1 WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?
1.1 Under data protection legislation, we are required to explain to you why we collect information about you, how we intend to use that information and whether we will share your information with anyone else.
1.2 This statement applies to our customers, users of our website, those who wish to receive marketing information from us and anyone who otherwise provides their data to us. Please read this statement carefully to understand our views and practices regarding your personal data and how we will treat it.
1.4 This statement relates to information collected from you through your use of our website www.gardentrading.co.uk, through emails we send to you, our social media channels and any other website on which this policy is posted or expressly referenced (collectively the “GTC Sites”). It also relates to information which we collect from you in our stores, over the telephone, by you entering our competitions & promotions, or if you contact us in writing.
1.5 Please do not use the GTC Sites, or purchase any products over the telephone with our customer services team or enter our competitions or promotions unless you agree with this policy.
1.6 This statement does not form part of any contract to provide services. We may update this statement at any time.
1.7 It is important that you inform us of any changes to your personal information which we hold so that the information which we hold is accurate and current.
2 WHO ARE WE?
2.1 We are The Garden Trading Company Limited (“GTC”), a company registered in England and Wales under company number 2854160 and with our registered office at Joules Building, The Point, Rockingham Road, Market Harborough, Leicestershire LE16 7QU England.
2.2 GTC is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are registered in the UK with the ICO under number ZA375799.
3 CONTACTING US
3.2 Our group Compliance team are responsible for overseeing what we do with your information and monitoring our compliance with data protection laws. If you wish to contact our compliance team you can do so by writing to firstname.lastname@example.org.
4.1 The information that we collect is required in order for us to:
4.1.1 fulfil your orders for products with us, deal with your returns, and provide you with access to an account;
4.1.2 provide you with offers and marketing information about products and services in which you may be interested;
4.1.3 for our monitoring of the use of the GTC Sites by users;
4.1.4 increase the relevance of the GTC Sites' content and our marketing activities based upon users' demographics and browsing and purchasing behaviour, and to improve our products and services;
4.1.5 to administer our competitions and promotions;
4.1.6 for the purpose of keeping our stores secure and to prevent fraud and money laundering;
4.1.7 to conduct customer surveys, focus groups and user testing in relation to our products and services;
4.1.8 to fulfil our legal obligations;
4.1.9 to process and respond to any queries that you might have.
5 TYPES OF PERSONAL INFORMATION WE COLLECT
5.1 We are collecting information about you in order to achieve the purposes set out above (see 'Why are we collecting your information?'). This may include:
Personal details and payment
5.1.1 personal details and demographics (such as name, gender and date of birth);
5.1.2 contact details (such as your address, phone number and email address);
5.1.3 purchasing history and payment information (such as payment methods, billing address details and other information related to payment). Please note GTC does not retain or store credit card, debit card or other confidential payment information. Instead we store a unique security “token” assigned to your card details by your payment provider and the last 4 digits of your card;
Website use, email interaction and communications
5.1.4 details of any contact with our support or customer services teams such as a record of your correspondence with us or any calls that you make to us (such as location data, timing, weblogs, other communication data and resources that you access);
5.1.6 information about your use of our information and communications systems;
5.1.7 browser information and online identifiers (such as your browser types, browser version host operating system, browser language and your IP address);
5.1.8 information about your visit to any GTC Site (such as full Uniform Resource Locators (URL) clickstream to, through and from our site, whether your visit was directly from a marketing email we have sent, products viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs) and methods used to browse away from the page);
5.1.9 information from third parties such as digital marketing networks and social media networks such as Facebook, Instagram, Pinterest and Google to help manage your account, improve your shopping experience and get relevant marketing message across to you;
5.1.10 aggregated information (such aggregate traffic information collected from your visit to any GTC Site);
Competitions and survey information
5.1.11 competition entries;
5.1.12 your responses to our surveys, polls, focus groups, interviews, ethnography studies and user testing;
5.1.13 details of any agreement or objection to receiving marketing information from us;
In store security
5.1.14 images of you captured through the use of in store CCTV cameras.
