Last updated: 13 April 2023 Version: 2.2
Who are we?
JustGardenCentres.com is an independently owned and run website which provides information about UK garden centres. We operate from the UK and we can always be contacted by email:webmaster@JustGardenCentres.com
For more detailed information about us click here.This privacy policy governs the processing of personal data collected through the website https://www.JustGardenCentres.com, the related mobile applications and services (collectively referred to as, “website”). This webpage describes how we handle your personal data. If you have any questions regarding our data protection practices, please feel free to contact us. This privacy policy explains:
The topics covered in this privacy policy include:
1. General Information and Definitions
About the website
JustGardenCentres.com website describes garden centres in the UK.
Our role as a data controller
JustGardenCentres.com acts as a data controller with regard to your
Personal Data
collected through the website (e.g. when you browse the website, or communicate with
us). In these circumstances, we are a data controller because we make decisions about the types of
Personal Data that should be
collected from you and the purposes for which such Personal Data should be used.
Applicable laws
We process Personal Data in accordance with data protection laws in
the United Kingdom, and do our
best to comply including, but not limited to, the EU General Data Protection
Regulation (“GDPR”).
Definitions
"Cookies" we use cookies on the website. For more information on the types and purposes of our cookies, please refer to our cookie policy.
2. Types and Purposes of Personal Data and Non-Personal Data that We Process
Personal Data We May Collect
We collect and process your Personal Data only for specified and legitimate purposes explicitly mentioned in this privacy
policy. We will use your Personal Data only for the the
following purposes:
a) to enable you to use the full functionality of the website
b) to provide you with the requested services
c) to maintain and improve the website
d) to conduct research about our business activities
e) to administer the website
f) to respond to your enquiries.
The detailed description of the purposes and legal basis for processing of your Personal Data is provided below.
SITUATION 1
When you contact us by email or through a
contact form, we collect your name, your e-mail address and any information you provide in your message
(this is Personal Data).
The purpose of capturing this Personal Data is to respond to your enquiry / comment and if necessary, to provide you with the requested information.
The legal basis for processing this Personal Data is to pursue our legitimate business interests (i.e. to grow and promote our business).
SITUATION 2
When you use the website we may collect
your IP address and cookie related data (please refer to our
cookie policy
for more information).
The purpose of capturing this Personal Data is to analyse, improve, and evaluate our business activities and to ensure the security of the website.
The legal basis for processing this Personal Data is to pursue our legitimate business interests (i.e. to grow and promote our business) and to gain your consent for additional personal data.
Non-Personal Data That We May Collect
When you use the website, we automatically receive information from your web browser or
mobile device. This information includes the name of the website from which you entered our
website (if any) as
well as the name of the website you may visit when you leave our website.
This information also includes your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use this Non-Personal Data to:
1 Analyse trends among our users to help improve our website.
2 Identify and fix errors.
3 Develop new features and services.
Personal Data obtained from third parties
When using our website, you can choose to permit or restrict services,
functionalities, and integrations provided by third parties, including social media service
providers (“Third-Party Services”). Once enabled, the providers of the Third-Party Services may share certain
information and Personal Data with us, subject to the privacy policy of the Third-Party Services.
We will use such Personal Data only for the purposes for which it was provided. You are encouraged to check carefully the privacy settings and notices of Third-Party Services to understand what information may be disclosed to us.
What Happens If You Don’t Give Us Your Personal Data?
If you do not provide us with the
Personal Data when requested, we may not be
able to provide you with all our services. However, you can access and use some parts of our
website without giving us your Personal Data.
Sensitive data
We do not intentionally collect special categories of personal data (‘sensitive data’), such
as opinions about your religious and political beliefs, racial origins, membership of a professional or trade
association, or information about sexual orientation.
Your feedback
If you contact us, we may keep records of any questions, complaints or compliments made by you
and the response, if any. Where possible, we will de-identify your
Personal Data. Please note that de-identified Personal Data is also
considered to be Non-Personal Data.
Aggregated data
In case your Non-Personal Data is combined with certain elements of your
Personal Data in a way that allows us to
identify you, we will handle such aggregated data as Personal Data. If your
Personal Data is de-identified in a way that it can no
longer be associated with an identified or identifiable natural person, it will not be considered
Personal Data and we may
use it for any legitimate business purpose.
3. Sharing Your Personal Data and Non-Personal Data with Third Parties
Selling your Personal Data and Non-Personal Data
We never sell
your
Personal Data to third parties for any purposes. The term
“sell” refers to selling, renting, releasing, disclosing, disseminating, making available, transferring, or
otherwise communicating orally, in writing, or by electronic or other means, your
Personal Data by us to another business
or a third party for monetary or other valuable consideration. For data aggregation purposes, we may use your
Non-Personal Data, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of
your Personal Data.
Sharing Personal Data with our data processors
If necessary for the purposes listed below, we will share your
Personal Data
with our third-party service providers we hire to provide services to us (“Our
Processors”). Our Processors include, but are not limited to, web analytics companies, advertising networks,
help desk providers, accountants, law firms, auditors, and email service providers.
