Privacy Policy

Who we are

This website is owned and run by the garden maintenance and landscaping company Glean Gardening.

Our website address is: http://gleangardening.co.uk/

Our collection, processing and storage of personal data

Contact forms

What we collect:

Name

Email address

IP Address

Why we collect it:

To respond to enquiries

Lawful basis for processing:

Consent

Where we store it:

UK based secure server

Email server

Back-ups

Server logs:

What we collect:

IP address

Why we collect it:

To perform data security and maintenance tasks

To detect and prevent fraud and unauthorised access

Lawful basis for processing:

Legitimate interest/

Performance of contract

Where we store it:

UK based secure server

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The information below explains the cookies we use and why.

Read Google’s overview of privacy and safeguarding data

How do I change my cookie settings?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

Google Chrome

Microsoft Edge

Mozilla Firefox

Microsoft Internet Explorer

Opera

Apple Safari

To find information relating to other browsers, visit the browser developer’s website.

Who we share your data with

All data is kept in-house and not shared outside of those parameters

We will not sell or rent your information to third parties.

It may be necessary to share your personal data where there is a legal requirement to do so.

Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or to enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

How long we retain your data

We identify and delete personal data in our possession when it is no longer needed for the performance of our contract with the client organisation unless we are required to keep it for legal or security reasons.

We are required by UK government regulations to keep certain types of data (eg payroll, accounts and VAT records) for a minimum of 7 years. We also need to keep details of the fulfilment of business contracts for several years after completion of a contract as part of our professional indemnity insurance.

Accordingly, we routinely delete most other data, including emails, in batches after 8-9 years have elapsed. We keep some accounting and archival data indefinitely.

When deleting personal data, we take steps to delete all copies beyond reasonable possibility of restoration, including copies on backups. Digital data is deleted securely by overwriting it, and data on paper physically destroyed.

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes:

The right to be informed:

This privacy policy forms part of your right to be informed about what personal data is collected about you and what is done with that data.

More information on the right to be informed

The right of access:

You may make a subject access request to ask for any personal data that we hold on you. We are obliged to answer your request within 30 days, free of charge. To make a Subject Access Request please complete the form below or email james@gleangardening.co.uk

More information on the right of access

The right to rectification:

You may ask for any data we hold on you that is incorrect to be corrected by us. To make a data rectification request please email james@gleangardening.co.uk

More information on the right to rectification

The right to erasure:

You may ask for personal data about yourself to be removed, subject to other considerations e.g. we are required by law to keep invoice data for at least 6 years. To make a data erasure request please email james@gleangardening.co.uk.

More information on the right to erasure

The right to restrict processing:

You may ask to restrict the processing of your personal data in certain circumstances. To make a request to restrict processing of your personal data please email james@gleangardening.co.uk.

More information on the right to restrict processing

The right to data portability:

The right to data portability gives individuals the right to receive personal data they have provided to a controller in certain circumstances. To make a data portability request please email james@gleangardening.co.uk.

More information on the right to data portability

The right to object:

You can object to your personal data being used for marketing purposes. We do not use data for marketing except with your consent and you are free to change your preferences at any time.

More information on the right to object

Rights in relation to automated decision making and profiling:

We do not use automated decision making or undertake profiling with personal data.

More information on rights in relation to automated decision making and profiling

Where we send your data

The web servers for this website are located in the United Kingdom.

Data sent to us via email (including via our contact form) is held on a server in the United Kingdom. This data is safeguarded to European data protection standards.

Your contact information

For any privacy concerns, please contact:

James Glean

+44 (0) 7849713384

james@gleangardening.co.uk

Additional information

How we protect your data

We maintain a high level of physical and electronic security in relation to the collection, storage and disclosure of your information. We take reasonable steps to ensure that any information we hold about you is protected. We cannot warrant the security of information transmitted to us through the internet. When you transmit information to us via the internet, including email, you do so at your own risk.

Internally Glean Gardening utilises passwords to protect electronic devices that store data. We use and enforce strong passwords.

What data breach procedures we have in place

We will document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. We will notify the Information Commissioner Office (ICO) no later than 72 hours if the breach is likely to result in a risk to the rights and freedoms of natural persons in accordance with Article 55.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, will we communicate the personal data breach to the data subject without undue delay. This communication will describe in clear and plain language the nature of the personal data breach and include:

1. the name and contact details of the data protection officer or another contact point where more information can be obtained;

2. describe the likely consequences of the personal data breach;

3. describe the measures taken or proposed to be taken by us to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

This communication to the data subject is not required if the conditions in Article 34 – 3a), b) or c) – are met.:

. the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular, those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;

. the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;

. it would involve a disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

What third parties we receive data from

We do not buy or receive personal data from any third parties.

What automated decision making and/or profiling we do with user data

We do not use automated decision making or undertake profiling with personal data.

Privacy Notice updates

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

This Privacy Information Notice was last updated on 27 June 2018.