Data Usage and Data Protection Statement
Purpose of Policy
This policy describes how Roualeyn Fuchsias collects and processes your personal data as part of the task of providing the service of growing and selling fuchsia plants from the plant nursery based in the Conwy Valley, North Wales.
It is important that you read this policy together with any other data related notice that may declared elsewhere at exhibitions, flower shows, etc.
Data Controller and Data Processor
The data controller and the data processor, collecting and processing the information provided by Roualeyn Fuchsias’ customers or enquirers, in association with the task of providing the service of growing and selling fuchsia plants, may be contacted via email@example.com.
The data controller and the data processor, collecting and processing information from the Roualeyn Fuchsias website, in association with the task of securing and maintaining the integrity of the Roualeyn Fuchsias website, may be contacted via firstname.lastname@example.org. The website data controller/processor is also the web manager and technical expert/advisor.
Why Roualeyn Fuchsias Processes Personal Data (the “Purpose”)
Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.
Roualeyn Fuchsias collects and processes (stores, transfers, archives, updates and uses) different kinds of personal data, which is outlined as follows:
- Roualeyn Fuchsias customer/client data. Contact data: The personal data collected and processed is: name, postal/delivery address, landline phone number, mobile number and email address. Payment data: Only the billing address is processed by Roualeyn Fuchsias – all other personal payment data is handled exclusively by Paypal;
- Electronic mail and contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If Roualeyn Fuchsias is contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
- Website Comments Data: Comments made into the new blog section of the website will be recorded into the database. Web users who want to comment need to subscribe. The personal data collected and processed is as follows: email address, IP address (minimal data profile), and optionally the personal data profile can also include name and subscriber’s website address (if they have one);
- Website Functional Data: Various procedures are in place to protect the website from malicious online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this will include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time. Use and commenting on blog articles is recorded for a limited time.
How Roualeyn Fuchsias Processes Personal Data
Personal data from customers/clients is collected using temporary paper-based forms or within an electronic text-based file. This information is transferred and processed within a more permanent electronic file system on a secure (password and firewall protected) business owned desktop computer at the plant nursery.
With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.
Website comments data and website functional data is stored in a MariaDB database. The website data controller will be alerted by email when a new subscriber account request is made (blog commenting). Quality assured WordPress plugins are used to record and monitor website activities to ensure no malicious online activities take place. The WordPress plugins used to collect and process website-based data are: statistical add-on “WP Statistics”; security add-on “Wordfence”; electronic mail logger add-on “WP Mail Log” and; website auditing logger add-on “WP Security Audit Log”.
The website files and MariaDB database are stored and maintained on a secure shared hosting server, located within the EU, provided by established UK web hosting company, 20i.
The Lawful Basis for Collecting & Processing Personal Data
The Law states Roualeyn Fuchsias must tell you the following:
Roualeyn Fuchsias holds clients’ data because it is in its legitimate interest to do so. Without holding the data Roualeyn Fuchsias cannot work effectively.
Roualeyn Fuchsias holds website functional data because it is in its legitimate interest to do so. Without collecting, processing and monitoring web-based data (which includes personal data such as IP address) the website would be vulnerable to cyber-attacks and other malicious online activities.
How Personal Data is Used
With client/customer contact data, your personal data is only used for contact purposes between you and Roualeyn Fuchsias regarding the task of providing the service of growing and selling fuchsia plants. Customer contact data, that is declared on sales invoices, will be securely stored for book-keeping purposes – the recording of revenue being a legal requirement by UK law. Roualeyn Fuchsias may ask you if you’d like to opt in to a newsletter subscription containing offers and promotions from Roualeyn Fuchsias in the future.
With enquirer contact data, your personal data is only used for contact purposes between you and Roualeyn Fuchsias regarding the possible future task of providing the service of growing and selling fuchsia plants.
With the personal data processed in relation with the Roualeyn Fuchsias website operations, it is the task of Roualeyn Fuchsias to maintain a website that is safe to use by all, that is uncompromised by malicious online activities, and is data secure for those using the website, be it using the contact form, downloading documents, reading the news blog, or even commenting on our articles. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.
Change of Personal Data Purpose
Roualeyn Fuchsias will only use your personal data for the purposes for which it was originally collected for (as previously outlined). If another reason arises for which Roualeyn Fuchsias needs to use your personal data you will be contacted first to gain your consent.
Note that Roualeyn Fuchsias may further process your personal data without your knowledge or consent where this is required or permitted by UK law, such as requests from government bodies, e.g. HMRC.
Disclosure of Personal Data
Roualeyn Fuchsias does not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.
Protection of Your Personal Data
Roualeyn Fuchsias takes the security of the personal data held extremely seriously, both customer/client personal data and website based personal data. Policies and procedures are in place to safeguard the personal data from loss and misuse.
Roualeyn Fuchsias also has procedures to deal with any suspected personal data breach and will notify you of breach when legally required to do so.
Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Office applications, and up to date WordPress installation and latest plugins in use at all times.
Length of Time Processed Personal Data Is Stored
Customers/clients contact data: Some personal data will be stored for up to 7 years as per the requirements stated by HMRC for income related purposes (book-keeping).
Enquirer contact data: Personal data will be held for the length of the enquiry. Relating emails and the data held within will be deleted in a timely manner (within weeks of the initial enquiry). Personal data from an online enquiry will never be transferred to another data process in the event the enquiry does not produce a sale.
Web-based Personal data: Contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months. Blog comments, if deemed helpful to an article, will be kept online indefinitely, but the owner (blog “subscriber”) of the comment will always be able to remove it at any time. If a subscriber wishes to delete their account, they can do so themselves at any time. Deletion of an account will automatically delete all their own comments from the blog as well.
Your Legal Rights
Roualeyn Fuchsias assumes responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform Roualeyn Fuchsias of any changes to your information. Online customers can log in to their website account at any time and change their email, phone, or postal/billing address at any time. Blog subscribers can also update their email address at any time.
You are entitled to:
- Request access to your personal data;
- Request the correction or deletion of your personal data;
- Object to the processing of your personal data;
- Request a restriction of processing your personal data;
- Withdraw consent at any time, where Roualeyn Fuchsias is relying on consent to process your personal data.
To exercise any of the above rights, please contact email@example.com for customer/client/enquirer related personal data or firstname.lastname@example.org for web related personal data. Alternatively, use the contact form on the Roualeyn Fuchsias website https://www.roualeynfuchsias.co.uk
Complaints or Concerned About Roualeyn Fuchsias Data Processing?
You can direct any enquiries in the first instance to the data controller and processor at Roualeyn Fuchsias (email@example.com with the subject “GDPR enquiry”) and Roualeyn Fuchsias will do the upmost to resolve the personal data matter. Failing that, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling them on 0303 123 1113.