Privacy Policy

4. Legal basis for the processing

The table below provides a summary of all the areas of our work where we may, only if required, obtain personal data and how this is used. This clearly states the legal basis for processing this information, any special categories that apply to sensitive data, and our review and retention periods for each.

Updated: 1/5/18

Throughout we have adhered to the principles set out in the GDPR regulation which are summarised below where they apply to each legal status.:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

More detail about each of these rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.

A summary of the main areas that are likely to apply to our work are given below:

5. Rights to be informed, have access, amend or erase data

You have the right to enquire as to any personal data we hold on you, to have access to this and where there are errors to provide the correct information so we can put this right.

Where you have given ‘consent’ to have any photographs, or other specific data, used you have the right to withdraw this consent at any time. If you withdraw consent we will erase your details from our documentation.

For all other areas, where we have obtained personal data, you have the right to have your data erased with the exception of where there is an on-going and overriding legitimate or legal reason to continue to retain the information. We will make the reason clear to you if this is the case.

In order to exercise the right to have access, amend or erase your personal data you can contact Debbie Carroll Garden Designs at any time via the website contact form or the details shown for the Controller above. We will endeavour to act on your requests in a prompt way, and at least within a month, and to provide any required information in an easily understood form.

6. Provision of personal data due to a legal or contractual requirement

Sometimes it may be necessary to request and obtain personal data as part of a contract that you enter into with us or that we are required to provide for legal reasons or associated with other regulatory requirements and liability. Non-provision could mean that the contract with you may not be able to be provided. This is likely to apply to: financial records for tax purposes and information obtained related to advice or services provided where the law of liability may apply.

7. Purchased via Invoicing

Where payment is a part of a stage fee within a quote or where an invoice is raised to request payment for a product or service it is possible to pay via cash (in person only) or by cheque and BACs (Bank Transfer). Any personal details within the associated documentation will only be retained to process the sale plus any period required by law as part of our financial record keeping.

8. Financial records

Any personal data captured as part of the payment process will only be retained until the product or service is provided and any period required by law for financial record keeping or liability. All data will be held securely.

9. Existence of automated decision-making

We do not use automatic decision-making or profiling on our website.

10. Collection of cookies and IP addresses

Debbie Carroll Garden Designs’ website collects a series of general data and information when you, or an automated system such as your browser, calls up the website. We use this information to measure visits to our website in order to improve its usability and security. The data we collect may contain personal information (most likely your IP address and/or cookies). We do not link IP addresses to individuals. Cookies issued by us only contain a unique number and therefore contain no personal data. We do not link cookies to individuals other than to recognise repeat visits.

You may, at any time, prevent the setting of new cookies and delete old cookies by means of the appropriate settings within your Internet browser used to deny the setting of these cookies. If you deactivate the setting of cookies some functions of our website may not operate.

(IP address definition – An IP address is a series of numbers that identify computers on the internet. IP addresses can theoretically be linked to an individual. Such linking requires additional information (particularly from the internet provider who issued the IP address or from the visitor themselves). For that reason IP addresses are considered personal data.)

(Cookie definition – A cookie is a small file that is stored on the computer of a visitor when they visit a website. If they visit the website again, the cookie shows that it is a repeat visit. Because the visitor is recognised through the cookie, cookies are considered personal data. In addition, cookies may contain personal data themselves.)

Change cookies permissions

11. Contact via the website ‘Contact form’

If you use our Contact form to send an e-mail to us the personal data transmitted is automatically stored on our 3^rd party 123-reg until downloaded to Debbie Carroll Garden Designs devices or deleted from the server. This information will only be stored and used for the purpose of processing or contacting you in regards to your enquiry. This information is retained until completion of the enquiry or the requested support has been provided plus any period required by law or in regards to the law of liability.

12. 3^rd parties

We do not pass any personal data shared with us with any 3^rd parties except for those required by us to fulfil our services to you. All parties we use have either a contract with us stating we are joint controllers, or clearly controller and processor, and that all data is handled in line with GDPR and only for the purpose for which we stated it was to be used with you.

Where a formal contract is not in place, possibly for the ad-hoc use of a supplier/contractors, we will put in place appropriate confidentiality agreements or ensure that the organisation is GDPR compliant to the best of our knowledge.

The following organisations may assist us in our work in providing our services to you and operate within the criteria above:

Organisation                            Processing role

TSO Host                                Website hosting site

Footprint                                 Website build & maintenance, Design Plan printers

123-reg                                    Email server & maintenance

Dropbox                                  Online document storage

Promap                                    Online site Mapping download service for plan production

13. Social Media Networks – Facebook & LinkedIn

Our website has integrated components with Facebook and LinkedIn social media networks. Their company details and privacy policies can be obtained via their home websites. Our Facebook and LinkedIn buttons create a link between our website and these organisations. This system enables them to be made aware of what specific sub-site of our website was visited by you. If you have an account with these organisations and visit our website with these logged in at the same time they can detect what was visited on our website by you and can associate it to your data held by you within their organisation.

