We do update this Policy from time to time so please do review this Policy regularly.
The processing of personal data, such as your name, address, e-mail address, or telephone number shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Debbie Carroll Garden Designs.
As the controller, Debbie Carroll Garden Designs has implemented both technical and organisational measures to ensure the protection of your personal data that is processed in relation to our work. While measures are in place it should be noted that Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to arrange with us the transfer of any personal data to us via alternative means, e.g. by telephone.
- Name and Address of the controller
Controller for the GDPR and other data protection laws is:
- Name and Address of the Data Protection Officer
On rare occasions, we may capture more sensitive information, such as related to health, as part of our consultation work. This has additional levels of requirements, with Special Categories identified for each reason for processing. As a requirement of this we have a Data Protection Officer whose contact details are given below:
Any questions and suggestions concerning data protection may be sent directly to either the Controller or Data Protection Officer on the details shown or via the website contact form.
- Legal basis for the processing
The table below provides a summary of all the areas of our work where we may, only if required, obtain personal data and how this is used. This clearly states the legal basis for processing this information, any special categories that apply to sensitive data, and our review and retention periods for each.
|Where Data obtained & main purpose||Debbie Carroll Garden Designs’ reason & method of processing||Legal basis/ Special Categories||Review period||Retention period|
|Handwritten form – Initial enquiry by phone||This form is completed by to capture information provided by you and enables us to record the key aspects of the enquiry during the phone call.
This information will be transferred to an electronic document if the enquiry becomes a request for a service or support from us. The handwritten copy is destroyed.
|Legitimate interest||Yearly||Until enquiry or requested service complete or as required by law or periods of liability|
|Website online Contact Form or Direct Email enquiry||Completed by you on our website contact form or via your email package. This communication enables us to respond to your specific enquiry and enables us to provide the services requested.||Legitimate interest||Yearly||Until enquiry or requested service has been completed or as required by law or periods of liability|
|Keep in Touch form (paper version) – used at garden shows, business events, workshops and presentations||Completed by you at a face to face event. This form captures your name, phone number and email contact details and the reason you wish to be contacted. We then transfer this data to an electronic contact form and destroy the paper copy.||Legitimate interest||2 yearly||Until enquiry or requested service has been completed or as required by law or periods of liability|
|Observation Notes & Site Information – written during site visits for designs & consultations – to provide site specific advice & support||Handwritten observations from on-site visits to fulfil project aims – design or consultancy. Observations captured may, on rare occasions, include ref to individual’s health in relation to design needs. This may be used to inform the appropriate and relevant advice and support provided. If the handwritten notes are transferred to electronic documents as part of the support the handwritten copy is destroyed.||Legitimate interest
Special category – a or h tbc by 25/5/18
|Yearly||Retain only if special category data informed advice given. Then retain until requested service complete or as required by law or periods of liability|
|Photo as part of project – photographs taken during on-site visits – for site analysis & installation record||Photographs taken as part of the site analysis and to illustrate design implemented for record of design, could include you inadvertantyly.
These will only be used for the purpose they were taken and not used or shared in any way without permission.
|Yearly||On completion of service retained only if data informed advice given. Until enquiry or requested service complete or as required by law or periods of liability|
|Electronic & Paper project records – created to fullfil support requested||Electronic & Paper documentation may contain personal details to enable contractual fulfilment of any services provided. This may include on: quote documentation, project record, paper & electronic copies of design plans and specification, orders on your behalf. On completion of the project documentation that did not inform the design or support provided will be destroyed.||Legitimate interest||Yearly||Until enquiry or requested service complete or as required by law or periods of liability|
|Communication to Contractors & 3rd parties in provision of services requested||Your name, address and contact information, and in very rare instances health information, will be shared with contractors and 3rd parties only with yoru express permission to enable fulfilment of the services agreed with you. This may include to: Landscape Contractors, Nurseries and other product suppliers to enable delivery or quotes. Where practical to do so Confidentiality agreement or compliance with GDPR will be checked prior to passing on your data.||Contract
Special category – a or h tbc by 25/5/18
|Yearly||Until enquiry or requested service complete or as required by law or periods of liability|
|Email contact/ Electronic & 3rd party records – from purchases and financial transactions related to services received or provided||Financial records captured during processing of services: Invoices, Delivery records for purchases & services provided, Banking information, details of refunds or queries on transactions to fulfil obligations to provide or pay for services and any legal record keeping requirements.||Legal obligation||Yearly||Legal financial record periods (6 years)|
|Photo Consent Form – photographs taken during on-site visits – for marketing purposes & sharing best practice||Photographs taken as part of the other work, for which permissions were obtained, to illustrate examples of design implemented for marketing or sharing best practice publicly.
