This Privacy Policy is for:
HILLIER GARDEN CENTRES, a division of Hillier Nurseries Ltd
Introduction
Hillier Nurseries and Garden Centres have been growing and selling quality plants since 1864 and we continue to strive to supply plants, gardening accessories and services of the highest calibre to all our customers. Our mission is to inspire the creation of green living spaces for now and the future. We believe it is important for you to know what information we collect and how we treat the information you share with us.
1. What this Privacy Policy covers
This Privacy Policy explains the personal data Hillier Garden Centres collects about you and how it is used. Personal data relates to a living individual who can be identified from that data. “Personal information” or “personal data” includes your name, physical address, e-mail address(es), telephone numbers and other similar information that you provide to us or that we collect from other sources. Our use of your personal data is regulated under the UK GDPR and Data Protection Act 2018. Personal data of yours which we processed before 1 January 2021 was regulated under the EU GDPR. We are the data controller under these laws.
Hillier Garden Centres promises to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect. If you have any queries regarding this Privacy Policy please contact the Data Protection Team, Hillier Nurseries, Ampfield House, Ampfield, Romsey SO51 9PA or email club@hillier.co.uk
2. Cookies
For information about how we use cookies on our website, please see our Cookies Policy.
3. Where and how we collect your information
Information you give us
You may provide us with information about yourself in a variety of situations. These include:
- If you contact us with an enquiry and leave your details so that we can respond to you.
- If you create an account on our website.
- If you sign up to the Hillier Gardening Club.
- If you have your web browser set to share certain information about your device and location with us when you visit our website.
- You make a purchase from us or register to attend an event we are hosting.
- You have asked us to send you Hillier Garden Centres news and offers.
- If you are a supplier or business partner of ours, or work for a supplier or business partner of ours, then you may provide us with information about you as part of that business relationship.
Information we receive from other sources.
Usually you will be the one to provide us with information about yourself but there may be occasions where we receive your details from another person. These include:
- If somebody makes an order with us which is to be delivered to you.
- If somebody else registers you to attend one of our events (for example, as a gift).
- If you work for a supplier or business partner of ours, your organisation may share your information with us as part of that business relationship.
4. What data do we collect and how is it used?
The type of personal data we collect depends on the purpose of collecting the information. The following table explains the ways in which we process your personal data and the lawful bases that we rely upon when doing so.
Purpose | Categories of data | Lawful basis |
To respond to your enquiries | Name, telephone number, email address, address, details of your enquiry, Gardening Club member number, customer ID. | We have a legitimate interest in using this information to respond to your enquiry and to keep a record of what we have discussed. |
To sell you goods and/or services from our garden centres or online via our website. | Name, phone number, email address delivery address, delivery postcode, payment information (if paying in person), billing address (if different to deliver address). | We process your information to perform the contract between us. This also includes where we take pre-contractual steps. |
To invite you to leave a review for the goods and services you have bought from us using the review service Feefo. | Name, email address, details of the goods/services you have bought from us, your review of the goods/services. | We have a legitimate interest in asking our customers for feedback on the goods and services they have bought from us so that we can continue to improve our business. |
To reserve you a table at one of our restaurants. | Name, telephone number, email address, Gardening Club membership and allergy/dietary information. | We have a legitimate interest in processing your information to reserve you a table. We process allergy and dietary information with your explicit consent. |
To operate our Trade Card membership scheme. | Name, email address, business name, address, postcode, (if applying on behalf of a company) company registration number and date of incorporation, website address, telephone number, signature, two forms of proof of ID. | We have a legitimate interest in operating the Trade Card scheme for the benefit of our members. |
To operate the Hillier Gardening Club, including taking steps to ensure that the information we send to you is relevant to your customer profile. | Name, email address, telephone number, address. | We have a legitimate interest in operating the Gardening Club for the benefit of our members, this includes where we profile our members to ensure we are sending them relevant content. For more information about profiling please see the section 6 below. |
To send you offers, news and other marketing messages relating to Hillier Garden Centres, and to run competitions. | Name, email address, telephone number, address. | We send you marketing communications where we have your consent.We have a legitimate interest in running competitions to encourage customer engagement and to reward our customers.We have a legal duty to publish limited information about the winners of our competitions to show that they are conducted fairly. |
