Our Approach to Data Protection and Privacy
General Data Protection Regulations
When We Collect Data
We try to collect the minimum data possible to respond to our customers requests or to improve our services. The following identifies the circumstances in which this happens:
- When you visit this website.
- When you use our contact form to request further information.
- When you contact us with your requirements.
- When corresponding with you or contacting you about our products and services.
- When you agree to take part in surveys or sign up to receive further information.
- When you apply for job vacancies.
- When you provide us with feedback.
- f you publicly comment on any of our website content.
What Data We Collect
We may collect the following data about you. This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the below personal data is collected directly, for example when you fill out a contact form.
Some personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, such as a friend or family member who has asked us to contact you about our services.
- Contact details – Your name, email address and phone number, age/date of birth.
- Your employer, role and company contact details (if you contact us on behalf of a company you are employed by).
- Your employment history and any other qualification related information you chose to provide to us in your curriculum vitae.
- Your purchase, quotation and correspondence history with us.
- Your IP address and website cookies.
- Your payment card or invoicing details, including billing addresses.
- Cookies and IP Addresses
We use your IP address and website cookies to analyse your use of this website. These bits of information allow us to track how you use our website as an individual, but don’t give us personal data like your name, email address or phone number. We analyse user behaviour on this website to improve our services, the user experience of the website and our marketing activities.
Google Analytics is a standard tool used by most websites to help them improve their services to customers. You can opt out Google Analytics however by using this tool https://tools.google.com/dlpage/gaoptout. Please note that will will affect all websites and not just this one.
How we use your data
To help us provide and personalise our service to you.
To send you news and offers about our services and products that may be of interest if you have opted in to this.
To deal with any administrative queries or questions.
To provide additional products and services you may request from us.
To ensure that content from our website is available in the most effective manner for you and your computer.
For quality assurance testing, market analysis, system testing, analysis of statistics, auditing and performance measures.
We store data on you for different lengths of time depending on the type of user you are and your relationship with the company. We use a combination of criteria to determine how long we keep the different types of data we hold on you.
Some data is required to be held by law and to fulfil our contractual obligations with you as a customer. We also store your data for as long as we believe their is to be a legitimate mutual interest between us, as an existing or prospective customer. You have certain rights under the GDPR to remove, transfer or change this data. Please see the ‘Your Data Rights’ section for more information.
If allowed by the applicable law and/or your consent, we may contact you from time to time to provide you with information which we think you may find of interest, unless you have opted out of such contact.
You can contact us at any time to withdraw your details and consent to processing from our marketing database, by contacting email@example.com
We will not make available or sell your information to third parties for marketing purposes. However, If we sell, assign or transfer the assets of our business, or if our business is merged or enters into a joint venture with another business entity, we reserve the right to sell or transfer the database maintained by us (including any personal information provided by you) so that service levels can be maintained.
Suppliers and Data Processors
In order for us to provide you with the best possible products and services and an enjoyable browsing experience, we sometimes use services provided by other companies to assist us. These suppliers range from operational (e.g. our accountants), to technical (e.g. our Web Hosting provider, online payment providers).
Where necessary, we may share your personal data with these companies for processing in order to fulfil certain services. This is always done in a secure, confidential manner and your data is only held with the company for as long as is necessary in each case. The organisations will also always have appropriate technical and organisational methods in place to protect your data.
Location and International Transfers
Your data is largely held and processed within the EEA, however some of our third-party suppliers, such as hosting providers and other technology focused service providers, are based in the USA and so store and process data within the USA.
In these cases, the companies subscribe to the EU-US Data Privacy shield program ( https://www.privacyshield.gov/welcome ), which aims to ensure USA based business comply with relevant European Data Protection regulations when dealing with European businesses’ personal data.
By submitting your data and agreeing to this policy you agree to this transfer, storing or processing.
A full list of these providers, the personal data they hold, why we send them this data and the length of time they hold the data for can be obtained if required by contacting firstname.lastname@example.org
We may also disclose personal information where information is part of a due legal process and otherwise required or permitted by law.
We employ technical and organisational measures to protect the information provided by you from access by unauthorised persons and against unlawful processing.
This is achieved through a wide range of methods, including but not limited to: data encryption where appropriate, risk analysis, staff training, internal information security policies and other methods recommended under the GDPR.
Other Collectors of Information
Your Data Rights
We adhere to all rights given to individuals under the GDPR. To exercise any of these rights with the personal data we hold on you, please contact email@example.com or write to:
Oak House Nursery
127 Station Road
Derby, DE3 9FN
Oak House Nursery
Subject Access Requests
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email us at firstname.lastname@example.org with sufficient information to enable us to identify you. We will respond to your request within one month of receipt of the request.
Updating and Correcting Information
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “grounds relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you for, please either email email@example.com or write to:
Oak House Nursery
127 Station Road
Derby, DE3 9FN
Please note that if the personal data you wish to delete is needed for lawful purposes and/or contractual fulfilment, it may not be possible for us to remove this.
If you believe we have processed your data unfairly or unlawfully, you have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office within the UK – https://ico.org.uk/