6 PRIVACY OF CHILDREN AND SPECIAL CATEGORIES OF DATA
6.1 We do not knowingly collect personal data from anyone under the age of 18.
6.2 We do not knowingly obtain or store any Special Categories of Personal Data, such as information about health or medical conditions, race or religious beliefs.
6.3 If we are made aware that we have received information from anyone under the age of 18 or Special Categories of Personal Data, we will use reasonable efforts to locate and remove that information from our records.
7 SOURCE OF YOUR PERSONAL INFORMATION
7.1 The information which we collect about you will be obtained through a variety of sources which include:
Information provided by you
7.1.1 if you register to use the GTC Sites;
7.1.2 if you are placing an order online at a GTC Site, in store or over the telephone with our customer service team. We will never ask you to confirm or supply any account or credit card details via email or text message. If you receive such an email or text message, please do not respond and notify us immediately at: email@example.com;
7.1.3 if you enter a competition or promotion sponsored by us;
7.1.4 when you report a problem with our site and/or your order;
7.1.5 when you contact our support or customer service teams;
7.1.6 when you complete our surveys or join in with polls, focus groups, interviews, ethnography studies and user testing;
Information collected automatically about you
7.1.7 information automatically collected about you and your visit to any of the GTC Sites;
7.1.8 information automatically collected about you when you open a marketing email or engage with our content or adverts on social media and third party sites;
7.1.9 recording of your telephone calls with our customer service team;
7.1.10 CCTV footage when you visit one of our stores.
Information collected from third parties
7.1.11 we may collect information about you from third parties where we carry out identity verification credit or anti-fraud checks against your name using third party databases.
7.1.12 we may collect information about you from third parties for marketing where you have provided your express consent to the third party for your information to be shared for such purpose;
7.1.13 we may work with third party information providers who specialise in consumer profiling and provide demographic or other data to help better understand our customers lifestyles, shopping behaviour and preferences;
7.1.14 online advertising and marketing companies to help us display the advertising content most relevant to you and to analyse the effectiveness of our campaigns;
7.1.15 we may collect information about you from third parties who we have partnered with to run competitions.
8 WHAT WE DO WITH YOUR INFORMATION
8.1 We may use your personal data for the following purposes:
8.2 We may use your personal data, and permit third parties (e.g. social media networks such as Facebook and search engines such as Google) on our behalf to use your personal data, to provide you with information that you have requested from us and to inform you of offers or other goods or services that may be of interest to you (but only where you have not objected to be contacted for such purposes).
8.3 We will only contact you by electronic means (email) or post with information about goods and services similar to those which were the subject of a previous sale to you. We will do this where you have made an order with us or you have otherwise confirmed that you agree to us sending you such information (see 'What is our lawful basis for using your information' below).
8.4 Where we permit selected third parties to use your data, we (or they) will contact you by electronic means or post. Details of those third parties can be found at 'Sharing your information'.
8.5 Please note that you have the right to ask us not to process your personal data for marketing purposes. We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by:
8.5.1 checking certain boxes on the forms we use to collect your data; or
8.5.2 you can also request us not to use your personal data for this purpose when setting up your GTC account; or
8.5.3 logging into your personal account on the Garden Trading website and changing your marketing preferences; or
8.5.4 by emailing us at firstname.lastname@example.org.
Placing an order
8.6 We use your personal data to process and fulfil your orders effectively and to carry out any further obligations arising from any contracts entered into between you and us. This will include using your email address and/or mobile phone number so that we can send you information confirming your order.
8.7 If you report a problem with your order, we may use your personal data to investigate that problem.
Operate the GTC Sites and GTC’ emails
8.8 When you use the GTC sites we may use your personal data to:
8.8.1 register you to use the GTC Sites (if you choose to do so);
8.8.2 administer the GTC Sites and for internal operations such as to help diagnose problems with our server, trouble shoot, analyse data and other administrative purposes;
8.8.3 improve the GTC Sites and to ensure that content is presented in the most effective manner for you and your computer, tablet or mobile phone (this may include providing you with content and services in your country's local language and currency);
8.8.4 allow you to participate in interactive features of our service when you choose to do so;
8.8.5 keep the GTC Sites safe and secure;
8.8.6 improve the services we offer, make recommendations about goods or services that may be of interest to you and to develop marketing programs (we may use personal data for these reasons as a result of you opening GTC’ emails too); and
8.8.7 if you report a problem with the GTC Sites, use your personal data to investigate and resolve the reported problem.
