PRIVACY NOTICE
WHO WE ARE AND HOW TO CONTACT US
We are Patch Garden Ltd, registered at Companies House under number 09897155, based at 3rd Floor, 45 Albemarle Street, London, England, W1S 4JL. We act as a Controller of your personal data which means we are trusted to look after and deal with your personal information in accordance with this policy. We determine the ways and means of processing and must therefore be accountable for it.
We are registered with the ICO as a fee payer and our registration number from the ICO is ZA172199.
We have a data protection manager responsible for overseeing this policy and your privacy rights. You can contact them by emailing hello@patchplants.com
INFORMATION WE COLLECT AND HOW WE COLLECT IT
The information we gather on our site falls into two categories: (1) personal data you supply when you become a member, order, complete a survey, post in a discussion forum, post news articles, or provide your email address, and (2) tracking information collected as you navigate through our Website.
We do not provide products to children or actively collect their personal data. If you believe that we have received information relating to persons under the age of 18 please contact us at hello@patchplants.com. If we become aware that a person under the age of 18 has provided us with personal information we will delete such information.
When you make a purchase, subscribe to our marketing messages or become a registered user, we collect personal data about you such as your name, mailing address, e-mail address, telephone number, username and password (identity and contact data).
When this type of personal data is collected, you will know because you will have to fill out a form of some sort or otherwise provide the personal data to us, for example in email or messages about your order.
We also collect financial and transactional data - details of orders made and processed; details of payments and cards used for payments.
We collect usage data relating to the products you purchased and how you use and navigate the website. We may also ask you to complete surveys and give feedback that we use for research purposes, although you do not have to respond to them.
We collect profile data which includes assumptions about your predicted buying behaviour and interests based on the usage data we collect about you and combined with non-personal data we obtain from third parties (see section entitled ‘Third Party Marketing” below for more information). We do not carry out automated individual decision making or profiling for the purposes of data protection legislation.
We collect technical data which includes your IP address; your general geographic location based on your IP address; the type of device you use, your device’s operating system and version; the browser type you use; what pages you view on our website and how you interact with the content on that site.
If you access the Website through a social networking profile, we may collect, store and use the details of that social networking profile and any information contained therein in order to populate any forms you might wish to complete on the Website.
We may randomly monitor and record your calls for training and quality control purposes. If we do so, we will play a prompt alerting you to this before we start the recording. Such recordings help us to ensure that we provide you with the highest level of service and maintain quality standards. The legal basis here is our legitimate interest in providing a quality service to you.
HOW AND WHY WE USE YOUR PERSONAL DATA
Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, legitimate interests, performance of a contract or legal obligation.
1. Consent. We may process your data based on your consent for certain marketing purposes, specifically Third Party Marketing. However, most of our own marketing activities by email fall under legitimate interest (see below). You have the right to withdraw consent to Third Party Marketing at any time. For more information on marketing, see the Third Party Marketing section below.
2. Legitimate interests. We may process your personal data when we have a legitimate reason to use it, that is proportionate to your rights. This includes:
- managing your account and answering your queries;
- protecting our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- requesting a review from you or your participation in a survey;
- Using your identity and contact data for marketing purposes – note that email marketing to existing customers is carried out using soft-opt in, rather than consent;
- promoting our business through delivering relevant website content and advertisements to you;
- measuring the effectiveness of the advertising we provide to you;
- improving our website and service;
- preventing fraud.
3. Performance of a Contract. We’ll use your personal data if necessary perform a contract with you, or a contract which we are about to enter with you, for example, to:
- register you as a new customer;
- provide our services and deliver orders to you;
- answer your queries or notify you of any changes to our service; and
- provide you with customer services.
- Facilitating payments us
- corresponding with business users of our service or suppliers to our business and managing that relationship;
4. Legal obligation. Sometimes we are under a legal obligation to use your personal data, for example where we:
- notify you about changes to this privacy policy or terms of use;
- respond to a complaint made by you; and
- are obliged by a court of law or the police (or other authority).
MARKETING AND THE SHARING OF YOUR PERSONAL DATA
- Third Party Marketing. If you provide your consent and actively opt in to promotional mail from third party brands, we will share your postal address with Epsilon Abacus. We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. To find out how Epsilon Abacus process your personal data, please click here.
INTERNATIONAL DATA TRANSFERS AND DATA SHARING
Like most companies, we use a number of other companies as part of our data processing. Third party service providers include website hosting providers, payment processors, CRM providers, customer service providers, delivery companies, and analytics providers.
If all or part of our business is acquired by or merged with another company, we may share your personal data with the potential or new owners.
Law enforcement, regulators and other parties for legal reasons – third parties who we are under a legal obligation to disclose your personal information to or who we need to disclose your personal information to protect our rights, property or safety or the rights, property or safety of others, detect and investigate illegal activities and breaches of any agreement we have with you.
Professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
Where we share your personal data with third parties, we will ensure that we only share the minimum necessary, that appropriate safeguards are in place and that such recipients are bound by appropriate confidentiality obligations. Where your personal data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses.
YOUR RIGHTS
You have rights in respect of our processing of your personal data.
Your right of access: You have the right to ask us for copies of your personal information.
Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing: You have the right to object to our processing your information in certain circumstances. Your right to object to marketing is absolute.
Your right to data portability: In some circumstances you have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if you gave us the data, and if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.
If you want to exercise any of these rights, please just contact us on hello@patchplants.com.
To protect your privacy and security, we may also verify your identity before granting access or making corrections.
OPTING OUT OF THIRD PARTY DIRECT MAIL
The most effective way to receive less advertising mail at home is to use the Direct Marketing Association’s (DMA’s) Mailing Preference Service. Through this service, you can choose to stop all future direct mail from DMA members entirely. All of our third party companies are registered as a DMA member, as members they subscribe to and suppress any name and address on the DMA’s Mailing Preference Service file from its direct mail marketing lists. The simplest way to register is online at www.mpsonline.org.uk/mpsr/ or call 0845 703 4599 to request an application form.
HOW LONG WE STORE YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have an account with us, your personal data will be kept by us for as long as your account remains active. If you deactivate your account, or we deactivate it due to a prolonged period of inactivity on your part, your data will be kept for a reasonable period of time after this so that we can complete any activities already initiated or where we have a need to retain your data for legal or technical reasons (including back-up systems). Following this period we will either delete the information or change it to a form that does not identify you. For details of retention periods please contact us at hello@patchplants.com.
CHANGES TO THIS PRIVACY NOTICE
This privacy policy was last updated on 28th April 2020.
We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.