This website privacy notice describes how the National Garden Scheme protects and makes use of the information you give the company when you use this website.
If you are asked to provide information when using this website, it will only be used in the ways described in this privacy notice.
This notice is updated from time to time. The latest version is published on this page.
This website privacy notice was updated on 09/07/2020
If you have any questions about this policy, please email firstname.lastname@example.org or write to National Garden Scheme, Hatchlands Park, East Clandon, Guildford, GU4 7RT
We gather and use certain information about individuals in order to provide products and services and to enable certain functions on this website.
We also collect information to better understand how visitors use this website and to present timely, relevant information to them.
During the course of our activities we will process personal data (which may be held on paper, electronically, or otherwise) about our customers/subscribers and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulation (GDPR). The purpose of this policy is to make you aware of how we will handle your personal data.
However data technology and rules change regularly, so we reserve the right to amend it at any time.
We will comply with the seven data protection principles in the GDPR, which say that personal data must be:
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose. (We will review data we have every 3 years)
- Processed in line with individuals’ rights.
- Be kept secure.
“Personal data” means recorded information we hold about you from which you can be identified. It may include your contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
What data we gather
We may collect the following information:
- Contact information including email address
- Demographic information, such as postcode, preferences and interests
- Website usage data
- Other information relevant to client enquiries
- Other information pertaining to surveys and competitions
How we use this data
Collecting this data helps us understand what you are looking for from us as an organisation, enabling us to deliver improved products and services.
Specifically, we may use data:
- For our own internal records.
- To improve the products and services we provide.
- To contact you in response to a specific enquiry.
- To customise the website for you.
- To send you emails about garden openings, events and other activities we think might be relevant to you.
- To process an order. Order info will be used by us and JEM Marketing & Fulfilment Services Ltd our fulfilment company to dispatch orders.Your personal information may be stored on our website, in our CRM database (Microsoft Dynamics) and in our email marketing system (Mailchimp and Adestra). We (and our suppliers) will only store this for as long as is required to fulfill our obligations to you, or until you ask us to remove it, whichever is the sooner. We only give access to staff and suppliers who need to access our systems to perform the actions requested by you and all staff and suppliers with access have agreements and policies setting out or replicating our high expectations for the storage and processing of data. In addition to the businesses above the following organisations support us in keeping our systems secure and up to date – NetKoIT, Methos Consulting, JB Cole, Hype London, Level Partnership, JEM Marketing.
We will usually only process your personal data where you have given us your explicit consent for example to register for access to our website, or for entry into a prize promotion, signing up for a newsletter or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the GDPR.
- We will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by the GDPR.
- Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
- We will seek to keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be deleted. However, it is your obligation to keep us informed of any changes to your personal data, eg if you move house, or if you become aware of any inaccuracies in the personal data we hold about you. You may do this by sending an email as indicated in section six.
- We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required, which is typically two years from your last interaction with us, by email, website or other means.
- We will only process your data in line with your data rights.
You have the right to:
- Request access to any personal data we hold about you.
- Prevent the processing of your data for direct-marketing purposes.
- Ask to have inaccurate data held about you amended.
- Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
- Object to any decision that significantly affects you being taken solely by a computer or other automated process.
To exercise any of these rights, please send us an email to the contact in section six with your full name and details and we will do our best to make the amendments as soon as possible. But do please understand that changes may not be immediate.
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We will ensure that we have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of deletion.
COVID-19 Information: In line with guidance issued by the Department for Health and Social Care, we will keep your garden visit online booking details for at least 21 days. We will share them with Test and Trace personnel, if asked, in the event of a visitor or host at the garden, on the day you are visiting, testing positive for coronavirus.
We are doing this to help reduce the risk of any local outbreak – by sharing your information NHS Test and Trace can quickly identify people who have come into contact with someone who has tested positive for COVID-19, and ask them to take the necessary precautions.
Data will be handled according to GDPR, security and ethical standards at every stage of the process – from its collection and storage by us to its transfer and use by NHS Test and Trace. This data will be used only for NHS care, management, evaluation and research. If you do not wish your data to be used in this way please send an email to email@example.com
Controlling information about you
When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to:
- Opt-in to receive marketing communications from us by email
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
- Sign in to our website and change your opt-in settings.
- Send an email to firstname.lastname@example.org
- Write to us at: National Garden Scheme, Hatchlands, East Clandon, Guildford, GU4 7RT
We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to.
Any personal information we hold about you is stored and processed in line with the General Data Protection Regulation 1998 and GDPR.
Providing information to third parties
Unless we have obtained your specific consent, we will never transfer your data to third parties for them to communicate directly with you. The only exception is where it is necessary to fulfil our obligations to you, for example to give a fulfilment company your address to send you a prize. But we will only transfer personal data if the other company agrees to comply with our data procedures and policies, and if they put in place adequate data security measures.
We will always hold your information securely.
To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
We also follow stringent procedures to ensure we work with all personal data in line with the General Data Protection Regulation 1998 and GDPR.
As soon as you make a payment transaction on our website, all of the information is transferred between The National Garden Scheme website, and SagePay, our payment provider. This information is encryptyed using industry standard 128 bit SSL encryption. For more information regarding SagePay click here.
Links from our site
Our website may contain links to other websites.
Please note that we have no control of websites outside the ngs.org.uk domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy.
We will try to provide you with links to high quality, reputable websites which we believe will be of interest and relevant to you, but please note that such third party websites are not under our control and we do not contribute to the content of such websites. When you click through to any of these websites you leave the area controlled by The National Garden Scheme. We cannot accept responsibility for any issues arising in connection with the third party’s use of your data, the website content or the services offered to you by these websites.
Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.
In addition to these policies your personal data is protected in the UK by the General Data Protection Regulation 1998 and GDPR. Under this act The National Garden Scheme will only process any data we hold about you in a lawful and fair manner. The National Garden Scheme will keep your data securely to prevent unauthorised access by third parties.
Your personal data may have to be disclosed if we are required to disclose it by law, or as a result of a lawful request by a governmental or law enforcement authority.
Under GDPR you have the right to request access to the data we store on you, the right to have it rectified and the right to have it removed. To exercise these rights contact us by email – email@example.com or by post National Garden Scheme, Hatchlands, East Clandon, Guildford, GU4 7RT.
Queries or concerns
If you have a query or concern about what we do with your data please contact our data protection manager by email firstname.lastname@example.org.
The independent body that oversees data protection in the UK is the ICO and you can find their details here