Privacy notice

Privacy notice for Garden Organic.

Who we are

This is the privacy notice of Garden Organic. Garden Organic is the working name of the registered charity Henry Doubleday Research Association (HDRA).

In this document ‘we’, ‘our’ or ‘us’ refers to Garden Organic and its wholly owned subsidiaries Organic Enterprises Ltd and Garden Organic Ltd. It includes all of our programmes operating under any of Garden Organic’s sub-brands e.g. Master Composter, Master Gardener.

This notice also covers projects we jointly run in cooperation with other partners where Garden Organic acts as a joint data controller.

Garden Organic is the UK’s leading organic growing charity, dedicated to researching and promoting organic growing. Garden Organic’s purpose is to get as many people as possible growing organically. Our registered charity numbers are 298104 (England and Wales) and SC046767 (Scotland). Our company number is 2188402. Our ICO registration numbers are Z8463885 and Z8330422.

Garden Organic is committed to protecting your personal information and being transparent about what information we hold, whether you are a member, donor, volunteer, supporter, beneficiary or service user.

The purpose of this notice is to provide clarification on how Garden Organic uses the personal information given to us whether that’s online, via the phone, via email, in letters/other correspondence or from data provided to us by third parties.

We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This notice explains:

What information Garden Organic may collect about you;

  • How we will use that information;
  • Whether we disclose your details to anyone else;
  • Your choices regarding the information you provide to us; and
  • How we use cookies to provide services to you or to improve your use of our websites.

If you have any queries about this privacy notice or how we process your data please refer to our ‘How to contact us’ section at the end of this notice.

Information we collect

We refer to “you” a lot in this Privacy Notice. To better understand what information is most relevant to you, see the following useful definitions. You may fall under more than 1 definition and each definition is not mutually exclusive.

Member - You are a current, lapsed or terminated member of Garden Organic.

Donor - You have donated to Garden Organic either as a one off or a regular giver.

Volunteer - You have acted as a volunteer on our behalf e.g. helping out at events, acting as a seed guardian, participating with programme work.

Shopper - You have made a purchase from Garden Organic either online or in our on-site shop including buying any of our services such as courses.

Visitor – you have visited our gardens, attended our headquarters or attended one of our events around the country.

Supporter - You are interested in our cause and have signed up to receive communications from us.

Service user - You are a service user e.g. your school benefits from our services, you are a participant in a community programme, you receive a service from us at our Headquarters or in your community.

Website Visitor/General enquirer - You are just visiting our website because you are curious or have emailed/telephoned with a general enquiry.

Regardless of your interaction with us we only collect the personal data we need which may include:

Contact Information e.g. name, title, email address, postal address or telephone number. We collect contact information for many of our charitable purposes for example when you register to become a member, volunteer with us, sign up to our email newsletter, make a donation, sign up to an event, attend one of our courses, receive one of our services or otherwise provide us with personal information at our request.

Other personal information e.g. date of birth, gender, employment status, demographic information and pictures. This information is collected only if needed for the purposes of your interaction with us.

Usage information. We collect usage information about you whenever you interact with our website and services. This includes which webpages you visit, what you click on, when you perform those actions and so on.

Device and browser data. We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we also collect the unique user ID (UUID) for that device.

Information from page tags. Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. You can control the use of cookies via your browser. Further information can be found in our Cookie Policy which can be found on our website.

Referral information. If you arrive at Garden Organic’s website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

Information from third parties. We collect your personal information or data from third parties if you gave permission to those third parties to share your information with us or where you have made that information publically available online.

Social Media information. Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services. If you have any concerns about these apps please revisit your individual privacy settings for each app.

Sensitive data. Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, religious beliefs and political opinions. We do not usually collect ‘sensitive personal data’ unless there is a clear reason for doing so, such as acting as a volunteer on our behalf where we need medical information to ensure that we provide appropriate support or where we have contractual obligations to do so for a funding partner. We will always make it clear to you when we collect this information from you, what sensitive personal data we are collecting and why.

