Last updated: 13 April 2023 Version: 2.2
Who are we?JustGardenCentres.com is an independently owned and run website which provides information about UK garden centres. We operate from the UK and we can always be contacted by email:
1. General Information and Definitions
About the website
JustGardenCentres.com website describes garden centres in the UK.
Our role as a data controller
JustGardenCentres.com acts as a data controller with regard to your Personal Data collected through the website (e.g. when you browse the website, or communicate with us). In these circumstances, we are a data controller because we make decisions about the types of Personal Data that should be collected from you and the purposes for which such Personal Data should be used.
We process Personal Data in accordance with data protection laws in the United Kingdom, and do our best to comply including, but not limited to, the EU General Data Protection Regulation (“GDPR”).
2. Types and Purposes of Personal Data and Non-Personal Data that We Process
Personal Data We May Collect
a) to enable you to use the full functionality of the website
b) to provide you with the requested services
c) to maintain and improve the website
d) to conduct research about our business activities
e) to administer the website
f) to respond to your enquiries.
The detailed description of the purposes and legal basis for processing of your Personal Data is provided below.
When you contact us by email or through a contact form, we collect your name, your e-mail address and any information you provide in your message (this is Personal Data).
The purpose of capturing this Personal Data is to respond to your enquiry / comment and if necessary, to provide you with the requested information.
The legal basis for processing this Personal Data is to pursue our legitimate business interests (i.e. to grow and promote our business).
The purpose of capturing this Personal Data is to analyse, improve, and evaluate our business activities and to ensure the security of the website.
The legal basis for processing this Personal Data is to pursue our legitimate business interests (i.e. to grow and promote our business) and to gain your consent for additional personal data.
Non-Personal Data That We May Collect
When you use the website, we automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our website (if any) as well as the name of the website you may visit when you leave our website.
This information also includes your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use this Non-Personal Data to:
1 Analyse trends among our users to help improve our website.
2 Identify and fix errors.
3 Develop new features and services.
Personal Data obtained from third parties
We will use such Personal Data only for the purposes for which it was provided. You are encouraged to check carefully the privacy settings and notices of Third-Party Services to understand what information may be disclosed to us.
What Happens If You Don’t Give Us Your Personal Data?
If you do not provide us with the Personal Data when requested, we may not be able to provide you with all our services. However, you can access and use some parts of our website without giving us your Personal Data.
We do not intentionally collect special categories of personal data (‘sensitive data’), such as opinions about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation.
If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your Personal Data. Please note that de-identified Personal Data is also considered to be Non-Personal Data.
In case your Non-Personal Data is combined with certain elements of your Personal Data in a way that allows us to identify you, we will handle such aggregated data as Personal Data. If your Personal Data is de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered Personal Data and we may use it for any legitimate business purpose.
3. Sharing Your Personal Data and Non-Personal Data with Third Parties
Selling your Personal Data and Non-Personal Data
We never sell your Personal Data to third parties for any purposes. The term “sell” refers to selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, your Personal Data by us to another business or a third party for monetary or other valuable consideration. For data aggregation purposes, we may use your Non-Personal Data, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your Personal Data.
Sharing Personal Data with our data processors
If necessary for the purposes listed below, we will share your Personal Data with our third-party service providers we hire to provide services to us (“Our Processors”). Our Processors include, but are not limited to, web analytics companies, advertising networks, help desk providers, accountants, law firms, auditors, and email service providers.
The disclosure of your Personal Data to Our Processors is limited to the situations when such data is required for one or more of the following purposes:
1. Ensuring the proper operation of our website
2. Ensuring the delivery of the services requested by you
3. Providing you with the requested information
4. Pursuing our legitimate business interests
5. Enforcing our rights, preventing fraud, and security purposes
6. Carrying out our contractual obligations
7. Law enforcement purposes
8. If you provide your prior consent to such a disclosure.
List of Our Processors
Processor Service - Hosting
IONOS, location United Kingdom, more information here
Processor Service - Business Analytics
Google Analytics, location United States, more information here
Processor Service - Business Analytics
Quantcast, location United States, more information here
Processor Service - Advertising
Google Adsense, location United States, more information here
Legally required release of Personal Data
We may be legally required to disclose your Personal Data in the following situations:
1. Required by subpoena, law, or other legal process
2. To assist law enforcement officials or government enforcement agencies
3. Necessary to investigate violations of or otherwise enforce our legal terms
4. Necessary to protect us from legal action or claims from third parties, including you and/or other users or members
5. Necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
Disclosures to Successors
Disclosure of Non-Personal Data
We may disclose your Non-Personal Data and de-identified Personal Data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the website, responding to lawful requests from public authorities, or developing new products and services.
4. Transferring of Personal Data Outside Your Country
The Personal Data that we collect from you may be stored, processed, and transferred between any of the countries in which we or our processors operate. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA.
Wherever we transfer, process or store your Personal Data, we will take reasonable steps to protect it. For example, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your Personal Data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).
The European Commission has not found the United States and some other countries where we and our Processors are located to have an adequate level of protection of Personal Data under Article 45 of the GDPR. We rely on derogations for specific situations as defined in Article 49 of the GDPR. We will use your Personal Data to provide the goods, services, and/or information you request from us to perform a contract with you or to satisfy a legitimate interest of our company in a manner that does not outweigh your freedoms and rights.