The disclosure of your Personal Data to Our Processors is limited to the situations when such data is required for one or more of the following purposes:
1. Ensuring the proper operation of our website
2. Ensuring the delivery of the services requested by you
3. Providing you with the requested information
4. Pursuing our legitimate business interests
5. Enforcing our rights, preventing fraud, and security purposes
6. Carrying out our contractual obligations
7. Law enforcement purposes
8. If you provide your prior consent to such a disclosure.
List of Our Processors
We will share your personal data only with Our Processors that agree to ensure an
adequate level of protection of personal data that is consistent with this privacy policy and the applicable data
protection laws. Our Processors that may have access to your Personal Data are listed below:
Processor Service - Hosting
IONOS, location United
Kingdom, more information here
Processor Service - Business Analytics
Google
Analytics, location United States, more information
here
Processor Service - Business Analytics
Quantcast,
location United States, more information
here
Processor Service - Advertising
Google Adsense,
location United States, more information
here
Legally required release of Personal Data
We may be legally required to disclose your
Personal Data in the following situations:
1. Required by subpoena, law, or other legal process
2. To assist law enforcement officials or government enforcement agencies
3. Necessary to investigate violations of or otherwise enforce our legal terms
4. Necessary to protect us from legal action or claims from third parties, including you and/or other users or members
5. Necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
Disclosures to Successors
If our business is sold or merges in whole or in part with another business that
would become responsible for providing the website to you, we retain the right to transfer your
Personal Data to the new
business. The new business would retain the right to use your Personal
Data according to the terms of this privacy policy
as well as to any changes to this privacy policy as instituted by the new business.
Disclosure of Non-Personal Data
We may disclose your Non-Personal Data and de-identified Personal Data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the website, responding to lawful requests from public authorities, or developing new products and services.
4. Transferring of Personal Data Outside Your Country
The Personal Data that we collect from you may be stored, processed, and transferred between any of the countries in which we or our processors operate. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA.
Wherever we transfer, process or store your Personal Data, we will take reasonable steps to protect it. For example, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your Personal Data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).
The European Commission has not found the United States and some other countries where we and our Processors are located to have an adequate level of protection of Personal Data under Article 45 of the GDPR. We rely on derogations for specific situations as defined in Article 49 of the GDPR. We will use your Personal Data to provide the goods, services, and/or information you request from us to perform a contract with you or to satisfy a legitimate interest of our company in a manner that does not outweigh your freedoms and rights.
5. Retaining and Destroying Your Personal Data and Non-Personal Data
Retention of Personal Data
We retain information that we collect from you (including your
Personal Data) only for as long as we
need it for legal, business, or tax purposes. We always make sure that we have a lawful basis for storing your
Personal Data. Your information may be retained in electronic form, paper form, or a combination of both. When your
Personal Data is
no longer needed or there is no lawful basis for storing it, we will securely destroy, delete, or erase it.
Retention of Non-Personal Data
We may retain your
Non-Personal Data for as long as necessary for the purposes described in this privacy
policy. This may include keeping Non-Personal Data for the period that is necessary to pursue our legitimate business
interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and
enforce our agreements.
Retention as required by law
Please note that, in some cases, we may be obliged by law to store
Personal Data for a
certain period of time (e.g., we are required to keep our accountancy records for the time period prescribed by law). In
such cases, we will store Personal Data for the time period stipulated by the applicable law and delete it as soon as the
required retention period expires.
6. Your Rights Regarding Your Personal Data
Updating Your Personal Data
You can update your Personal Data
by
contacting us using the contact information found at the bottom of this privacy policy and we will help you.
Revoking Your Consent for Using Your Personal Data
You have the right to revoke your consent for us to use your
Personal Data at
any
time, if you have provided such a consent. Your opt-out will not affect disclosures otherwise permitted by law
including but not limited to:
1. Disclosures to affiliates and business partners
2. Disclosures to third-party service providers that provide certain services for our business, such as credit card processing, computer system services, and data management services
3. Disclosures to third parties as necessary to fulfill your requests
4. Disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law
5. Previously completed disclosures to third parties
6. Disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept.
If you want to revoke your consent for us to use your Personal Data, please contact us using the contact information found at the bottom of this privacy policy and we will help you.
Your rights
When using our website and submitting Personal
Data to us, you may have certain rights under the GDPR, the
CCPA, and other applicable laws. Depending on the legal basis for processing your
Personal Data, you may have some or all
of
the following rights:
1. The right to be informed. You have the right to be informed about the Personal Data we collect from you, and how we process it.
2. The right of access. You have the right to get confirmation that your Personal Data is being processed and have the ability to access your Personal Data.
3. The right to rectification. You have the right to have your Personal Data corrected if it is inaccurate or incomplete.
4. The right to erasure (right to be forgotten). You have the right to request the removal or deletion of your Personal Data if there is no compelling reason for us to continue processing it.
