Leafy Lytham ("We") are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act) and the General Data Protection Regulation, the data controller is Leafy Lytham of office address 19 Whitecoats Drive, Lytham FY8 4HH.
Information we may collect from you
We may collect and process the following data about you:
Information you give us. You may give us information about you by filling in forms on our site www.leafylytham.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Customer Preferences. We may from time to time and where relevant record information about your product preferences which may include for instance colour combinations you like or details about your own garden such as soil, light and aspect in order that we can recommend more suitable products for you.
data storage period
We will store your personal information for a period reasonable and proportionate to the product or service offered.
right to withdraw
At any time, you have the right where relevant to withdraw your consent for us to use your information. You can withdraw your consent for us to use your information by emailing us at firstname.lastname@example.org stating ‘I wish to withdraw my consent for you to use my personal information’ with your name. You can also complain to the ICO.
Uses made of the information
We use information held about you in the following ways:
Information you give to us. We will use this information:
to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. We will only pass on details to third parties if you have given us specific consent to do so.
to notify you about changes to our service;
to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep our site safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
to execute a contract or your request to explore a contract with us.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our business as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
Analytics and search engine providers that assist us in the improvement and optimisation of our site.
Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Leafy Lytham or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your personal data
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights (compliant with gdpr regulation)
1). THE RIGHT TO BE INFORMED:
You have a right to be informed how and why we use your personal data. See above sections titled ‘Information we may collect from you’, ‘uses made of the information’, ‘data storage period’ and ‘right to withdraw’ to be informed of how and why we use your personal data.
2). THE RIGHT OF ACCESS:
You can request access to your information to confirm its being processed and to confirm what data is being processed and used. You can do this to ensure that the processing and use of the information is being done in a lawful way. Upon request we will allow you to access your information;
Free of charge
Within one month of you requesting it. We can, however, extend this by a further two months if requests are complex or we have many to deal with. If we do this, we will inform you within one month and give you a good reason why we need an extension.
In an electronic format if the request is made electronically
If we think a request is “manifestly unfounded or excessive”, for example because the request is repetitive, we can charge you a reasonable fee, considering our administrative costs, or we can refuse to respond. If we refuse, we will explain why, and inform you that you can complain to the Information Commissioner’s Office (ICO).
3). THE RIGHT TO RECTIFICATION:
Sometimes referred to as the right to have information corrected, this is concerned with the you being entitled to having your data rectified – this is usually if it’s inaccurate, out of date or incomplete. If you make a request for rectification, we will:
Inform you about third parties we have sent your data to where appropriate.
Inform those third parties that the data is being rectified, where possible.
Comply with a request for rectification within one month. This can be extended by two months if a request is complex.
If we decide not to take action following a request for rectification, we will explain why to you. You can complain to the ICO or bring a complaint before a court.
4). RIGHT TO ERASURE:
Also known as the right to be forgotten, this is concerned with your right to request to have your data removed when there’s no reason to continue processing it. We will also inform third parties, which we’ve sent your data to, that we are erasing it, unless it’s impossible or will involve a disproportionate effort. However, your right to be forgotten is only under specific circumstances. This includes:
Where processing data is no longer necessary for the purpose it was first collected
When an individual has objected to having their data processed or has withdrawn consent
If the data was unlawfully processed, so is in breach of GDPR
In certain circumstances, we can refuse a request to erase an individual’s data. This includes if it’s being processed to comply with a legal obligation for performing a task that’s been carried out in the public’s interest. Other examples include refusal for public health purposes, or the exercise of legal claims.
Your right also is not limited to processing that causes you damage or distress, as current per Data Protection Act guidelines. However, we understand that any damage or distress caused is likely to make your case for erasure of data stronger.
5). THE RIGHT TO RESTRICT PROCESSING:
This means you have the right to block or suppress the processing of your data. We will restrict data processing for different reasons, including:
When you contest the accuracy of your data. We will restrict processing until accuracy is verified.
When you have objected to the processing
If we no longer need the data, but you need it to establish or defend a legal claim.
We will inform all third parties to whom we have disclosed the personal data, about restricting the processing. We will also inform you if we decide to lift a restriction on processing.
When processing is restricted, we are allowed to store that data but not process it any further. We can also retain enough information to ensure a restriction is respected.
6). THE RIGHT TO DATA PORTABILITY:
You have the right to obtain and safely reuse your data across different services for your own purposes. An example of when you might want to do this includes using your data on a price comparison website, or to help understand your spending habits. We will provide data:
Within one month, free of charge
In a structured and machine-readable format. This means that software can extract specific elements of information, allowing other organisations to reuse the data at the individual’s request.
The right to data portability only applies where you have provided the data, if processing is based on your consent or to perform a contract and also when processing is done by automated means.
7). THE RIGHT TO OBJECT:
This means you have the right to object to your data being processed. This is concerned with processing being based on three areas:
Legitimate interest, or performing a task in the public interest or an exercise of official authority, including profiling
For purposes of scientific/historical research and statistics
For each of the three areas you have different rights. For instance, we will stop processing data for direct marketing purposes as soon as we receive an objection and will deal with it free of charge. When processing for legitimate interest, however, we will stop unless the processing is being done to establish or defend a legal claim, or if we can demonstrate there are legitimate grounds for it, which overrides your interests and rights.
In cases of legitimate interest and direct marketing, you have a right to object to processing when we first communicate with you. This will be presented clearly and separately from other information.
If you object to processing that’s based on legitimate interest or research, you should have “grounds relating to your particular situation” for your request to be accepted. When processing concerns research, we are also not required to comply with an objection where the processing is necessary for the performance of a public interest task.
8). RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING
This means that you have the right not to be subject to a business’s automatic decision making in certain circumstances. It’s concerned with a business providing safeguards for an individual against the risk that it might make a potentially damaging decision, without human intervention. The right “not to be subject to a decision” applies when it’s:
Based on automated processing
Produces a legal effect or a similarly significant effect on you.
For you to have this right, we will ensure that you can obtain human intervention and express your point of view. We will also ensure you’re able to receive an explanation about an automated decision and challenge it.
The GDPR states that profiling is any form of automated processing which is used to analyse or evaluate an individual’s personal details. This includes your health, behaviour, personal preferences, performance at work, economic situation, and where you live. When processing data for profiling, we will always ensure:
It’s fair and transparent by providing meaningful information, including the significance and expected consequences
That we implement measures so we can correct inaccuracies and minimise the risk of errors.
That personal data is secure in a manner that is proportionate to the risk to the rights and freedoms of individuals and to prevent discriminatory effects.
Automated decision making that involved special categories of personal data or children, is only allowed under certain conditions which include explicit consent or processing necessary for reasons of substantial public interest.
The right not to be subject to a decision does not apply to all automated decisions. This includes when it’s necessary for entering into or performing a contract between us and you the individual, and if it’s been authorised by law, such as for preventing fraud or tax evasion.
Links to other websites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.