5. Retaining and Destroying Your Personal Data and Non-Personal Data
Retention of Personal Data
We retain information that we collect from you (including your Personal Data) only for as long as we need it for legal, business, or tax purposes. We always make sure that we have a lawful basis for storing your Personal Data. Your information may be retained in electronic form, paper form, or a combination of both. When your Personal Data is no longer needed or there is no lawful basis for storing it, we will securely destroy, delete, or erase it.
Retention of Non-Personal Data
Retention as required by law
Please note that, in some cases, we may be obliged by law to store Personal Data for a certain period of time (e.g., we are required to keep our accountancy records for the time period prescribed by law). In such cases, we will store Personal Data for the time period stipulated by the applicable law and delete it as soon as the required retention period expires.
6. Your Rights Regarding Your Personal Data
Updating Your Personal Data
Revoking Your Consent for Using Your Personal Data
You have the right to revoke your consent for us to use your Personal Data at any time, if you have provided such a consent. Your opt-out will not affect disclosures otherwise permitted by law including but not limited to:
1. Disclosures to affiliates and business partners
2. Disclosures to third-party service providers that provide certain services for our business, such as credit card processing, computer system services, and data management services
3. Disclosures to third parties as necessary to fulfill your requests
4. Disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law
5. Previously completed disclosures to third parties
6. Disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept.
When using our website and submitting Personal Data to us, you may have certain rights under the GDPR, the CCPA, and other applicable laws. Depending on the legal basis for processing your Personal Data, you may have some or all of the following rights:
1. The right to be informed. You have the right to be informed about the Personal Data we collect from you, and how we process it.
2. The right of access. You have the right to get confirmation that your Personal Data is being processed and have the ability to access your Personal Data.
3. The right to rectification. You have the right to have your Personal Data corrected if it is inaccurate or incomplete.
4. The right to erasure (right to be forgotten). You have the right to request the removal or deletion of your Personal Data if there is no compelling reason for us to continue processing it.
5. The right to data portability. You have the right to request and get your Personal Data that you provided to us and use it for your own purposes. We will provide your Personal Data to you in a machine-readable format within 30 days of your request. Should we need more time, we will explain to you the reasons why, and how much more time we need.
6. The right to restrict processing. You have a right to ‘block’ or restrict the processing of your Personal Data. When your Personal Data is restricted, we are permitted to store your Personal Data, but not to process it further.
7. The right to object. You have the right to object to us processing your Personal Data for the following reasons:
a) If the processing was based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling).
b) Processing for purposes of scientific/historical research and statistics.
c) Automated individual decision-making and profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
d) Filing a complaint with supervisory authorities. You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the applicable laws. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
How to exercise your rights?
In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to locate you in our system (we will use such information for verification purposes only). We will answer your request within a reasonable timeframe but no later than 30 days. Should we need more time, we will explain to you the reasons why, and how much more time we need.
We will provide your Personal Data in a portable and readily useable format. You can exercise your rights free of charge up to 2 times per year.
We will direct all our services providers, including Our Processors, to act according to your request. Please note that, in certain cases (e.g. if we need your Personal Data to complete a transaction, carry out our contractual obligations, comply with the applicable laws, or carry out our legitimate business interests), we may not be able to delete your Personal Data from our systems.
How to launch a complaint?
If you would like to launch a complaint about the way in which we handle your personal data, we request that you contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 45 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
7. Protecting the Privacy Rights of Third Parties
If any postings you make on our website contain information, including Personal Data, about third parties, you must make sure you have the permission to include that information in your posting. While we are not legally liable for the actions of our users, we reserve the right to remove any postings about which we are notified, if such postings violate the privacy rights of others.
8. Do Not Track Settings
Some web browsers have settings that enable you to request that our website does not track your movement within our website. Our website does not obey such settings when transmitted to and detected by our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.
9. Links to Third-Party websites
10. Protecting Children’s Privacy
Our website is not designed for use by anyone under the age of 18. Thus, we do not knowingly collect Personal Data from children under the age of 18. If you are a parent or guardian and believe that your child under the age of 18 is using our website or submit any Personal Data through it, please contact us.
Before we remove any Personal Data from our systems, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child under the age of 18 is accessing our website, we will delete his/her Personal Data within a reasonable period of time.
11. Our Email Policy
JustGardenCentres.com does not send marketing messages or informational notices to you. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission.
12. Our Security PolicyWe have built our website using industry-standard security measures and authentication tools to protect the security of your Personal Data. We and Our Processors maintain technical and physical safeguards to protect your Personal Data.
We implement organisational and technical information security measures to protect your Personal Data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks (we use SSL encryption), strong passwords, limited access to your Personal Data by our staff, and anonymisation of Personal Data (when possible).
When we collect your credit card information through our website, we will encrypt it before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, we cannot guarantee against the loss or misuse of your Personal Data or secure data transmission over the Internet because of its nature. We use third-party billing services and have no control over these services. We use our commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorised use.
We encourage you to protect any password you may have for our website and not to share it with anyone. You should always log out of our website when you finish using it, especially if you are sharing or using a computer in a public place.
Although we use our best efforts to protect your Personal Data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your Personal Data caused by circumstances that are beyond our reasonable control. In case a Personal Data breach occurs, we will immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
Repurposing of Personal Data
If at any time we decide to disclose or use your Personal Data in a method different from that specified at the time it was collected, we will provide advance notice by email (if we have it) and, if necessary seek your consent.