Privacy Policy

This Privacy Notice was last updated January 2021

The Garden Society is committed to protecting your privacy. We appreciate that you do not want the personal information you provide to us to be distributed indiscriminately and here we explain how we collect information, what we do with it and what controls you have. Crucially, we will never collect sensitive information about you without your explicit consent. The information we hold will be accurate and up-to-date. You can check the information that we hold about you by emailing us. If you find any inaccuracies, we will delete or correct it promptly. We will only use the information that we collect about you lawfully (in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the new The General Data Protection Regulation that comes into effect on 25th May 2018). By using the Site, you consent to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data Horticultural Ltd (‘The Garden Society’, ‘we’, ‘us’, and ‘our’) collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

It is our policy to collect only the minimum information required from you. If you believe we have collected excessive information about you, please contact us to raise any concerns you may have.

In this Privacy Policy your personal information is sometimes called “personal data”. We sometimes collectively refer to handling, collecting, protecting or storing your personal information as ‘processing’.

Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.

Personal information is anything that enables you to be identified or identifiable, e.g. your name, postal/email address and telephone number.

We may collect and process the following information about you:
Information (such as your name, email address, postal address and telephone number) that you provide by completing forms on the Site, including if you register as a user of the Site, purchase products on the Site, upload or submit any material via the Site or request any information.

In connection with an account sign-in facility, your log-in and password details;

Below are some examples of how you may provide personal information to us:

● Purchasing plants, gifts, clothing or other items at our garden centre
● Details of any transactions made by you through the Site; or Communications you send to us, for example to report a problem or
to submit queries, concerns or comments regarding the Site or its content.
● Purchasing food or drink or other items at our restaurants
● Purchasing event tickets
● Ordering plants, gifts, clothing or other items either by telephone and online
● Searching and browsing our website for content
● Purchasing a Gift Card
● Applying for The Garden Society Loyalty Card
● Subscribing to our email newsletters
● Submitting CVs or work history information
● Contacting us for further information
● Providing us with business cards or other contact information

When you provide personal information to us, we may use it for any of the purposes described in this Privacy notice or as stated at the point of collection (or as obvious from the context of collection), including:

◦ Enable us to process your orders and to provide you with the services and information offered
through the Site and which you request;
◦ Administer your account with us;
◦ Verify and carry out financial transactions in relation to payments you make online;
◦ Audit the downloading of data from the Site;
◦ Improve the layout and/or content of the pages of the Site and customise them for users;
◦ Identify visitors to the Site;
◦ Carry out research on our users demographics and tracking of sales data;
◦ Send you information we think you may find useful or which you have requested from us, including information about our
products and services, or potential shopping basket recoveries, provided you have indicated that you do not object to being
contacted for these purposes.
◦ To provide you with the items you have ordered from us
◦ To deliver items using our Delivery Service
◦ To administer and manage our website, including to understand how people use the features and functions of our website in order
to improve the user experience
◦ To develop our business and services
◦ To conduct quality and risk management reviews
◦ To monitor and enforce compliance with our policies; and/or
◦ Any other purposes for which you provided the information to us, including any of the purposes given in the ‘Collection of personal
information’ section above.

We do not collect personal information for sale to or use by third parties.

Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are submitted to us over the internet. Payments made on the website are made through our payment gateway provider, Global Payments. You will be providing credit or debit card information directly to Global Payments which operates a secure server to process payment details, encrypting your credit/debit card information and authorizing payment. Information which you supply to Global Payments is subject to Global Payments own privacy policy and terms and conditions which can viewed here.

We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the website whilst it is in transit over the internet and any such submission is at your own risk. It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

International transfers of personal information

Your personal information will not be transferred to and stored outside the country where you are located.
We may also disclose your personal information to law enforcement and other government agencies as required by and/or in accordance with applicable law.

Retention of personal information

We will retain your personal information only for as long as we need it, given the purposes for which it was collected, or as required to do so by law.

Normally, this means we will retain your personal information for 6 years. For more information please contact us; details below.