If you are a member/donor/shopper we will also collect:

Billing information. If you make a card payment (online or over the telephone) to Garden Organic, either as a member, donor or to receive any of our services, we also require you to provide your billing details, for example a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number).

If you set up a direct debit to Garden Organic, for example to make a regular donation, we will collect and store your bank details in order to be able to carry out this transaction. This is carried out in accordance with UK Direct Debit Law which safeguards and protects consumers that use the Direct Debit system.

We will also collect whether gift aid can be applied. All financial transactions are completed securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here - https://www.pcisecuritystandar.... We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only employees authorised and trained to process payments will be able to see your card and bank details.

If you are a volunteer we may also collect:

Recruitment documentation. In order to process your volunteer application we may also collect references, criminal records checks, qualifications, previous work/volunteer experience, details of emergency contacts, and health information. This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim).

If you are a visitor to our gardens/head office we may also collect:

CCTV images. Please see later section on CCTV.

How we use your personal data

We’ll only use your personal data on relevant lawful grounds as permitted by the EU general Data Protection Regulation (from 25 May 2018) UK data Protection Act and the Privacy and Electronic Communication Regulation.

Legal bases and legitimate interests

When we collect and use your personal information, we will make sure this is done in line with at least one of the legal grounds available to us under Data Protection law.

One of these is where we have your consent to use your information for a specific purpose, such as to send you a marketing email/text or to provide you with a product, service or information that you requested.

Another is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes.

In certain instances, we may collect and use personal information where it’s necessary in our legitimate interest as a charity, this includes being able to:

  • pursue our charitable purpose to deliver our aims and objectives;
  • raise vital funds that allow us to pursue our charitable aims;
  • send direct marketing material to supporters by post or contacting them by telephone for fundraising purposes (subject to checking against the Telephone Preference Service and any existing marketing preferences). See more in the Marketing Communications section below;
  • conduct research to better understand who our supporters are and better target our fundraising activity. See more in the Profiling section below;
  • manage our ongoing relationship with our members/supporters and anyone else we work with and maintain and administer our member/supporter database and systems;
  • manage our financial transactions and prevent fraud.

In all cases, we balance our legitimate interests as a charity against your rights as an individual and ensure we only use personal information in a way that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed marketing preferences.

Marketing Communications

We want to ensure you receive the level of information about Garden Organic that is right for you.

Email/text marketing - If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to Garden Organic emails or opting in to email communication from Garden Organic, you have given us the right to use the email for both email marketing purposes and targeted advertising.

Post/telephone marketing - If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to. We also actively check telephone numbers against the Telephone Preference Service.

We subscribe to the Fundraising Regulator and will also check your details against the Fundraising Preference Service.

Your choice

It is always your choice as to whether you want to receive information about our work and the ways you can get involved. If you do not want us to use your personal information in these ways please indicate your preferences on the form on which we collect your data.

You can also change any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone, or by post) by contacting us as detailed in the ’how to contact us’ section at the end of this privacy notice.

We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we are obliged to send. These are essential to fulfil our promises to you as a member, volunteer, donor or buyer of goods or services from Garden Organic. Examples are:

  • Transaction messaging, such as Direct Debit schedules and shop purchase confirmations
  • Membership-related mailings such as renewal reminders, The Organic Way magazines and notice of our Annual General Meeting

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you.

Profiling

We use profiling techniques to ensure we communicate with you in a way that is relevant and timely, and to provide an improved experience to our supporters. Profiling also allows us to target our resources effectively. We do this because it allows us to understand the background of the people who support us and use our services and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do or to tailor our services to better suit them. Importantly it enables us to provide you with a service that is better suited for your needs while raising more funds, sooner, and more cost-effectively, than we otherwise would.

In order to create a profile for you, we may use the information which you give us and which we collect from external resources, including information that is publicly available about you.

We may also use this information to help us determine whether and in what ways you might be interested in getting involved in our other fundraising activities.

