Who we are and who is collecting your information
The personal information which you provide to us when visiting and using our Site, is provided to and is collected by Gardening Direct a trading name of Gardening Direct Ltd a Company (Number RC86103) registered in Jersey, Channel Islands at the address Beachside Business Centre, Rue Du Hocq, St Clement, Jersey, JE2 6LF. Registered VAT number 974291489.
Security to protect your information and personal information and the personal information of others.
The applicable Law: In accordance with the requirements the DATA PROTECTION (JERSEY) LAW 2018, which brings equivalence to the principles of the European General Data Protection Regulations (GDPR), and sets out the rights of individuals in respect of their personal data as well as the obligations and conditions organisations must follow to process it, we have established and implemented secure Data Management procedures to ensure your information is correctly stored, maintained and protected, including prevention of unauthorised access to areas of our Site, our Systems or our premises, where your information has been collected and securely stored by us.
Ways in which we collect information and what information is collected
GD use different methods to collect personal data from and about you including through: Direct interactions - You may give us your identity, contact and financial data by filling in forms or corresponding with us by post, phone, email or otherwise. This includes the personal data you provide when you:
- Apply for products or services
- Give us feedback or complete a survey
- Request marketing to be sent to you
- Create an account on our website
Systems Collection: It is possible that you visit our Site without telling us who you are and you can choose to not provide us with any of your personal information. You should be aware, however, that our Systems may identify and record information such as details of your ISP, your IP address, which pages of our Site you accessed, the date(s) and time(s) of your visit(s) and other technical information relating to your visit to our Site.
Your Visit(s) to our Site: We also, collect your personal information in instances where you visit our Site and choose to opt-in to receiving information from us, purchase any of our Products or services, take part in online competitions, surveys or if you simply contact us with a query or complaint. If you contact us by phone or write to us by mail or on email we keep a record of your contact details so that we can respond and maintain a conversation with you.
Site tracking and Web Beacons: To help us develop the design and layout of our Site to better meet your needs we use tracking software and web beacons to monitor traffic patterns and our Site usage. This software does not enable us to collect any personally identifying information about you.
Your Control of Cookies & Web Beacons: You can use a variety of tools to control Cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Your browser and other choices may impact your experiences when using our Site.
Third Parties – we may receive personal data about you from various Third parties if you have ordered our products from them. We use the latest secure server technology to ensure this information is protected to the highest standards. We use encryption to safeguard your card information and only accept orders from web browsers that permit communication through Secure Socket Layer (SSL) technology - this means you cannot inadvertently place an order through an unsecured connection. Most web browsers above version three support this security. This encryption makes it virtually impossible for unauthorised parties to read any information that you send us. We employ firewall software that will only leave your information on our website until it has been registered in our offline systems. Our website is tested and certified by Sophos daily to ensure that our website protects you from identity theft, viruses and other online threats
Why we may collect and use your personal information:
Your personal information will be used by us in a variety of ways, including but not limited to:
- Your name: so we know what to call you
- Email address: so we can email you order confirmations, delivery delays, offers etc
- Delivery address: so we can despatch your order to you
- Telephone number: we’ll only call if we have a problem with your order
- Debit or Credit card details: we only ask for these when you place an order and these are not stored on our system and only used at the time of payment
- Transaction Data: details of products and services that you have purchased
- Usage Data: including how you use GD’s services or submit enquiries or queries to us
- Marketing and Communications: including your preferences in receiving marketing or surveys from us
Protection of your privacy is taken very seriously by GD. We do not pass your information to third parties for any marketing purposes. GD does not process or collect any Special Categories of Personal Data about you (which includes details about your race, ethnicity, religion, philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data or criminal convictions and offences).
Purposes for which GD will use your personal data
Set out below is a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
|Purpose/Activity||Type of data||Lawful basis for processing|
|To register you as a new customer and verify your identity when using log-ins||Identity
|Performance of a contract|
To process and deliver products including: Managing payments and charges Contacting you and corresponding regarding your order
|Performance of a contract, take payment and provide orders|
|Respond to queries and enquiries||Identity
|Legitimate interest (to respond to customer requests)|
|Undertake marketing to you||Identity
|Legitimate interest (to offer similar products or offers)|
|Business Performance – to Manage our business performance assess client satisfaction and improve our services||
|Legitimate interest (to improve the service we provide)|
If you fail to provide personal data
Where you fail to provide personal data when requested, GD may not be able to perform the contract it has or is trying to enter into. In this case, GD may have to cancel the Services but we will notify you if this is the case, at the time.
Management and retention of your personal information
We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, which include satisfying any legal, accounting or reporting requirements. In general, we keep personal data in accordance with our own internal data retention procedures, which are determined by regulatory/legal obligations and good practice. These retention periods depend on the nature of the information and are subject to change as detailed below. Should you have any questions regarding this, please contact us directly.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter which can be up to 10 years, in case you should decide to re-activate your Account and the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Services improvement and development, we take steps to provide information that does not identify you, and we use the information only to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about individuals.
How long we keep information: The time period during which we keep your personal information depends on the types of information, as described in further detail below. After an appropriate time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), we will securely store your personal information and isolate it from further use until deletion is made possible.
Information you share on our Site: If your Account is deactivated or disabled, some of your information and the content you have provided to us will be stored in order to allow our employees to make use of the Services information. For example, we will continue to retain messages you sent to us and we will continue to retain any actions/content you provided to us.
Marketing information: You may choose to receive or to not receive direct marketing or other information from us. Please ensure you tick the correct box indicating your preference. If you have elected to receive marketing material from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Account, where applicable. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created. If, at any time, you no longer wish to receive marketing or other information from us, you can unsubscribe by clicking on the unsubscribe link included on our Site.
You have rights under the Data Protection Legislation with regard to your personal data. Under certain circumstances, these include the right to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to the processing of your personal data
- Request restriction of processing of your personal data
- Request transfer of your personal data
Right to withdraw consent of use of your personal data.
To exercise any of the above rights please contact us directly at Gardening Direct (full contact details below). Should you wish to exercise your right to erasure or where information is deleted in accordance with GD’s retention policy, note that after the deletion of your personal data, it cannot be recovered, therefore should you require a copy of this personal data, please request during the period GD retains the data.
The GD website and company as a whole is not intended for children. GD will not knowingly collect any personal data from persons under the age of 18 and will immediately delete such data should it be identified.
Questions and Contact Information
For any questions or further information please contact us, either by phone, post or email at:
2 Britannia Place
Phone: 03333 702 702