We are the ‘controller’ of personal data we have collected about you as set out below. This includes personal data we use to verify your identity and confirm that you are at least 18 years of age (we cannot sell goods to you if you are below 18 years of age).
INFORMATION WE COLLECT AND HOW WE COLLECT IT
The information we gather on our site falls into two categories: (1) personal data you supply when you become a member, order, complete a survey, post in a discussion forum, post news articles, or provide your email address, and (2) tracking information collected as you navigate through patchplants.com or other website we operate (‘Website’).
When you make a purchase, subscribe to our marketing messages or become a registered user, we collect personal data about you such as your name, mailing address, e-mail address, telephone number, user name and password. We may ask you for personal data when you place an order for products or complete a survey. We use this information to process your order, perform and market the survey, respond to your request or to help improve our site.
When this type of personal data is collected, you will know because you will have to fill out a form of some sort or otherwise provide the personal data to us, for example in email or messages about your order.
If you access the Website through a social networking profile, we may collect, store and use the details of that social networking profile and any information contained therein in order to populate any forms you might wish to complete on the Website. We may also ask you to complete surveys and give feedback that we use for research purposes, although you do not have to respond to them.
When you use our site, we may collect tracking information such as your browser type, the type of operating system you use, the domain name of your Internet service provider, and pages visited on the site. None of this information identifies you personally; we collect it for aggregate reporting on site activity.
HOW WE USE YOUR PERSONAL DATA
- Marketing. We may contact you with promotions we think might interest you, as part of our market research, either by mail, telephone or email. If you are at a legal entity such as a company, the legal basis for this processing is our legitimate interests. If you are an individual, our legal basis is also our legitimate interests if you are an existing customer or provided your details while negotiating to become a customer, otherwise the legal basis will be your prior consent.
- Our Providers. We may also pass information about you to the service providers we use to carry out our services. In each case, we will have a written processing agreement providing appropriate and required safeguards for your personal data. Again, the legal basis here is our legitimate interest in providing a quality service to you.
- If all or part of our business is acquired by or merged with another company, we may share your personal data with the potential or new owners. If we do, we will ensure that we only share the minimum necessary and appropriate safeguards are in place.
HOW AND WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. We take the security of your personal data very seriously. In particular we ensure that appropriate security measures are in place to protect your personal data. Unfortunately, the transmission of information via the internet is not completely secure and so we cannot guarantee the security of your data transmitted through the internet including through the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU Commission. If you would like more information, please email us at email@example.com
You have the right to know if we process any personal data about you and, if we are, with certain limitations, to a copy of that personal data. You also have the right to ask us to remove or correct any of that personal data that is inaccurate, to object to certain processing and to withdraw any consent you may have given us for any processing of your personal data. You also have the right to ask us to restrict processing certain of your personal data, to erase your personal data, and to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
You have the right, at any time, to object to the processing of your personal data for direct marketing.
Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling and you have the right to object to this.
You also have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner, although we would welcome the opportunity to discuss and resolve any complaint with you first.
To exercise any of your rights, please contact us via the details below.
To protect your privacy and security, we will also verify your identity before granting access or making corrections.
As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.