Data Controller – Contact Details
For the purposes of the Data Protection Legislation, the Data Controller is Wards Nurseries.
Information we collect, hold and how we use it
We may collect and process the following information but are not limited to:
Personal information – name, job title
Contact details – business or personal address, email and phone number
Financial information – purchase order details, bank details, credit card number and payment details
It is unlikely that we will need to collect Sensitive Personal Information about you.
Sensitive Personal Information is defined as your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, and biometric data for the purposes of unique identification, trade union membership or information about your health/sex life and personal information relating to criminal convictions or offences.
How do we use your personal information
The main purposes for which we use your personal information are:
• to provide you with information about our products and services;
• to update you on our latest products, services and any relevant news we think you might be interested in;
• to ask you to partake in our customer surveys and to improve our customer service;
• to provide you with relevant marketing communications;
• where you have given us permission, to contact you from time to time to keep you up to date with limited offers and other promotions.
Purposes for processing personal information
• where you have given your consent to the processing of your personal data;
• to enable us to perform our obligations under any contract with you;
• for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms e.g., to respond to your enquiries;
• where we must comply with a legal obligation to disclose your personal information to a government and/or regulatory bodies and other third parties where required to do so by applicable law, e.g., to comply with a court order, for taxation purposes etc.;
• In the event of a merger, acquisition, or any form of sale of some or all our assets to a third party, we may also disclose your personal information to the third parties concerned or their professional advisors. In the event of such a transaction, the personal information held by Wards Nurseries will be among the assets transferred to the buyer.
The criteria we use to determine data retention periods include the following:
• In case of queries about your order – we may retain your personal data for a reasonable period after you have ordered our products or services in case of a follow up query from you;
• Permitted under applicable law – we will continue to retain personal data where necessary to provide our products to you.
Your data privacy rights
You may exercise the rights available to you under data protection laws as follows:
1. The right to withdraw your consent to the processing of your personal data.
2. The right to request access to or obtain a copy of the personal data we hold about you. Any request will be processed within 30 days in accordance with the GDPR;
3. The right to rectification including to require us to correct inaccurate personal data;
4. The right to request restriction of processing concerning you or to object to processing of your personal data if processing is based on legitimate interests or direct marketing etc.,
5. The right to request the erasure of your personal data where it is no longer necessary for us to retain it;
6. The right to data portability; and
7. The right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual;
8. The right to complain to a data protection authority e.g., the Information Commissioners Office (ICO) if you consider that we have infringed applicable data privacy laws when processing your personal data.
We endeavour to use appropriate technical and physical security measures to protect your personal data which is collected, stored or processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access. These measures include storing personal data in a secure database which is password protected and using secure cloud storage for database backups.
As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet. Any transmission of data is at your own risk. Once we receive your data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available.
If there is an interception or unauthorised access to your personal data, we will not be liable or responsible for any resulting misuse of your personal information.
We may monitor the use and content of emails, calls and secure messages sent from and received by us so that we can identify and take legal action against unlawful or improper use of our systems e.g., transmitting computer viruses and attempts to prevent our website or other systems from working.