This document was last updated on 23rd May 2018
We would advise users to familiarise themselves with this document and be aware that it will be updated from time to time.
This website is brought to you by Suregreen Ltd. We take data protection seriously. The collection of your data takes place in accordance with the law. In this policy, we would like to show you what data we collect, how it is processed and what security precautions we take against misuse of data. We wish to make our data protection policies transparent and comprehensible for everyone so that our visitors and customers know how we collect, process and use data. We are committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us.
You can contact us via firstname.lastname@example.org with any queries you have about this policy or about data protection more generally.
We do occasionally update this Policy so please do return and review this Policy from time to time.
Personal data includes all information that can be connected to a natural person (e.g. names, job titles, organisation names, addresses, telephone/mobile numbers or email addresses). Generally, you can use our online services without sharing your personal information. However, some services, such as registering for an account, making an enquiry or a purchase, may require the entry of personal data.
How we collect personal data
We collect information from customers online, over the phone, in writing and in person. We also research personal data from publicly available sources and very occasionally lease or purchase data from third-party vendors. All third-party vendors from whom we lease or purchase data have to demonstrate that any list they’re selling or renting is reliable by explaining how it was compiled and providing full details of what individuals consented to, when and how. Furthermore, we require them to ensure that data is lawfully and fairly obtained and that individuals understood their data would be shared with other parties.
Information we collect
In running and operating this website, we may collect and process certain data and information relating to you and your use of this site. This data and information is detailed below and does not include special categories of personal data and/or children’s data:
- Details of visits to our website and the pages and resources that are accessed, including, but not limited to, traffic data, location data and other communication data that may assist us in understanding how visitors use this website.
- Information that visitors provide to us as a result of filling in forms on our website, such as when a visitor creates an account, signs up for our newsletters or makes a purchase (the data outlined below is a requirement necessary to enter into a contract with us to supply a product or service – we cannot supply a product or service without it). Such data routinely includes:
- name of the person placing the order and of the person(s) on whose behalf they are placing it
- job title if applicable
- name, postal address and type of organisation if applicable
- landline number and/or mobile number
- email address of the person placing the order, or the email address given at the time of order.
Use of your information and legal basis for the use
The information we collect is used for our own use in developing our website. In addition, we may use the information for the following purposes:
- To provide you with information relating to our website, products or our services that you request from us (on the legal basis of your consent).
- To provide you with information on other products that we feel may be of interest to you where you have agreed for us to do so (on the legal basis of your consent).
- To meet our contractual obligations to you in providing a product or service on the basis of our terms and conditions (on the legal basis of the performance of a contract to which the data subject is party).
- For administrative purposes, such as invoices and reminders (on the legal basis of the performance of a contract to which the data subject is party).
- To notify you about any changes to our website, including improvements, and service or product changes that may affect our website (on the legal basis of your consent).
- To ensure that we don’t contact you for marketing purposes if you have expressed that preference or withdrawn consent (on the legal basis of your right to be forgotten).
- To identify your interests in order to send you only relevant marketing or remarketing for products, or on the basis of your consent.
- We hold data about unpaid invoices for credit control and may use this to refuse to supply further products or services.
- If you are an existing customer, we may contact you with information about goods and services similar to those that you have expressed an interest in previously (on the legal basis of the legitimate interest of processing of personal data for direct marketing purposes because of our relationship with you as our customer).
- To send you email newsletters that you have requested.
- To contact you while processing your query or purchase.
- To create your customer account and make it available to you, as well as to manage your orders.
You can visit our website without providing any personal information. Your browser, however, automatically sends certain information while you are online, which is recorded in so-called log files. We store these log files for the purpose of locating malfunctions and for safety reasons (e.g. to investigate attacks on our system) only. They are deleted after 7 to 10 days. Log files that are needed as evidence (in case of an attack on our system) will not be deleted until the investigations of an incident are completed. In individual cases log files may be handed on to the investigating authorities
The following information is recorded in log files:
- The IP address (internet protocol address) of the device used to access online services
- Internet address of the previous website from which a link was followed (so-called HTTP referrer)
- Name of service provider that provides access to the online service
- Name of the accessed files or information
- Time and date, as well as duration of access
- Amount of data transferred
- Operating system and information on the browser used, including installed add-ons (e.g. flash player)
- HTTP status codes (e.g. “OK” or “Not Found”).