5. The right to data portability. You have the right to request and get your Personal Data that you provided to us and use it for your own purposes. We will provide your Personal Data to you in a machine-readable format within 30 days of your request. Should we need more time, we will explain to you the reasons why, and how much more time we need.
6. The right to restrict processing. You have a right to ‘block’ or restrict the processing of your Personal Data. When your Personal Data is restricted, we are permitted to store your Personal Data, but not to process it further.
7. The right to object. You have the right to object to us processing your Personal Data for the following reasons:
a) If the processing was based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling).
b) Processing for purposes of scientific/historical research and statistics.
c) Automated individual decision-making and profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
d) Filing a complaint with supervisory authorities. You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the applicable laws. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
How to exercise your rights?
If you wish to exercise your rights, please contact us by using the
contact details at the end of this privacy policy and give details of your request. You can contact us
electronically (by email or via our contact form) or by post, whichever method you prefer.
In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to locate you in our system (we will use such information for verification purposes only). We will answer your request within a reasonable timeframe but no later than 30 days. Should we need more time, we will explain to you the reasons why, and how much more time we need.
We will provide your Personal Data in a portable and readily useable format. You can exercise your rights free of charge up to 2 times per year.
We will direct all our services providers, including Our Processors, to act according to your request. Please note that, in certain cases (e.g. if we need your Personal Data to complete a transaction, carry out our contractual obligations, comply with the applicable laws, or carry out our legitimate business interests), we may not be able to delete your Personal Data from our systems.
How to launch a complaint?
If you would like to launch a complaint about the way in which we handle your
personal data, we request that you contact us first and express your concerns. After you contact us, we will
investigate your complaint and provide you with our response as soon as possible (no later than
45 days). If you
are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local
data protection authority.
7. Protecting the Privacy Rights of Third Parties
If any postings you make on our website contain information, including
Personal Data, about third parties, you must make
sure you have the permission to include that information in your posting. While we are not legally liable for
the actions of our users, we reserve the right to remove any postings about which we are notified, if such
postings violate the privacy rights of others.
8. Do Not Track Settings
Some web browsers have settings that enable you to request that our website
does not track your movement within our
website. Our website does not obey such settings when transmitted to and detected by our
website. You can turn
off tracking features and other security settings in your browser by referring to your browser’s user manual.
9. Links to Third-Party websites
Our website contains links to other websites. These third-party websites are not under our control and are
not subject to our privacy policy. We have no
responsibility for these third-party websites and we provide links to these websites solely for your
convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your
responsibility to check the privacy notices of any third-party websites to see how they treat your
Personal Data.
10. Protecting Children’s Privacy
Our website is not designed for use by anyone under the age of 18. Thus, we do not knowingly collect
Personal Data from
children under the age of 18. If you are a parent or guardian and believe that your child under the age of 18 is
using our website or submit any Personal Data through it, please contact us.
Before we remove any Personal Data from our systems, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child under the age of 18 is accessing our website, we will delete his/her Personal Data within a reasonable period of time.
11. Our Email Policy
JustGardenCentres.com does not send marketing messages or informational notices to you. We will not sell, rent, or trade your email address to any
unaffiliated third party without your permission.
12. Our Security Policy
We have built our website using industry-standard security measures and authentication tools to protect the security of your Personal Data. We and Our Processors maintain technical and physical safeguards to protect your Personal Data.We implement organisational and technical information security measures to protect your Personal Data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks (we use SSL encryption), strong passwords, limited access to your Personal Data by our staff, and anonymisation of Personal Data (when possible).
When we collect your credit card information through our website, we will encrypt it before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, we cannot guarantee against the loss or misuse of your Personal Data or secure data transmission over the Internet because of its nature. We use third-party billing services and have no control over these services. We use our commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorised use.
We encourage you to protect any password you may have for our website and not to share it with anyone. You should always log out of our website when you finish using it, especially if you are sharing or using a computer in a public place.
Security breaches
Although we use our best efforts to protect your
Personal Data, given the nature of communications
and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss,
use, copying, modification, leakage, and falsification of your Personal
Data caused by circumstances that are beyond our
reasonable control. In case a Personal Data breach occurs, we will immediately take reasonable measures to mitigate the
breach, as required by the applicable law. Our liability for any security breach will be limited to the highest
extent permitted by the applicable law.
13. Term and Changes to Our Privacy Policy
Term Change
We reserve the right to change this privacy policy at any time. If we decide to do so, we
will post those changes on our website so that our users and customers are always aware of our data protection
practices. For significant material changes or, where required by the applicable law, we may seek your consent.
If you disagree with the changes to the privacy policy, you should cease using the
website.
Repurposing of Personal Data
If at any time we decide to disclose or use your
Personal Data in a method different from
that specified at the time it was collected, we will provide advance notice by email (if we have it) and, if
necessary seek your consent.
14. Contact Us
If you have any questions about our privacy policy or would like to exercise your rights, please contact us using the following contact details: