DIY Garden Privacy policy

1. Introduction

This privacy notice informs you how we collect and process your personal data through your use of our site diygarden.co.uk.

By providing us with your data, you warrant to us that you are over 13 years of age.

Harris Creative Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

Our full contact details are:

Full name of legal entity: Harris Creative Ltd

Email address: [email protected]

Postal address: Treviot House, 186-192 High Road, Ilford, Essex, IG1 1LR

2. Collection of Personal Data

We may process the following categories of personal data:

  1. Communication Data including any communication that you send to us through contact forms, email, text, social media messaging, social media posting or any other communication with us. Our lawful ground for processing this data is our legitimate interests in replying to communications sent to us, to keep records and to establish, pursue or defend legal claims.
  2. Customer Data including data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. Our lawful ground for processing this data is to supply the goods and/or services you have purchased and to keep records of such transactions.
  3. User Data including data about how you use our website, together with any data that you post for publication on our website. Our lawful ground for this processing is to operate and properly administer our website our website and business. This includes ensuring relevant content is provided to you, ensuring the security of our website, maintaining back-ups of our website and enabling publication and administration of our website.
  4. Technical Data including data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. Our lawful ground for this processing is to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.
  5. Marketing Data including data about your preferences in receiving marketing from us and our third parties, and your communication preferences. Our lawful ground for this processing is to deliver relevant website content and advertisements to you, measure or understand the effectiveness of this advertising and grow our business.

        Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if:

  1. you made a purchase or asked for information from us about our goods or services; or
  2. you agreed to receive marketing communications from us.

In each case you have not opted out of receiving such communications since.

Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

3. Disclosure of Personal Data

We may disclose your personal data to the following parties:

  1. Service providers who provide IT and system administration services;
  2. Professional advisers including lawyers, bankers, auditors and insurers, insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and obtaining professional advice.

In addition to specific disclosures of personal data, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation, in relation to a legal claim or to protect your vital interests.

4. International Transfer of Personal Data

Subject to the provisions of the General Data Protection Regulations, in the circumstances that we transfer your data to third parties outside of the EEA, we will ensure that safeguards are in place to ensure a similar degree of security for your personal data.

This includes ensuring that:

  1. Personal data is only transferred to countries outside of the EEA that the European Commission has approved as providing an adequate level of protection for personal data; and
  2. Using US-based providers that are part of EU-US Privacy Shield, as they have equivalent safeguards in place

5. Retention of Personal Data

Your personal data will only be retained for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the correct time for keeping such data, we look at:

  1. the amount of data;
  2. the nature and sensitivity of the data;
  3. the potential risk of harm from unauthorised disclosure;
  4. the purpose of processing the data; and
  5. if that purpose can be achieved by other means.

For tax purposes, the law requires us to keep basic customer information, including Contact, Identity, Financial and Transaction Data for six years.

In some circumstances we may anonymise your personal data for research purposes. In such a case we may use this information indefinitely without further notice to you.

6. Your Rights Regarding Your Personal Data

        Your principal rights under data protection law are:

(a)    the right to access – you can ask for copies of your personal data;

(b)    the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;

(c)    the right to erasure – you can ask us to erase your personal data;

(d)    the right to restrict processing – you can ask us to restrict the processing of your personal data;

(e)    the right to object to processing – you can object to the processing of your personal data;

(f)    the right to data portability – you can ask that we transfer your personal data to another organisation or to you;

(g)    the right to complain to a supervisory authority – you can complain about our processing of your personal data; and

(h)    the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

        These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting:

        https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

        You may exercise any of your rights in relation to your personal data by emailing [email protected].

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we may try to resolve it for you.

For more information about the cookies we use, please see https://diygarden.co.uk/cookie-policy/

For more information about the terms of your use of our website, please see https://diygarden.co.uk/terms-conditions/

Scroll to Top