The provision of personal data may also be required by law (e.g. tax regulations).
Collection and use of data for processing contracts and on registration of a customer account
If you share your personal data voluntarily, e.g. by opening a customer account, by placing an order or by contacting us (e.g. via contact form or email), we will collect it. It is self-explanatory which form collects which data. We use the data given to us to process your contracts and requests. Upon expiry of the retention period necessary according to commercial law and tax law, we will delete your personal data if you have not given us your explicit consent to further use of your data or if we have reserved the right to use your data for additional purposes permitted by law. Please refer to the additional purposes listed below. You can delete your customer account at any time by sending a message to the address listed below or by emailing email@example.com.
Subscription to our newsletter
If you subscribe to our newsletter, we use the necessary data you have provided us with to regularly send you our email newsletter. You can unsubscribe from the newsletter at any time by sending a message to the address listed below, emailing firstname.lastname@example.org, or by following the unsubscribe or preferences link specified in your newsletter email.
Marketing by email without subscription to our newsletter and your right to object
If we obtain your email address while selling a product or service, or if you consent to us using your email address, or there is a legitimate interest, we reserve the right to regularly send you information via email about similar products from our product range. This applies only if you have not objected to the use of your email address. You can object to this particular use of your email address at any time by sending a message to the address listed below, by emailing email@example.com, or by following the link specified in the advertising email.
Marketing by mail and your right to object
Furthermore, we reserve the right to retain in our database your title, name and surname, your job title, your postal address, your profession/line of business or type of business, if we have received this additional information during our contractual relationship. We use this database for our own marketing purposes, e.g. sending you interesting offers and information on products by mail. You can object to the retention and use of your data for this purpose at any time by sending a message to the address listed below or by emailing firstname.lastname@example.org.
Data protection for job applications
During the application procedure, we collect personal data from our applicants. If the applicant is later employed by us, we retain his or her personal data for the use during the whole employment relationship with regard to legal regulations. If we decide not to employ an applicant, the application data will be deleted within two months. As an exception, retention can be required if, for example, the application is to be used as a burden of proof in a lawsuit or if other legitimate interest for retention exists. If we are interested in retaining your application documents for consideration for future job vacancies, we will ask for your consent.
Data protection for minors
Children need particular protection of privacy. We do not wish to collect, process or use personal data of children under the age of 18. If you as a parent or legal guardian learn that your child has disclosed personal data to us, please contact us immediately if you wish to have it deleted.
A cookie is a small text file that is sent from a website when it is visited and stored on the user’s computer by the user’s web browser. If the aforementioned website is visited again, the user’s browser will transmit the cookie’s information to the server, allowing the recognition of the user. Some cookies are deleted after ending a browser session (called “session cookies”), others can either be stored by the user’s web browser for a specific, predetermined period of time or permanently (called “temporary cookies or persistent cookies”).
What data is stored by cookies?
Cookies will never store personal information. They are only used for online identification.
How to disable/delete cookies
You can deactivate the storage of cookies in your browser settings. Stored cookies can be deleted at any time through your browser. Please note that our online services may stop working properly for you or may even stop working altogether if you disable all cookies. Moreover, please note that objections against the creation of user profiles sometimes use a so-called “opt-out cookie”. If you have disabled all cookies your objection might not be taken into account any more. In this case, please submit your objection again.
Certain cookies are vital for the proper function of our online services. This includes: authentication cookies for the identification of our users; temporary cookies to remember certain user input (e.g. items added to a shopping cart, or content of an online form); cookies to remember certain user preferences (e.g. search or language settings); cookies to store data and thus guarantee the smooth playback of any video or audio content.