Marketing

We keep contact information until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from our newsletter we may keep certain limited information about you so that we may honour your request.
Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive emails known as newsletters.

Website

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Bookings for the restaurant

If you wish to book a table within our restaurants, for example, for afternoon tea or one of our table services we may ask for your name, phone number and email address in order to be able to contact you in relation to the booking. We sometimes may take a deposit at the time of booking. Payments are taken via our secure payment provider, Stripe.
We will retain the information prior to the date of the booking and for a period of three months after the booking date.

Bookings for events

If you wish to book an event we may ask for your name, phone number and email address in order to be able to contact you in relation to the booking. Payments are taken via our secure payment provider Stripe.
We will retain the information prior to the date of the booking and for a period of three months after the booking date.

Children

We understand the importance of protecting children's privacy and we never knowingly collect personal information about individuals under the age of 18. Children’s activities and events may require children’s first name and occasionally age, but contact details if needed will be those of the guardian. Providing children’s data is voluntary. Data will only be kept for a limited time and will then be destroyed confidentially.

Photography or video footage will never be taken or used without first obtaining permission from whomever is responsible for the individual. A Consent & Release form will be used to record permissions.

Test and Trace

Following government guidelines to comply with the NHS Test and Trace scheme, we collect customer details from one member of a group of 2 or more people or from a person visiting by themselves to our restaurants. The data collected is name and phone number, date and time of visit and the number of people in the group. This data is held securely for 21 days after your visit as required under the NHS Test and Trace scheme.

If you are a regular visitor to our restaurants, you will be offered a Test and Trace Easy Access card. This means that you do not need to give your personal data on each visit and your card will be scanned to record your visit. Your name and phone details will be held until the scheme comes to an end but the date and time of your visit will be deleted after 21 days.

DHSC (Department of Health and Social Care) will only request these records where it is necessary for running an effective NHS Test and Trace service. It might be necessary (for this purpose) either because:

● someone who has tested positive for COVID-19 has listed a specific venue/establishment as a place they visited recently
● a venue/establishment has been identified as a potential location of a local outbreak of COVID-19

Under these circumstances, DHSC, through NHS Test and Trace, will contact us and request that it shares specific information (that is, the contact details of individuals who were on the premises between specific times on a specific day). NHS Test and Trace will then conduct a contact-tracing exercise with a view to providing those individuals with appropriate advice.

We have installed CCTV systems in our garden centre and restaurant for the purposes of crime prevention and detection and for public and staff safety. CCTV is also installed on the outside of some of our buildings for monitoring building security and crime prevention and detection.

Images captured by CCTV will not be kept for longer than is necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.

You have the right to see CCTV images of yourself in accordance with Data Protection Act 2018 and be provided with a copy of the images. Any other people in the imagery will be redacted. We will only disclose images to other authorised bodies who intend to use it for the purposes stated above.

We operate CCTV and disclose in accordance with codes of practice issued by the Information Commissioner Office.

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties:

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

If The Garden Society, or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of The Garden Society, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:

● Request a copy of personal information we hold about you;
● Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or
incomplete;
● Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
● Object to our processing of your personal information; and/or
● Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and
consent is the only permissible basis for processing).

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

You can also exercise the right at any time. If you would like to exercise these rights or understand if these rights apply to you, please contact us www.thegardensociety.co.uk

When you exercise one of your rights under the GDPR, we are required by law to use all reasonable measures to verify your identity before we can action the request. This will be in the form of supplying a utility bill and photographic evidence such as passport or driving licence.

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

If you have any questions or complaints about this Privacy notice or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:

Form: www.thegardensociety.co.uk/contact-us

Email: hello@thegardensociety.co.uk

Tel: 02380 60 22 34

Post: The Garden Society, Allington Lane, Fair Oak, Eastleigh, Southampton, SO50 7DE

We may update this Privacy notice at any time by publishing an updated version here. So that you know when we make changes to this Privacy statement, we will amend the revision date at the top of this page. The new modified or amended Privacy notice will apply from that revision date. Therefore, we encourage you to review this Privacy notice periodically to be informed about how we are protecting your information.