You may, at any time, prevent this transfer of data by logging out of their sites prior to visiting our website and by adjusting your privacy settings within the accounts with these organisations.

14. Use of Google Analytics

On this website, we have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service that collects and analyses data about the behaviour of visitors to our website. This information is only used to optimise our website in order to carry out our services more effectively and to ensure any marketing is appropriate.  Google Analytics company details can be obtained via their home website https://policies.google.com/privacy?hl=en .

For the web analytics through Google Analytics we use the application “_gat. _anonymizeIp”. This ensures your IP address is abridged by Google and anonymised when accessing our websites. Google Analytics places a cookie on your system which enables Google to analyse your use of our website during which it may gain knowledge of personal information, such as your IP address, which serves Google to understand the origin of visitors and clicks, and subsequently create information to inform our analysis of our websites and adapt if for the future.

This data is stored by Google in the United States of America. Google may pass this personal data collected through the technical procedure to third parties. You may, as stated in ‘Website, Cookies’ (make a link), prevent and delete the setting of cookies through our website at any time by means of the settings in your web browser used.

15. General

Where we collect data about you, both personal data (i.e. name, address, contact information) and also in some rare cases sensitive data (i.e. health related). This will only be taken where it is absolutely necessary for the purpose entered into between you and Debbie Carroll Garden Designs The personal data and sensitive personal data will be stored, processed and used in the following ways:

• Providing and administering our services to you
• Monitoring the quality of services provided
• To answer your questions and enquiries
• To meet any legal or liability needs beyond the service provided.

16. Sensitive data

In some rare cases, sensitive data (i.e. likely to be health related) may be obtained as part of providing our services. This is only obtained where it is necessary for the purpose entered into between you and Debbie Carroll Garden Designs. This is most likely to occur during initial conversations where you need to inform us if you require additional support and as part of our consultation or design to ensure it considers any adaptations that may be required with this in mind.  This data will only be retained until the service is complete plus any required period by law or for liability. In any instances where this sensitive data does not go on to inform any part of the service provided or advice given, this data will be destroyed.

17. Direct email contact with us

If you contact us directly using e-mail the personal data transmitted is automatically stored on our 3^rd party 123-Reg until downloaded to Debbie Carroll Garden Designs’ devices or deleted from the server. This information will only be stored and used for the purpose of processing or contacting you in regards to your enquiry. This information is retained until completion of the enquiry or the requested support has been provided plus any period required by law or in regards to the law of liability.

18. Electronic Documentation

Electronic copies of personal data may include contact information provided to enable providing the requested service, details to enable contact for an event, processing payment via invoicing, within contractual documents to agree provision of a service, including on design plans, and photographic form related to an agreed service.

Where we create electronic documents, including photographic and design plans, we hold copies of this on a cloud-based system called Dropbox. This also allows local copies of these files to be saved on devices where the operator has Login access to Debbie Carroll Garden Designs’ Dropbox account to enable its use when not connected online. Only the Owner and Administrator of Debbie Carroll Garden Designs have access to this information and we do not share this with 3^rd parties except where it is essential in providing the services you have entered into with us and as per that described in ‘3^rd parties & Social media’ (make a link).

Paper copies may be produced from these documents where they are required to meet legal or liability reasons e.g. financial archived record keeping.

During consultation site visits a paper copy of some personal data, such as contact information, may be needed when working away from electronic access. Following the visit, and after any appropriate updating of on-line electronic copies, the paper copy will be destroyed with the exception of design plans where both electronic and paper copies will be held as per the required retention.

19. Use of data for marketing or sharing of best practice

Debbie Carroll Garden Designs will not use any photographs of you, or your site, for marketing or as part of sharing best practice without obtaining express permission from you, and any other appropriate people shown in the image.

We will obtain permissions via a photographic consent form or email and permissions, where given, will be retained electronically and also added to the properties section on the photograph data file itself.

20. Handwritten Documentation

Handwritten notes containing your personal data may be taken as a result of phone enquiry, at events and from our ‘Stay in touch’ form following an event and on consultation field notes.

Where handwritten notes are made these will be used only for the purpose entered into with Debbie Carroll Garden Designs. All information is held securely at Debbie Carroll Garden Designs office in Southampton until completion of the enquiry or service is provided plus any required period in law or for liability.

If handwritten notes are transcribed to an electronic form for any reason the handwritten copy will be destroyed unless this document represents the ‘consent’ document. This is the case of the ‘Stay in touch form’ completed by you at a face-to-face event.