Our website uses the web analytics services of Google Analytics provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We have entered into a contract for data processing with Google and implement the strict legal requirements of the Information Commissioner’s Office while using Google Analytics.
For more information on the handling of user data by Google Analytics please visit Google’s data privacy and security site: https://support.google.com/analytics/answer/6004245?hl=en
You can block the storage of cookies by adjusting the settings of your browser. Please note that in this case, not all functions on our website may be fully available to you. Furthermore, you can prevent the collection of data generated by a cookie and connected to your use of our website (including your IP address), as well as the processing of your data by Google, by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en
You can also prevent the collection of data by Google Analytics from your mobile device by following this link: deactivation of Google Analytics (https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en). An opt-out cookie is placed to prevent the collection of your data on future visits to our website.
Use of Google Remarketing
Use of Facebook Retargeting
- HTTP header information (incl. IP address, information on your web browser, website save location, document, URL of the website, user agent of the web browser as well as date and time of use);
- Pixel-specific data: this comprises Pixel-ID and cookie data from Facebook, including your Facebook-ID (used to link events to a certain Facebook advertising account and to allocate them to a certain Facebook user);
- Additional information on your visit and on default or custom data events.
We use the following custom data events:
- Content searched and looked at on product level
- Products added to the shopping cart
- Initiation of checkout upon placing an order
- The conclusion of the ordering procedure.
Facebook automatically verifies whether data transmitted via Facebook Pixel can be allocated to a Facebook user by using a hashed, user-specific Facebook ID (included in the Facebook cookie). If no Facebook cookie is stored in your browser, you will not be categorised into one of the user groups called “Custom Audience”.
We cannot link your visit or related activities to your Facebook account. Facebook only supplies us with statistical information on the use of our website, employing Audience Insights. Facebook shares your data with Facebook Inc., Facebook 1 Hacker Way Menlo Park, CA 94025, USA, and uses your data to improve the quality of advertisements by enhancing the optimising-algorithm used by Facebook for showing Facebook Ads and by updating the News Feed Ranking.
Use of our customer chat
On our website, we collect and store anonymised data for the purpose of web-analysis and for the operation of our live chat system for answering support requests live by using technology supplied by Tawk.to, #6 – 8 Tirgoņuiela, Rīga, Latvia, LV-1050, (https://www.tawk.to/). Based on this anonymised data, user profiles can be created using a pseudonym. Cookies can be used for this purpose. Cookies allow the recognition of the internet browser. Data collected by Tawk technology will not be used to identify the user of a website without the user’s consent. Data collected by Tawk technology, such as an IP address, will not be merged with personal data, such as customer data. To avoid the storage of Tawk cookies, you can adjust the settings in your browser to block the future placing of certain cookies and to delete cookies already placed on your computer. The deactivation of all cookies may cause certain functions on our websites to stop working properly. You can object to future data collection and storage of data for the purpose of creating pseudonymised user profiles by sending an informal objection to email@example.com.
You have the right to be informed and, under certain conditions, the right to rectification, to erasure, to restrict processing or to object to the processing of your personal data; also, from 25th May 2018, the right to data portability. Furthermore, you can object to at any time (“objection to advertising/marketing”).
- If you have given us your consent for processing your data, you have the right to withdraw consent for future use at any time. If you do not want us to use your data for the purposes outlined above, then please instruct us via the contact details below. The legality of processing your data until revocation remains unaffected.
- You have the right to object to processing. Please bear in mind that for organisational reasons, your objection to the processing of your personal data for advertising or marketing purposes may overlap with the use of your data in an ongoing campaign. However in line with ICO advice electronic communications should stop within 28 days of receiving the notice, and postal communications should stop within two months.
