Under UK GDPR a customer can ask you to delete their personal data — the right to erasure, sometimes called right to be forgotten. The customer-delete flow removes their personal information while keeping the order, transaction, and invoice records you’re legally required to retain.Documentation Index
Fetch the complete documentation index at: https://docs.florists.digital/llms.txt
Use this file to discover all available pages before exploring further.
This page covers features gated by Manager-tier permissions. Managers and Admins have these by default; your administrator can adjust who has them in Settings > Team.
Before you delete
Take a moment to confirm:- Identity — make sure the request is genuine. Verify the requester is the person whose data you’re being asked to delete.
- Outstanding business — if the customer has open orders, an unpaid balance, or an active event booking, resolve those first.
- Marketing lists — the deletion doesn’t reach back into email services you’ve already exported the data to. Suppress them in Mailchimp, your newsletter tool, etc. as a separate step.
What gets removed
Running the customer delete flow removes:- The customer’s name, email, phone, address.
- Any delivery addresses in their address book.
- Marketing preferences and consent records (kept as anonymised aggregates only).
- Their notes, attachments, and portal access.
What is kept
For accounting, tax, and audit compliance, the following are retained but anonymised:- Orders and transactions remain with a placeholder customer (“Deleted customer #1234”) so financial reports stay accurate.
- Invoices and credit notes stay attached to the placeholder.
- Audit log entries referencing the customer keep their original IDs but show no identifying information.
Running a delete
Click Delete (GDPR)
The button is under the actions menu. The system checks for blockers first — open orders, unpaid balances, active events.
Review the summary
You’ll see exactly what’s about to be removed and what will be retained as anonymised records.
Common questions
What if the customer is on an active corporate account?
What if the customer is on an active corporate account?
Resolve the account relationship first — either close the account or reassign sub-customers — before deleting the contact.
Can the customer ask for a data export instead?
Can the customer ask for a data export instead?
Yes. Use Exports to produce a CSV of their orders, transactions, and contact information. Send this to them as their subject access request response.
How long do we have to respond to a request?
How long do we have to respond to a request?
Under UK GDPR you have one calendar month from the verified request. Extensions are possible for complex cases but you must tell the requester.
What if a customer wants to be removed but they're a director of a corporate account?
What if a customer wants to be removed but they're a director of a corporate account?
You can delete their personal contact details but keep the corporate account record intact (companies aren’t covered by GDPR the same way). Document this clearly in the audit log.
What’s next?
Customer merge
Consolidate duplicate records before considering deletion.
Exports
Produce a subject access request export.
Audit logs
Evidence of GDPR request handling.