Specific consent will be obtained from you prior to any photographs being used via a photo consent form. Permissions retained & noted on properties of electronically stored photograph.
Throughout we have adhered to the principles set out in the GDPR regulation which are summarised below where they apply to each legal status.:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
More detail about each of these rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
A summary of the main areas that are likely to apply to our work are given below:
- Rights to be informed, have access, amend or erase data
You have the right to enquire as to any personal data we hold on you, to have access to this and where there are errors to provide the correct information so we can put this right.
Where you have given ‘consent’ to have any photographs, or other specific data, used you have the right to withdraw this consent at any time. If you withdraw consent we will erase your details from our documentation.
For all other areas, where we have obtained personal data, you have the right to have your data erased with the exception of where there is an on-going and overriding legitimate or legal reason to continue to retain the information. We will make the reason clear to you if this is the case.
In order to exercise the right to have access, amend or erase your personal data you can contact Debbie Carroll Garden Designs at any time via the website contact form or the details shown for the Controller or Data Protection Officer above. We will endeavour to act on your requests in a prompt way, and at least within a month, and to provide any required information in an easily understood form.
- Provision of personal data due to a legal or contractual requirement
Sometimes it may be necessary to request and obtain personal data as part of a contract that you enter into with us or that we are required to provide for legal reasons or associated with other regulatory requirements and liability. Non-provision could mean that the contract with you may not be able to be provided. This is likely to apply to: financial records for tax purposes and information obtained related to advice or services provided where the law of liability may apply.
- Purchased via Invoicing
Where payment is a part of a stage fee within a quote or where an invoice is raised to request payment for a product or service it is possible to pay via cash (in person only) or by cheque and BACs (Bank Transfer). Any personal details within the associated documentation will only be retained to process the sale plus any period required by law as part of our financial record keeping.
- Financial records
Any personal data captured as part of the payment process will only be retained until the product or service is provided and any period required by law for financial record keeping or liability. All data will be held securely.
- Existence of automated decision-making
We do not use automatic decision-making or profiling on our website.
- Collection of cookies and IP addresses
Debbie Carroll Garden Designs’ website collects a series of general data and information when you, or an automated system such as your browser, calls up the website. We use this information to measure visits to our website in order to improve its usability and security. The data we collect may contain personal information (most likely your IP address and/or cookies). We do not link IP addresses to individuals. Cookies issued by us only contain a unique number and therefore contain no personal data. We do not link cookies to individuals other than to recognise repeat visits.
You may, at any time, prevent the setting of new cookies and delete old cookies by means of the appropriate settings within your Internet browser used to deny the setting of these cookies. If you deactivate the setting of cookies some functions of our website may not operate.
(IP address definition – An IP address is a series of numbers that identify computers on the internet. IP addresses can theoretically be linked to an individual. Such linking requires additional information (particularly from the internet provider who issued the IP address or from the visitor themselves). For that reason IP addresses are considered personal data.)
(Cookie definition – A cookie is a small file that is stored on the computer of a visitor when they visit a website. If they visit the website again, the cookie shows that it is a repeat visit. Because the visitor is recognised through the cookie, cookies are considered personal data. In addition, cookies may contain personal data themselves.)
- Contact via the website ‘Contact form’
If you use our Contact form to send an e-mail to us the personal data transmitted is automatically stored on our 3rd party 123-reg until downloaded to Debbie Carroll Garden Designs devices or deleted from the server. This information will only be stored and used for the purpose of processing or contacting you in regards to your enquiry. This information is retained until completion of the enquiry or the requested support has been provided plus any period required by law or in regards to the law of liability.
- 3rd parties
We do not pass any personal data shared with us with any 3rd parties except for those required by us to fulfil our services to you. All parties we use have either a contract with us stating we are joint controllers, or clearly controller and processor, and that all data is handled in line with GDPR and only for the purpose for which we stated it was to be used with you.
Where a formal contract is not in place, possibly for the ad-hoc use of a supplier/contractors, we will put in place appropriate confidentiality agreements or ensure that the organisation is GDPR compliant to the best of our knowledge.
The following organisations may assist us in our work in providing our services to you and operate within the criteria above:
Organisation Processing role
TSO Host Website hosting site
Footprint Website build & maintenance, Design Plan printers
123-reg Email server & maintenance
Dropbox Online document storage
Promap Online site Mapping download service for plan production
- Social Media Networks – Facebook & LinkedIn
Our website has integrated components with Facebook and LinkedIn social media networks. Their company details and privacy policies can be obtained via their home websites. Our Facebook and LinkedIn buttons create a link between our website and these organisations. This system enables them to be made aware of what specific sub-site of our website was visited by you. If you have an account with these organisations and visit our website with these logged in at the same time they can detect what was visited on our website by you and can associate it to your data held by you within their organisation.
