Privacy and Data Protection
Tranquil Plants takes your privacy seriously. We only collect information where it is necessary for the functioning of the website, to answer your enquiry, or to fulfil your orders. We do not collect any information unless there is a clear need for it.
Tranquil Plants is a registered organisation with the ICO
WHEN WE COLLECT YOUR DATA AND WHAT WE DO WITH IT:
1. OUR CONTACT FORM
When you fill out the contact form on this website, your name, email address, and phone number will be collected and used only to reply to your enquiry. They will not be added to any email lists or given to third parties or used for any other purpose.
2. WHEN YOU ORDER FROM US
When you use our store to order items, your name, email address and/or phone number and physical address are collected so that we can fulfil your order. These details are used only to fulfil your order. They will not be added to any email lists or given to third parties.
After we fulfil your order, you will receive emails of special offers and discounts only if you explicitly opt-in to receiving these communications at the checkout stage. Our checkout is set by default to not add your details to such communications unless you opt-in by checking the relevant box.
3. CUSTOMER REVIEWS
When you leave a customer review, we ask for an email address only so we can be sure it is a genuine review. This email address will not be added to other lists, shared with third parties, or used for any other purpose than verifying the review as genuine.
4. EMAIL MARKETING COMMUNICATIONS
We only send email marketing communications to those customers and subscribers who have explicitly opted-in to receive this communication. We use a third-party supplier called Mailchimp to handle this email and you can read their policy on how they handle your information here: https://mailchimp.com/legal/privacy/
DATA SECURITYWe have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
WHEN WILL WE SHARE YOUR PERSONAL DATA?We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
We require all parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. They Include:
All the third party providers we use have committed to privacy practices that are compliant with the General Data Protection Regulations of the European Union.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
DATA RETENTION - HOW LONG WE KEEP YOUR DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We shall keep your data for the period of time you hold an account with us, to enable us to contact you, keep a record of your past orders and supply you with any new orders. We shall not keep your personal information for any longer than necessary to fulfil our obligations to you or to meet our legitimate business interests or legal requirements. For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
DATA PROTECTION OFFICER: STEFAN THOMAS
You have the right to see the information we hold on you, to have it corrected, to have it deleted, or to withdraw your consent to our processing of your data.
If you would like to know what information we hold on you or would like to have all the information we hold about you deleted, or any other question or request connected to your data, please CONTACT US with your request. We will get back to you within 2 business days.