To feature images or video footage of you in our promotional materials. | Name, contact information, images or video footage featuring you. | We process this information based on your consent. |
To accommodate your accessibility and health requirements, allergies and dietary requirements at our garden centres and at events we host. | Health information (such as your accessibility requirements), allergy information, dietary requirements. | Except in case of an emergency, we process this information based on your explicit consent. |
If you are a supplier or business partner of Hillier, to administer our business relationship with you. | Name, email address, telephone number, job title, payment details. | This processing is necessary for us to perform our contractual obligations.We have a legitimate interest in using your information to manage the business relationship between us. |
If you work for one of Hillier’s suppliers or business partners, to administer our business relationship with the organisation you work for. | Name, email address, telephone number, job title. | We have a legitimate interest in using your information to manage the business relationship with the organisation you work for. |
We keep certain records to meet our legal obligations. These include incident logs. | Name, email address, telephone number, address, incident details (which could include sensitive personal information such as health information). | We have a legal obligation to keep records of this information.If there is a dispute between us, or a dispute might arise, then we process your information because we have a legitimate interest in dealing with that dispute. We may process sensitive personal information (such as health information) in the context of a dispute because it is necessary for the establishment, exercise or defence of legal claims. |
To operate CCTV for the protection of our customers, staff and property. | Images and footage featuring your likeness, captured in areas where we have informed you that CCTV is operational. | We have a legitimate interest in operating CCTV to protect our customers, staff and property. We may also use the footage in the event of a legal dispute. |
To monitor the performance of our website and how our visitors interact with it. | IP address, location, indirectly identifying information about your device/browser. | We process this information based on your consent. For more information about how we use cookies on our website please see our Cookies Policy at [URL]. |
5. Direct marketing preferences
We will only send you marketing communications if you have given your prior consent. You can opt out of these communications at any time by following the opt-out link in our email and SMS marketing messages. Alternatively, you can contact us as club@hillier.co.uk to update your marketing preferences.
If you opt out of receiving marketing communications from us then you will still receive service emails relating to your orders and Gardening Club membership. These are administrative and do not contain marketing.
6. Enhancing your member experience – profiling
Sometimes we use techniques to make sure that the communications we send you are relevant. This means we can provide an improved experience for our Gardening Club members. To do this, we may analyse geographic and demographic information to build a profile, as well as online behaviour and purchase history. This helps us to better understand your interests so that our communications are more relevant to you. For example, we may look at your location so we can share information about relevant events in your local garden centre. It is in our legitimate business interests to collect this information. You can opt out of your data being used in this way by emailing club@hillier.co.uk.
7. Who we share your personal information with
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, or to effectively operate our business.
In some circumstances we may need to share your details with a third party for processing. This is typically where we use an external partner to help with part of our business. For example, where we use a delivery company to arrange delivery of your order, or where we use marketing software to send updates to Gardening Club members. We may share your information with the following people or groups of people:
- Our outsourced service providers. This includes our 3rd party Garden Gateway vendors, delivery partners, external marketing service providers and IT providers. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.
- Feefo. We use review service Feefo to invite customers to review the goods and services they have bought from us. We share limited information with Feefo to allow them to contact you inviting you to leave a review. Feefo has a strict contractual obligation to treat your personal information confidentially and to comply with data protection law. Where Feefo collects personal information from you directly it will be the data controller. Feefo will tell you when this is the case. For more information about how Feefo uses your personal information you can read their Privacy Policy at https://business.feefo.com/privacy-policy.
- Professional advisers. We may share your information with our legal, financial and other professional advisers for the purpose of obtaining their advice. These transfers are protected by our advisers’ professional duties of confidentiality and service contracts which ensure they comply with data protection law.
- Government bodies and the courts. If we have a legal obligation to do so, we will share your information with government bodies, regulators and/or the courts.
