Data Usage and Data Protection Statement
Purpose of Policy
This policy describes how North Wales Garden World collects and processes your personal data as part of the task of providing the service of garden centre, aquatics specialist, and selling of gift items from the company’s shop in Kinmel Bay, Denbighshire.
It is important that you read this policy together with any other data related notice that may declared elsewhere at the garden centre or within eletronic newsletters and simliar electronic communications.
Data Controller and Data Processor
Why North Wales Garden World Processes Personal Data (the “Purpose”)
Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.
North Wales Garden World collects and processes (stores, transfers, archives, updates and uses) different kinds of personal data, which is outlined as follows:
- North Wales Garden World customer/client promotions/marketing/subscription ‘loyalty card’ data. Contact data: The personal data collected and processed is: name, postal address, and email address;
- Electronic mail and contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If North Wales Garden World is contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
- Website Comments Data. Comments made into the new blog section of the website will be recorded into the database. Web users who want to comment need to subscribe. The personal data collected and processed is as follows: email address, IP address (minimal data profile), and optionally the personal data profile can also include name and subscriber’s website address (if they have one);
- Website Functional Data. Various procedures are in place to protect the website from malicious online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this will include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time. Use and commenting on blog articles is recorded for a limited time.
How North Wales Garden World Processes Personal Data
Personal data from customers/clients (‘loyalty card’) is collected using temporary paper-based forms from the North Wales Garden World shop in Kinmel Bay. This information is transferred and processed within the parent company’s (The Gift Company) secure EPOS (Electronic Point of Sale) Cybertill system (password and firewall protected).
With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.
Website comments data and website functional data is stored in a MariaDB database. The website data controller will be alerted by email when a new subscriber account request is made (blog commenting). Quality assured WordPress plugins are used to record and monitor website activities to ensure no malicious online activities take place. The WordPress plugins used to collect and process website-based data are: statistical add-on “WP Statistics”; security add-on “Wordfence”; electronic mail logger add-on “WP Mail Log” and; website auditing logger add-on “WP Security Audit Log”.
The website files and MariaDB database are stored and maintained on a secure shared hosting server, located within the EU, provided by established UK web hosting company, Heart Internet.
The Lawful Basis for Collecting & Processing Personal Data
The Law states North Wales Garden World must tell you the following:
North Wales Garden World holds customers’ data because it is in its legitimate interest to do so. Without holding the data North Wales Garden World cannot work effectively.
North Wales Garden World holds website functional data because it is in its legitimate interest to do so. Without collecting, processing and monitoring web-based data (which includes personal data such as IP address) the website would be vulnerable to cyber-attacks and other malicious online activities.
How Personal Data is Used
With client/customer contact data used under the ‘loyalty card’ scheme, your personal data is only used for contact purposes between you and the parent company, the Gift Company, in communicating offers, promotions, news and seasonal gift ideas from the North Wales Garden World Kimnel Bay shop. This is the form of the North Wales Garden World weekly news and promotions electronic newsletter sent via the Mailchimp e-service. Customers may unsubscribe from this newsletter at any time, from the unsubscribe link, which will remove personal data from our records.
With enquirer contact data, your personal data is only used for contact purposes between you and North Wales Garden World regarding the possible future task of providing the service of garden centre, aquatics specialist, and selling of gift items.
With the personal data processed in relation with the North Wales Garden World website operations, it is the task of North Wales Garden World to maintain a website that is safe to use by all, that is uncompromised by malicious online activities, and is data secure for those using the website, be it using the contact form, downloading documents, reading the news blog, or even commenting on our articles. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.
Change of Personal Data Purpose
North Wales Garden World will only use your personal data for the purposes for which it was originally collected for (as previously outlined). If another reason arises for which North Wales Garden World needs to use your personal data you will be contacted first to gain your consent.
Note that North Wales Garden World may further process your personal data without your knowledge or consent where this is required or permitted by law, such as requests from government bodies, e.g. HMRC.
Disclosure of Personal Data
North Wales Garden World does not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.
Protection of Your Personal Data
North Wales Garden World takes the security of the personal data held seriously, both customer/client personal data and website based personal data. Policies and procedures are in place to safeguard it from loss and misuse.
North Wales Garden World also has procedures to deal with any suspected personal data breach and will notify you of breach when legally required to do so.
Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Office applications, and up to date WordPress installation and latest plugins in use at all times.
Length of Time Processed Personal Data Is Stored
Customers/clients contact data: Personal data will be stored for as long as customers are members of the ‘loyalty card’ scheme.
Enquirer contact data: Personal data will be held for the length of the enquiry. Relating emails and the data held within will be deleted in a timely manner (within weeks of the initial enquiry). Personal data from an online enquiry will never be transferred to another data process in the event the enquiry does not produce a sale.
Web-based Personal data: Contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months. Blog comments, if deemed helpful to an article, will be kept online indefinitely, but the owner (blog “subscriber”) of the comment will always be able to remove it at any time. If a subscriber wishes to delete their account, they can do so themselves at any time. Deletion of an account will automatically delete all their own comments from the blog as well.
Your Legal Rights
North Wales Garden World assumes responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform North Wales Garden World of any changes to your information, or in the case of the blog, subscribers must update their email address by logging in at any time to the website user interface.
You are entitled to:
- Request access to your personal data;
- Request the correction or deletion of your personal data;
- Object to the processing of your personal data;
- Request a restriction of processing your personal data;
- Withdraw consent at any time, where North Wales Garden World is relying on consent to process your personal data.
Complaints or Concerns About North Wales Garden World Data Processing?