You may, at any time, prevent this transfer of data by logging out of their sites prior to visiting our website and by adjusting your privacy settings within the accounts with these organisations.
- Use of Google Analytics
On this website, we have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service that collects and analyses data about the behaviour of visitors to our website. This information is only used to optimise our website in order to carry out our services more effectively and to ensure any marketing is appropriate. Google Analytics company details can be obtained via their home website https://policies.google.com/privacy?hl=en .
For the web analytics through Google Analytics we use the application “_gat. _anonymizeIp”. This ensures your IP address is abridged by Google and anonymised when accessing our websites. Google Analytics places a cookie on your system which enables Google to analyse your use of our website during which it may gain knowledge of personal information, such as your IP address, which serves Google to understand the origin of visitors and clicks, and subsequently create information to inform our analysis of our websites and adapt if for the future.
This data is stored by Google in the United States of America. Google may pass this personal data collected through the technical procedure to third parties. You may, as stated in ‘Website, Cookies’ (make a link), prevent and delete the setting of cookies through our website at any time by means of the settings in your web browser used.
Where we collect data about you, both personal data (i.e. name, address, contact information) and also in some rare cases sensitive data (i.e. health related). This will only be taken where it is absolutely necessary for the purpose entered into between you and Debbie Carroll Garden Designs The personal data and sensitive personal data will be stored, processed and used in the following ways:
- Providing and administering our services to you
- Monitoring the quality of services provided
- To answer your questions and enquiries
- To meet any legal or liability needs beyond the service provided.
- Sensitive data
In some rare cases, sensitive data (i.e. likely to be health related) may be obtained as part of providing our services. This is only obtained where it is necessary for the purpose entered into between you and Debbie Carroll Garden Designs. This is most likely to occur during initial conversations where you need to inform us if you require additional support and as part of our consultation or design to ensure it considers any adaptations that may be required with this in mind. This data will only be retained until the service is complete plus any required period by law or for liability. In any instances where this sensitive data does not go on to inform any part of the service provided or advice given, this data will be destroyed.
- Direct email contact with us
If you contact us directly using e-mail the personal data transmitted is automatically stored on our 3rd party 123-Reg until downloaded to Debbie Carroll Garden Designs’ devices or deleted from the server. This information will only be stored and used for the purpose of processing or contacting you in regards to your enquiry. This information is retained until completion of the enquiry or the requested support has been provided plus any period required by law or in regards to the law of liability.
- Electronic Documentation
Electronic copies of personal data may include contact information provided to enable providing the requested service, details to enable contact for an event, processing payment via invoicing, within contractual documents to agree provision of a service, including on design plans, and photographic form related to an agreed service.
Where we create electronic documents, including photographic and design plans, we hold copies of this on a cloud-based system called Dropbox. This also allows local copies of these files to be saved on devices where the operator has Login access to Debbie Carroll Garden Designs’ Dropbox account to enable its use when not connected online. Only the Owner and Administrator of Debbie Carroll Garden Designs have access to this information and we do not share this with 3rd parties except where it is essential in providing the services you have entered into with us and as per that described in ‘3rd parties & Social media’ (make a link).
Paper copies may be produced from these documents where they are required to meet legal or liability reasons e.g. financial archived record keeping.
During consultation site visits a paper copy of some personal data, such as contact information, may be needed when working away from electronic access. Following the visit, and after any appropriate updating of on-line electronic copies, the paper copy will be destroyed with the exception of design plans where both electronic and paper copies will be held as per the required retention.
- Use of data for marketing or sharing of best practice
Debbie Carroll Garden Designs will not use any photographs of you, or your site, for marketing or as part of sharing best practice without obtaining express permission from you, and any other appropriate people shown in the image.
We will obtain permissions via a photographic consent form or email and permissions, where given, will be retained electronically and also added to the properties section on the photograph data file itself.
- Handwritten Documentation
Handwritten notes containing your personal data may be taken as a result of phone enquiry, at events and from our ‘Stay in touch’ form following an event and on consultation field notes.
Where handwritten notes are made these will be used only for the purpose entered into with Debbie Carroll Garden Designs. All information is held securely at Debbie Carroll Garden Designs office in Southampton until completion of the enquiry or service is provided plus any required period in law or for liability.
If handwritten notes are transcribed to an electronic form for any reason the handwritten copy will be destroyed unless this document represents the ‘consent’ document. This is the case of the ‘Stay in touch form’ completed by you at a face-to-face event.