- You have the right to request rectification/erasure (though please be aware that in line with ICO advice we may hold your data on a suppression list in order to be certain not to contact you again)
- You have the right to data portability
- You have the right to submit a Subject Access Request
Please use the information stated below to exercise your rights. Please give us sufficient information to ensure that we can match your objection to your data. If you want to exercise any of these rights you can contact us by any of the means below:
- by email firstname.lastname@example.org
- or telephone us on 01376 503869
- or write to us at Suregreen, Boyton Hall, Toppesfield Road, Finchingfield, Essex, CM7 4NZ
The complaints procedure for handling and escalation of complaints related to data processing is as follows:
- Complaints regarding how your personal information has been processed should be submitted directly to the company (email@example.com), which will acknowledge receipt within 5 working days.
- The company will review and respond in writing to your complaint within 28 working days of receipt of the complaint. If an extension is required, this will be up to a maximum of a further 10 working days.
- If the data involved in the complaint is leased, we will give feedback directly to the data broker.
- If you are dissatisfied with the way in which your complaint has been handled then you may write outlining your concerns to the company and another employee will review your concerns, responding within 28 working days.
- If you remain dissatisfied you also have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office. Their contact details can be found here: https://ico.org.uk/global/contact-us/
For more information on data protection, or if you have suggestions, please contact us via email (firstname.lastname@example.org). For contact information on Suregreen Ltd, please see our contact details elsewhere on this website. If you choose to contact us by email, please note that confidentiality of the information sent cannot be guaranteed. The content of emails may be intercepted by third parties. We suggest that confidential information should only be sent via post.
Storing your personal data
Data that is provided to us is stored on our secure servers, which may be accessed within Suregreen only. Information that we collect will not be transferred or stored outside the European Union without consent.
Security of customers’ data
- All customers’ contact details are stored only on our internal databases, which can be accessed only by Suregreen employees.
- Suregreen Ltd gives customers the opportunity to opt out of receiving marketing information. This information is kept in a suppression list. All post is screened against official mail preference lists.
- Suregreen maintains anti-virus software on both server and all individual PCs.
Credit card data
Suregreen Ltd offers customers the opportunity to pay for products by credit/debit card.
All credit card payments are made via Sage Pay using their secure systems. Only specially authorised Sage Pay staff will have access to cardholder details. At no point is cardholder data divulged to Suregreen staff.
No cardholder data details are held electronically or physically by Suregreen Ltd.
Sharing your data
We share your personal data with third parties only if it is either necessary to fulfil our contract, or if you have given us your consent to do so. Furthermore, we reserve the right to share your data if our company or a third party has a legitimate interest in sharing.
In order to fulfil our contract, we provide the shipping company with the data required to deliver the ordered goods.
For processing payment, we share the necessary payment details with either: the bank in charge of the transaction; or our authorised payment service provider; or the payment service you have chosen during the ordering process.
Furthermore, your data may be disclosed to third parties in order to comply with the law or to respond to an enforceable administrative order or court order.
All employees of Suregreen Ltd are obliged to treat personal data confidentially.
We will not supply your personal data to third parties for marketing purposes. We will not disclose your personal information to third parties other than:
- When processing is necessary for the performance of a contract to which the data subject is party
- Where we sell any or all of our business and/or our assets to a third party
- Where we are legally required to disclose your information
- To assist fraud reduction and minimise credit risks.
We may use your data to profile you in order to send you only relevant marketing or remarketing. Also, we hold data about unpaid invoices for credit control and may use this to refuse to supply further products or services.
Third party links
You may find links to third party websites on our website. Any external links are not our responsibility: once you click on a link to an external site, it will be subject to that organisation’s privacy policies, not ours. Please check their privacy policies as we do not accept any responsibility or liability whatsoever for their policies or the contents of their websites.
Access to information
The Data Protection Act 1998 gives all individuals the right to access personal information that is held about them. You can request a copy of any information that we hold about you. Please contact us if you wish to make such a request.
Security measures and technical information
All of our employees are regularly trained in data protection and are obliged to treat personal data confidentially. Our IT department is constantly adjusting our security measures to meet the latest standards. Our security measures are regularly monitored for effectiveness. Nevertheless, internet technologies may be affected by security flaws. Comprehensive protection against all online threats cannot be achieved; customers should, therefore, communicate sensitive data via telephone, post or fax.
Customise your browser’s privacy settings here: