In order to provide you with an efficient and reliable customer experience, we need to collect certain types of information from you. Some of that information may be personal and, therefore, covered by privacy legislation. Where this information is covered by legislation, it will be the Data Protection Act 2018 and the DPPEC (Data Protection Privacy & Electronic Communications (Amendments etc)(EU Exit)) Regulations 2019 (UK GDPR) following the UK’s exit from the EU on the expiry of the Brexit transition period on 31 December 2020. However, where our commercial activities require it, we will continue to comply with the EU GDPR.
Below we have broken down the key information you need to know about your rights and explain what information we collect and why.
As this Policy is a living document, it will be amended from time to time and it would be prudent for you to check back regularly to follow any changes.
Who are we?
We are Garden & Hire Spares Ltd, Registered Office 88 Hill Village Road, Sutton Coldfield B75 5BE, Company Registration No 05848313.
Because we, either alone or with others, determine the purpose and means of processing of personal data, we are the “Data Controller” in respect of your personal data, as defined by UK GDPR and we will be the organisation that processes your personal data, unless we advise you that third parties are authorised to process personal data on our behalf. If you require further information or wish to discuss the provisions of this policy with us, please contact Louise Bridges, either by telephone on 01905 333475, by post to our trading address at
All Seasons Store,
or by email [email protected] marking for the attention of L Bridges
What information do we collect?
If you are purchasing from us and if you are signing up for an account with us, we will ask for an email address, the name and address of the entity with whom we are trading and a password, which will give access to your account. That password must be kept private and confidential by you at all times and you should not share that password with any other organisation or entity. You can amend any personal information associated with your user account and, because we must always ensure that the personal information we have is up to date, as soon as you are aware of any change in that information, you must notify us immediately by logging into the “My Account” section of our website.
If you order something from our site or from our EBay store, we will also need you to provide billing and shipping addresses and details about your credit or debit card, including numbers, expiry dates and security codes, so that we can process and fulfil your order. We do not, however, store your credit card details and nor does the third party organisation that we use to facilitate that financial transaction who, in those circumstances, is also a Data Controller but who has confirmed to us that it takes steps to protect your personal information which are consistent with this Policy.
The Purpose for Processing Information
We are a leading supplier of garden and machinery spares to trade and domestic customers. In order to do this, we maintain a stock of goods in our warehouse and have arrangements with third parties to supply you directly. To facilitate this, we need to collect information, some of which may be personal data and which is collected from you, either directly from information that you provide to us when completing the various forms on our website, or indirectly when you browse our site.
We process this information in relation to the above purpose and that information may include personal details, business activities, the goods and services in which you have expressed an interest or have purchased and certain financial details, in order for us to conclude the contract between us. Insofar as our employees are concerned, we also retain information relevant to their employment relationship.
As we have set out above, it is sometimes necessary to share personal information with third party organisations but, where this is necessary, we require those third party organisations to comply with the UK GDPR. In summary, therefore, we use your information in the following ways:-
Legal Basis for Processing
The legal basis for processing shall be one of the following:
How do we use your information?
We hold and use your personal information for the purposes set out above and we do so for as long as is necessary for the relevant activity to be completed, to comply with any contractual obligations which we may have with you, to ensure that we can continue to supply you with appropriate goods and services and to comply with any appropriate statutory or regulatory provisions.
At the end of any of the applicable periods of retention, we will securely delete the information, so far as it is appropriate to do so, bearing in mind the reasons for which the data was originally obtained or in respect of relevant legal considerations.
How do we protect your information?
We have implemented technical and organisational measures to ensure personal data is processed and secure and, whilst absolute security can never be guaranteed, we do our best to ensure that, so far as is possible, your data is and remains secure in our hands.
We use SSL (Secure Socket Layers) encryption to protect web pages with sensitive information, such as your account password and credit/debit card numbers, whenever this information is transmitted between your computer and our servers.
We store the personal information that you provide on servers that are located in a physically secure facility within the EU/EEA and, therefore, in an area for which the UK government has issued an adequacy decision regarding the privacy regime of the relevant country. These machines are protected against unauthorised access by appropriate physical and IT systems, designed to ensure that your information is not compromised. Generally speaking, the information you provide to us will only be transferred where we are permitted by law to do so and, where any third party organisation is involved, they have UK government approved Standard Contract Clauses, as provided for by the GB GDPR/EU GDPR.
Within the company, only authorised employees and third party contractors have access to personal data and this access is strictly regulated.
How do we keep you informed?
