IMPORTANT INFORMATION AND WHO WE ARE
Who we are
https://www.greenstories.org.uk (“https://www.greenstories.org.uk” , “we”, “us”, “our”) is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this policy (see ‘How to contact us’).
PERSONAL DATA WE COLLECT AND USE
Personal data means any information relating to an identified or identifiable individual.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes [first name, last name, username or similar identifier, title, business/trade name if applicable
- Contact Data includes [address, post code, email address and telephone numbers].
- Financial Data includes [payment card details].
- Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
- Technical Data includes [internet protocol (IP) address used to connect your computer to the internet, your login data, browser type and version, time zone setting [and location], browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website].
- Profile Data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
- Usage Data includes [information about how you use our Website, products and services, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page].
- Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you including:
- Directly from you. You may give us your Identity, Contact and Financial Data via our Website or by corresponding with us by telephone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our Website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us some feedback.
- 2. Third parties, publicly available sources or other sources. We may receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
- analytics providers
- advertising networks and all our social media sites
- search information providers
- Contact, Financial and Transaction Data from providers of technical, payment and delivery/courier services
- Identity and Contact Data from data brokers or aggregators
- Identity and Contact Data from publicly available sources such as Companies House, the Electoral Register and Postcode finder.
HOW AND WHY WE USE YOUR PERSONAL DATA
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so.
What we use your personal data for
Our lawful basis for processing data
To provide products and services to you
Necessary for the performance of our contract with you or to take steps at your request before entering into a contract
To prevent and detect fraud against you
Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you
Necessary for our legitimate interests or those of a third party i.e. to ensure our customers are likely to be able to pay for our products and services
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
Necessary to comply with a legal obligation
Necessary for our legitimate interests i.e. to keep our records updated and to study how customers use our products/services
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Necessary for our legitimate interests i.e. for running our business, provision of administration and IT services, network security, to prevent fraud [and in the context of a business reorganisation or group restructuring exercise.
Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and inform our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you that are similar to those that you have already purchased or enquired about
Necessary for our legitimate interests i.e. to develop our products/services and grow our business
To enforce or apply our Website terms and conditions or any other agreements
Necessary for our legitimate interests or those of a third party i.e. to enforce our legal rights and protect our business
Your social media accounts,posts, messages directed to https://www.greenstories.org.uk
When you interact with us on any of our social media platforms
When we target social media posts
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
We may use your personal data to send you periodic communications by email about products, goods or services we feel may interest you.
We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you information about our goods or services. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt-out of receiving marketing communications at any time by:
- Emailing email@example.com
- using the ‘unsubscribe’ link in our emails
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
WHO WE SHARE YOUR PERSONAL DATA WITH
- External service providers e.g. analytics and search engine providers who assist us in the improvement and optimisation of our Website
- Advertisers and advertising networks that require Aggregated Data to select and serve relevant adverts to you and others.
- Delivery/Courier companies We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. If all or substantially all of our assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (e.g. whilst we are providing a product or service to you), including;
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law to comply with our legal and regulatory obligations.
We will not retain your data for longer than necessary for the purposes set out in this policy.
TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA
We do not transfer your personal data outside the European Economic Area
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
In certain situations, the right to require us to delete your personal data
Restriction of processing
In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
We do not use personal data for automated decision making.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email firstname.lastname@example.org and let us have enough information to identify you e.g. your full name and address as well as what right you want to exercise and the personal data to which your request relates.
KEEPING YOUR PERSONAL DATA SECURE
We have put in place reasonable and appropriate security measures to endeavour to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
All personal data you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email email@example.com, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
The EU General Data Protection Regulation also gives you right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.
This version was last updated in July 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
HOW TO CONTACT US
Do you need extra help?
If you would like this notice in another format (for example large print) please contact us.