Profiling - To personalise your shopping experience and improve your interactions with us
8.9 Profiling is defined in law as “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person…”.
8.10 We use information collected from the GTC Sites, in-store, from third party consumer information providers, from your interaction with GTC’ marketing communications and from competition & promotion entries, in order to categorise users into specific profiles, or to aggregate data into larger datasets, which are then used to improve the relevance of your shopping experience and the marketing you receive from us. That information is then used to prioritise certain products and promotions on the GTC Sites in order to personalise the GTC’ Sites for you and to ensure that our marketing is tailored to your preferences.
Administering competitions or promotions
8.11 We will use your personal data in relation to your entry into competitions run by GTC or our competition partners and promotions sponsored by us or our partners.
Customer service, surveys and training
8.12 We may use your personal data in order to handle any issue which you raise with our support or customer service team.
8.13 We, or our appointed third party research companies, may contact you to take part in customer surveys or polls. If you complete a survey for us, such as a customer satisfaction survey, we or the research company, will review and analyse your answers to the survey questions so we can better understand how we can improve our products and services.
8.14 If you have consented to take part in customer focus groups, interviews, ethnography studies or user testing, we or our appointed third party research company, may make contact with you to arrange these activities and we, or our research company, will review and analyse your answers so we can better understand how we can improve our products and services
8.15 We may also use your personal data in order to train our members of staff or for monitoring purposes.
8.16 If you sign up to regulatory new alerts on our corporate site, we will provide you with the requested information.
8.17 We may also use your personal data to notify you about changes to our service.
Prevention of fraud and security
8.18 We may use your personal data to help to protect you from fraud. For instance, we may carry out identity verification, credit or anti-fraud checks against your name using third party databases which may involve disclosure of your personal details to registered credit reference or fraud prevention agencies who may retain and use your personal information.
8.19 Where you enter one of our stores, your image may be recorded by our CCTV cameras. CCTV footage may be used in order to ensure the security and safety of our staff and customers and could potentially be used as evidence in an investigation or civil or criminal legal proceedings.
To fulfil our legal obligations
8.20 If we are required to conduct a product recall in respect of a product you have purchased, then we will contact you to notify you about this.
8.21 We will use your data to comply with any requirements imposed on us by law or as part of any legal proceedings, will share data with regulatory bodies if required to do so and will maintain records to comply with tax and regulatory requirements.
9 WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
9.1 Many of the services that we offer are only made available if we have certain information about you. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you. For example, if you do not provide information about your method of payment or delivery address, we will not be able to complete your order with us.
9.2 If you do not agree for us to your personal information when you access the GTC Site, you should not use the GTC Sites.
10 COMPLYING WITH DATA PROTECTION LAW
10.1 We will comply with data protection law. At the heart of data protection laws are the "data protection principles" which say that the personal information we hold about you must be:
10.1.1 used lawfully, fairly and in a transparent way;
10.1.2 collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
10.1.3 relevant to the purposes we have told you about and limited only to those purposes;
10.1.4 accurate and kept up to date;
10.1.5 kept only as long as necessary for the purposes we have told you about; and
10.1.6 kept securely.
11 WHAT IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?
11.1 In accordance with the data protection laws, we need a "lawful basis" for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.
11.2 The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:
11.2.1 Contract: Using your information will be necessary for us to either perform the contract between us or in order to take steps at your request prior to entering into the contract;
11.2.2 Legal compliance: Using your information will be necessary for us to comply with a legal or regulatory obligation which is placed on GTC;
11.2.3 Legitimate interest: Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy. For example, we rely on legitimate interest as our lawful basis to send you marketing information by email or by post if you have placed an order with us and you have not objected to receiving such marketing information. If you would prefer not to receive marketing information from us, see section 8.5 above about how to change your preferences or please email us at email@example.com;
11.2.4 Consent: It is possible that you may give us your consent to use your information for a particular purpose. If you have expressly consented to receive communications from us e.g. you have signed up on our website or competition entry form to receive our newsletter, then we are operating under consent instead of legitimate interest when keeping in touch with you.