If you are a customer or supplier, we will generally interact with you through email and/or post, using the addresses that you have provided to us. We will do this in order to fulfil contracts that we have with you or to take steps which are linked to that contractual relationship. We will also use that information to pursue our legitimate interests, so long as those interests are not overridden by yours. We will ensure that you have a mechanism for opting out of certain communications by amending the permissions in the Accounts Section of the Garden & Hire Spares website which relates to your dealings with us. In order to ensure an appropriate level of customer/supplier care and in order to discharge the contractual obligations that may exist between us, we may contact you to notify you of important service issues that affect your account with us. Because these announcements will contain important information affecting your business dealings with us, these communications cannot be unsubscribed.
Where you an employee of the company, then we will contact you in order to provide you with information and facilities appropriate to the relationship of employer/employee and, in order to discharge that contractual obligation and any other concomitant legal obligations which may be imposed by statutory or regulatory authorities.
We use the information we collect about you to fulfil the contract we may have with you or that you may have with us, in order to conduct our business and pursue our legitimate business interests and, in circumstances where we require consent from you, for the purposes which we explain at the time that we ask for your consent.
One of the less noticeable ways in which we obtain information about you and your experience with us is via cookies on our website.
A cookie is a small amount of data which is sent to your web browser and stored on your computer’s hard drive. These cookies are designed to improve your experience as a user of our IT services, by providing you with a more personalised service. Cookies are not harmful to your computer and do not contain personal data. We never save sensitive or personally identifiable information within cookies and, whilst you may modify your web browser to reject cookies from us, you may find that you will not be able to access some of the functionality of our website or that your experience in using our website is not as good as it might otherwise be.
We may also monitor and record your computer’s IP address for system administration and for prevention purposes. IP addresses that we record are not linked or cross referenced to personally identifiable information or distributed to third parties and, as such, constitute anonymised data and are, therefore, not subject to the provisions of the UK GDPR.
As part of the commercial transaction when you purchase from us, we use a specialist third party card processing company. For the purposes of that transaction, therefore, that third party company will be a Data Controller. However, that company does not store, retain or use your personal information for any other purpose than the completion of that commercial transaction and they have confirmed to us that they take the same rigorous approach to the protection of your personal information as we do and that there is in place approved Standard Contractual Clauses to ensure this.
In order to monitor the performance of our IT infrastructure, we may share general statistical information, such as usage or service traffic patterns with our third party IT provider. However, none of this information contains personal information and is, therefore, outside the scope of UK GDPR.
We may be required by law to disclose personal information to appropriate law enforcement and regulatory authorities and, although you may request that this does not happen, where we are required by the law to do so, we must comply.
As we have mentioned above, most web browsers allow some control over cookie settings and to find more about that information, please visit www.aboutcookies.org or www.allaboutcookies.org. Links to manage cookies in popular browsers are below:Google Chrome
Microsoft Internet Explorer
Who has access to my information?
We do not sell or rent your data to third parties and information is only shared as set out above and then only in circumstances where appropriate safeguards and/or approved standard contractual clauses are in place.
Your rights as a Data Subject
UK GDPR gives data subjects rights, which are summarised below:
The right of confirmation
Each Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data relating to them is being processed.
The right of access
Data Subjects have the right to obtain from the Controller information about their personal data and to be provided with a copy of this information in an appropriate form.
The right to rectification
Data Subjects have the right to obtain from the Controller rectification of inaccurate personal data and to have incomplete personal data completed, including by means of providing a supplemental statement.
The right of erasure (the right to be forgotten)
Where one of the statutory grounds for erasure applies, a Data Subject has the right to require the Controller to erase personal data concerning them without undue delay.
The right of restriction of processing
In certain circumstances, Data Subjects have the right to require the Controller to restrict processing of their data, where a UK GDPR reason is applicable.
The right to data portability
Data Subjects have the right to receive personal data concerning them in a structured, commonly used and machine readable format where applicable.
The right to object
In certain circumstances, Data Subjects have the right to object on grounds relating to their particular situation to the processing of personal data concerning them.
Automated individual decision making including profile
Data Subjects have the right not to be subject to a decision based solely on automated processing, including profiling.
The right to withdraw consent
Where consent forms the basis for processing and only in those circumstances, Data Subjects have the right to withdraw that consent at any time. Data Subjects can do this by contacting us using the contact details provided above or the privacy link in the company website menu, although it may be necessary for us to retain some data, in order to ensure that the Data Subject is not contacted in future, eg in future marketing campaigns.
The right to complain to the supervising authority
The details of the supervisory authority to which a complaint can be made is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, telephone 0303 123 1113 or via the ICO website at https://ico.org.uk
Changes to this Policy
We will review this Policy at regular intervals and we reserve the right to update or amend it at any time and from time to time.
It is intended that this Policy is fully compliant with the applicable UK Data Protection legislation. However, if any conflict arises between the UK Data Protection legislation and this Policy, we will comply with the legislation.
This Policy was last updated on 11 February 2021.