You can let us know if you would prefer us not to profile you in this way by contacting us via any of the contact details provided in the ‘contact us’ section.

Sharing your data

We will never share your information with third parties for their own purposes, unless:

  • this is explained to you at the time we collect your information, for example, some of our funders require us to share personal data so we can evidence how we are using their funds; or
  • you give us your permission to; or
  • we are legally required to do so, for example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf.

We also use suppliers known as 'data processors' to process data on our behalf, for example, to send out mailings. When enlisting the services of such suppliers we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.

Where Garden Organic is collecting personal data in our capacity as a joint data controller, for example on some of our jointly delivered programmes, data may be shared with joint data controllers for the purposes of executing the programme or project. Details of who the joint data controllers are and how your data is stored and used will be clearly explained to you at the time we collect your data. We will also provide details on how to exercise your data protection rights for any such programmes/projects that have joint data controllers.

We may disclose aggregated, anonymised data to evidence the outcomes of our charitable work to funding partners or to demonstrate what we can offer to prospective funding partners. Unless we have previously sought your consent to share individual personal data. This data will always be aggregated and anonymous and will therefore not contain any personal information.

In the event of the sale of the charity, a merger, a reorganisation, bankruptcy, dissolution or similar event, your information may be part of the transferred assets.

Transferring data outside the EEA

Garden Organic’s operations are based in the UK and we store most of our data within the European Union (EU). Sometimes organisations who work on our behalf may manage information outside the EEA. In those circumstances, we will ensure that we have a valid reason for doing so under current Data Protection Legislation and that your data is being properly secured.

How we secure your data

We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape.

We have comprehensive data protection and IT and Information Security policies which all employees and relevant volunteers must sign up to.

In addition, our employees complete mandatory information security and data protection training to reinforce responsibilities and requirements set out in our policies.

When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilising strong encryption when your information is stored or in transit we minimise the risk of unauthorised access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.

Retention

We keep your personal information only for as long as required to operate our services in accordance with legal requirements, tax and accounting rules and funding partner requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner. If you would like to know how long we will hold any specific information, then please contact us and we can provide further details.

Under 18s

Garden Organic is committed to protecting the privacy of minors that engage with us through our work with young people. When we collect information about a child or young person aged under 18 we will make the reasons for collecting this data very clear including how it will be used.

Links to other websites

Our website contains links to other websites. If you follow any of our links please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. This privacy policy applies solely to the personal data collected by Garden Organic.

CCTV

We have Closed Circuit Television (CCTV) at our headquarters and anyone attending the site may be recorded.

CCTV is used to provide security and protect our employees, volunteers, visitors and Garden Organic itself. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for a set period of time after which it is recorded over. Garden Organic complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.

Your data protection rights

Where Garden Organic is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask Garden Organic to stop using your personal data for direct marketing purposes at any time as referred to in the marketing communications section. To withdraw your consent or change any of your preferences please contact us as detailed in our ‘how to contact us’ section at the end of this privacy notice.

Subject access rights

If you would like further information on your subject access rights or wish to exercise them, please contact us directly as detailed in the ‘how to contact us’ section at the end of this privacy notice.

If you wish to exercise your rights you will be asked to provide the following details:

  • The personal information you want to access;
  • Where it is likely to be held;
  • The date range of the information you wish to access

You will need to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.

Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.

How to contact us

Our contact details are:

Post: Data Protection Officer, Garden Organic, Wolston Lane, Ryton-on-Dunsmore, Coventry, CV8 3lG

Email: [email protected]

Telephone: Please call 02476 308208 and ask for our Data Protection Officer.

What to do if you’re not happy

In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection or are unhappy with how we have used your data. You can contact them using their help line 0303 123 113 or at www.ico.org.uk

Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator. Details of their complaints procedure can be found on their website: www.fundraisingregulator.org.u...

Updating this policy

We may update the terms of this policy at any time, so please do check it periodically. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website(s). By continuing to use our website you will be deemed to have accepted such changes.

This privacy notice was last updated on 22nd May 2018.