top of page
07730 499690
Greenlands Gardening Services
GDPR Data Protection Policy
Draft Policy Date: 07 January 2025
Policy Effective Date: 12 January 2025
Scheduled Review Date: 11 January 2026
Introduction
At Greenlands Gardening Services, we are committed to protecting and respecting your
privacy. This Data Protection Policy outlines how we collect, process, store, and protect your
personal data in compliance with the General Data Protection Regulation (GDPR) and the
UK Data Protection Act 2018.
Purpose of this Policy
The purpose of this policy is to demonstrate our commitment to data protection and to
provide transparency about how we process personal data.
Data Protection Principles
We adhere to the following key principles when processing personal data:
1. Lawfulness, Fairness, and Transparency – Personal data will be processed lawfully,
fairly, and transparently.
2. Purpose Limitation – We will collect personal data for specific, legitimate purposes
and will not process it in a manner incompatible with those purposes.
3. Data Minimisation – We will only collect data that is necessary for the purposes we
have outlined.
4. Accuracy – We will ensure that personal data is accurate and kept up to date.
5. Storage Limitation – We will only retain personal data for as long as necessary for
the purposes it was collected.
6. Integrity and Confidentiality – We will process personal data securely, ensuring
appropriate measures to protect against unlawful processing and data loss.
7. Accountability – We take responsibility for ensuring compliance with these
principles and can demonstrate this compliance.
Lawful Basis for Processing
We process personal data under the following lawful bases:
▪ Consent – Where you have given us consent to process your personal data.
Page 2 of 4
▪ Contractual Necessity – Where processing is necessary for the performance of a
contract.
▪ Legal Obligation – Where processing is necessary to comply with a legal obligation.
▪ Legitimate Interests – Where processing is necessary for the legitimate interests of
our business, provided these do not override your rights and freedoms.
Rights of Data Subjects
As a data subject, you have the following rights under the GDPR:
1. Right to Access – You have the right to request a copy of the personal data we hold
about you.
2. Right to Rectification – You have the right to request that inaccurate or incomplete
data be corrected.
3. Right to Erasure (Right to be Forgotten) – You have the right to request the deletion
of your personal data in certain circumstances.
4. Right to Restrict Processing – You have the right to request the restriction of
processing your personal data in specific situations.
5. Right to Data Portability – You have the right to receive your personal data in a
structured, commonly used, and machine-readable format.
6. Right to Object – You have the right to object to the processing of your personal
data based on legitimate interests or direct marketing.
7. Right Not to Be Subject to Automated Decisions – You have the right not to be
subject to decisions based solely on automated processing, including profiling.
Data Collection and Use
We collect the following types of personal data:
â–ª Customer Data: Name, email address, phone number, billing information, and
delivery address.
â–ª Employee Data: Name, address, contact details, employment history, and payroll
details.
â–ª Supplier Data: Name, company details, contact information, and financial
information.
We use this personal data for the following purposes:
â–ª To process orders, payments, and deliver products or services.
â–ª To manage our relationship with customers, suppliers, and employees.
â–ª To comply with legal and regulatory obligations.
Data Security Measures
We take the following security measures to protect personal data:
â–ª Encryption of personal data during transmission.
â–ª Access control policies to restrict who can view or alter personal data.
â–ª Regular security assessments and audits.
Page 3 of 4
â–ª Staff training on data protection practices.
Data Sharing
We may share personal data with third parties for the following reasons:
â–ª Service Providers: For example, payment processors, IT service providers, and
cloud storage providers.
â–ª Legal Requirements: We may disclose personal data to comply with legal
obligations, regulations, or court orders.
â–ª Business Transfers: If we undergo a merger or acquisition, your data may be
transferred to the new owner.
We will ensure that appropriate data processing agreements are in place to protect your data
when shared with third parties.
Data Retention
We will retain personal data for no longer than is necessary for the purposes it was
collected. We have a data retention schedule in place to determine how long personal data
will be stored.
Once personal data is no longer required, it will be securely deleted or anonymised.
Data Breaches
In the event of a data breach, we will:
▪ Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming
aware of the breach if required.
â–ª Notify affected individuals where there is a high risk to their rights and freedoms.
We have a procedure in place to manage data breaches effectively.
Employee Responsibilities
Employees are expected to:
â–ª Handle personal data in compliance with this policy and relevant laws.
â–ª Report any data breaches or potential security incidents promptly.
â–ª Keep personal data confidential and avoid disclosing it to unauthorised
parties.
Contact Information
If you have any questions or concerns about how we process personal data, please contact:
â–ª Data Protection Officer (DPO): Peter Allan
â–ª Email: questions@greenlandsgardeningservices.co.uk
Page 4 of 4
â–ª Phone: 07730499690
â–ª Address:
11 Holystone Drive
Ingleby Barwick
Stockton-on-Tees
TS17 0PW
Review and Updates
This policy will be reviewed annually or as required by changes in the law. We will inform our
employees and customers of any significant updates.
***END OF POLICY***
bottom of page