- Other companies within our group. We may share your information with our group companies where necessary to operate our business. Our group companies protect your personal information in the same ways that we do.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy. We only share what is strictly necessary and the other party must first sign a confidentiality agreement which protects your information.
If we transfer your personal information outside of the UK or European Economic Area (EEA) then we will put in place a legal safeguard to protect the transfer. This will typically involve Hillier and the third party signing standard contractual clauses (SCCs) which ensure that your personal data is handled strictly in accordance with data protection law.
8. How long we keep your information for
We hold your personal data and information for only as long as necessary for the purpose needed. If you have made an enquiry or a complaint then we typically keep your personal information for 6 months from the date we resolve your enquiry/complaint. Details for how long we keep the personal information that is collected and processed by Hillier Garden Centres can be found in our retention policy. If you would like a copy of our retention policy please email club@hillier.co.uk.
9. How do we keep your personal data secure?
To protect the personal data you provide us with we always ensure that we have the necessary controls in place, implementing suitable physical or electronic security alongside organisational training. Regular audits are carried out to identify who has access to data so that we can ensure that your information is only accessed by trained staff who have a legitimate reason to access it.
10. Job application data
If you are applying for a role with us then please see our Job Applicant Privacy Policy.
11. Your credit and debit card information
When making payments online or in one of our garden centres, every effort is made to maintain customer confidentiality. This means ensuring the security of your credit card details and other personal information. We do not store card details on any Hillier Garden Centre system. Payments for online orders are processed by a reputable external payment processor.
We also ensure our systems and processes comply with PCI DSS, the worldwide Payment Card Industry Data Security Standard. The PCI DSS was set up to help businesses process card payments securely and reduce card fraud. This is achieved by restricting the storage, transmission and processing of data and it is intended to safeguard sensitive cardholder data. For online payments Hillier Garden Centres use 3D secure authentication, which is an additional fraud prevention scheme.
12. Your right to your personal information
Under data protection law you have the following rights:
- If we are processing your personal information on the basis of your consent then you have the right to withdraw that consent at any time by contacting us.
- The right to access a copy of your information which we hold. This is sometimes called a ‘subject access request’.
- The right to prevent us processing your information for direct marketing purposes. We will inform you (before collecting your data) if we intend to use your personal information for this purpose or if we intend to disclose your information to any third party for this purpose. You can also exercise this right at any time by contacting us.
- The right to object to decisions being made about you by automated means. This includes profiling (see section 6 above for further information).
- The right to object to us processing your personal information in certain other situations.
- The right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate.
- The right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
- The right, in certain circumstances, to request that we erase, rectify, cease processing and/or delete your information.
How to exercise your rights
If you would like to exercise any of these rights, or discuss them in more detail, please contact us at Data Protection Team, Hillier Nurseries, Ampfield House, Ampfield, Romsey SO51 9PA or email sar@hillier.co.uk. We will then send you a form to complete and send back to us. We may require you to provide two forms of identification so that we can verify your identity. Once we have received your information request and your identification we will respond within one month.
Right to complain
You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your personal information.
Questions, comments and complaints regarding this Privacy Policy should be addressed to club@hillier.co.uk or by post to Hillier Gardening Club, Hillier Garden Centres Head Office, The Stables, Ampfield House, Ampfield, Romsey, Hampshire SO51 9BQ.
The Information Commissioner’s Office website is www.ico.org.uk.
13. Other Websites
Our digital channels may contain links to other sites on the internet. The information practices of those websites are not covered by this Privacy Policy. Although we are committed to protecting your personal data, we cannot control and do not accept any responsibility or liability for the privacy practices or content of such other websites. We encourage you to read the privacy statements of each and every website that collects personal information. You are solely responsible for maintaining the secrecy of your passwords and other account information.
14. Changes to this Privacy Policy
We may revise this Privacy Policy from time to time. If we make any significant changes to the way we collect and process your personal information then we will notify you of these changes. This policy was last updated: 19 September 2022.
Hillier Nurseries Ltd is a registered data controller, Registration Number: ZA162542