The Surrey Garden Design Group is committed to giving you control over your personal data and keeping it safe.
This privacy statement applies to personal data provided to us, both by you and by third parties.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. We will never transmit information that can identify you to any third party for marketing purposes.
The Surrey Garden Design Group is a not for profit organisation.
The SGDG is the ‘data controller’ of the personal data we collect about you and is subject to the Data Protection Act 1998, and, when it takes effect on 25 May 2018, the General Data Protection Regulation (the GDPR).
Our email address is email@example.com
Our website is www.sgdg.org.uk
We collect your name, address, email address and contact telephone number. No data about you is transferred or processed outside of the UK
We collect your personal data when you fill in a membership form for an initial application for membership or on renewal. It may also be when you take part in SGDG organised events or activities, such as event evenings and visits to gardens and nurseries.
We email you with event reminders and any other information and correspondence necessary to fulfill our obligations to organize the group.
Your address is used to send you the latest copy of Groundcover if we haven’t been able to hand it to you in person, or to send you for example special tickets to events or any other documents.
Your telephone number will only be used in a rare matter of urgency or if we are unable to contact you in any other way.
This information might be shared internally and authorized trustees may have access to it.
No credit or debit card information is stored on our systems, irrespective of how the payment is being processed.
No information related to you is shared with third parties for further processing or use inside or outside the UK.
All the information is stored on secure servers. The transfer of data outside of our internal systems is done on secure channels. All our Data Processors are UK established companies and they have similar Privacy policies in place in order to ensure data security.
However, other organisations we work closely with, are not normally involved in data processing, but may come in contact with it in the course of system servicing, breakdowns, updates etc.
We have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, if there is no legal, accounting, or reporting requirements to retain it for a longer period.
You have the right to access, change or have the data about you removed from our systems in accordance with the General Data Protection Regulation (GDPR) of 2018. You may request a copy of the data we’re holding about you and information about the way we process it. You have the right to withdraw consent at any time.
The right to be forgotten
You may request to have all your data stored with us deleted. However, due to legal requirements, data related to financial transactions are kept on record for a period of 5 years. At your request, this data can be anonymized.
The right to be informed
You are entitled to be informed on how we process the data about you, for how long we’re storing information about you in a plain and simple language.
The right to access
Under GDPR, you have the right to access your personal data, confirm that your data is being processed, for free.
Right to rectification
Inaccurate or incomplete data must be rectified.
How to complain
If you are unhappy with how we collect and use your data, please tell us first. You also have the right to complain to the ICO (Information Commissioner’s Office), whose website can be found at www.ico.org.uk
Any changes we make to our privacy statement in the future will be posted on the privacy statement page of our website and, where appropriate, notified to you by e-mail or otherwise.