long We Keep Your Data

  • Order details: up to 12 months (for customer service and repeat orders)
  • Financial records: up to 6 years (legal requirement)
  • CCTV footage: 30 days, unless required longer for security reasons
  • Marketing data: until you unsubscribe or request deletion

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct or update your information
  • Request deletion of your data (where legally possible)
  • Withdraw consent for marketing
  • Object to certain types of processing
  • Request a copy of your data in a portable format

To exercise these rights, contact us using the details above.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO).

10. Changes to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available on our website and in‑store.