12 SHARING YOUR INFORMATION
12.1 We may share some of your personal data with third parties as described below.
Sharing your information within the GTC group
12.2 We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
12.3 We will share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
Sharing your information with third parties
12.4 We may also share your personal information with third parties, such as:
12.4.1 our nominated third party carriers, warehousing and logistics providers to enable them to deliver your order and to contact you if there is a problem with delivery (i.e. telephone, email, name and address only);
12.4.2 our nominated marketing agencies who provide marketing services on our behalf;
12.4.3 social media sites such as Facebook and search engines such as Google to allow them to serve personalised product recommendations alongside specific messaging in advertising;
12.4.4 our payment service providers and IT providers;
12.4.5 research and analytics companies;
12.4.6 service companies such as printers and mailing houses who assist us in providing our services;
12.4.7 registered credit reference or fraud prevention agencies who may retain and use your personal information, the police and other regulatory bodies if we are requested to do so; or
12.4.8 third party companies who are co-hosting a competition and you have consented to that transfer.
13 SECURITY OF YOUR DATA
13.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
13.2 We will never ask you to confirm or supply any account or credit card details via email or text message. If you receive such an email or text message, please do not respond and notify us immediately at: firstname.lastname@example.org.
13.3 All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. When you proceed to make your purchase and your browser connects to the secure section of a GTC Site your browser window frame will show a padlock icon to indicate that you are entering a secure area.
13.4 If you are using a computer or other device to access the GTC Sites in a public location we recommend that you always log out and close the website browser down when you complete an online session for your security.
13.5 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
13.6 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Third parties security measures
13.7 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
13.8 All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
14 TRANSFERRING INFORMATION OUTSIDE THE EU
14.1 The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.
14.2 We will transfer the personal information we collect about you to the following countries outside the EU in order to perform our contract with you:
14.2.1 USA, Australia, China
14.3 There is an adequacy decision by the European Commission in respect of those countries listed above with an asterix (*). This means that those countries are deemed to provide an adequate level of protection for your personal information.
For the remaining countries which do not have an adequacy decision from the European Commission, we have put in place Standard data protection clauses in the form of template transfer clauses adopted by the European Commission to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. .
14.4 If you require further information about these protective measures, you can request it from our compliance team.
15 CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
15.1 We typically will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
15.2 We may use your personal information without your knowledge or consent where such use is required or permitted by law.
16 LINKS TO OTHER WEBSITES
17 COOKIES AND SIMILAR TECHNOLOGY
17.1 We use technology such as cookies and pixels on the GTC Sites including in our emails to distinguish you from other users, to provide you with a good experience when you browse the GTC Sites, to gather statistics around email opening and clicks and to allow us to improve the GTC Sites and to provide relevant marketing messages to you. For detailed information on the cookies and other technology we use and the purposes for which we use them see our Cookies Policy.
18 STORING YOUR INFORMATION AND DELETING IT
18.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our compliance team.
18.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
18.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
19 YOUR RIGHTS
19.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details at the top of this page. If you notice any errors in your personal data, you have the right to have them corrected.
19.2 Under certain circumstances, by law you have the right to:
19.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
19.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
19.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
19.2.4 Object to processing of your personal information (including automated decision making and profiling) where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
19.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
19.2.6 Request the transfer of your personal information to another party.
You are not always entitled to exercise each of these rights. The rights which you are entitled to exercise depend on a number of factors including the lawful basis on which we rely to use your personal data. Therefore, if you make a request to exercise a right which is not available to you, we have the right to decline the request. In some circumstances, you may be able to exercise your rights, but this will impair your ability to use the services we offer.
19.3 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com in writing.
20 RIGHT TO WITHDRAW CONSENT
20.1 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
21 RIGHT TO COMPLAIN TO THE ICO
21.1 You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
22 CHANGES TO THIS PRIVACY STATEMENT