Why a Data Protection Policy is necessary
It is a legal requirement for us to comply with the Data Protection Act 1998 and rules regarding GDPR. This
policy sets out to explain how we go about this.
The purpose of this policy is to set out clear guidelines around how Beautiful Gardens gathers, stores and
uses personal data, as well as explaining your rights to this information.
The purpose of collecting data is to maintain contact with our customers and potential customers, as well
as paying and maintaining contact with our suppliers and maintaining records of employees and supplying
this information to relevant authorities and pension providers.
Customers / Potential Customers
What rights you have over your data
- The right to be informed
You have the right to be informed about how and why we use your personal data
- The right of access
You have the right to access your data. We will provide this free of charge and within one month of your
- The right to rectification
You have the right to have information corrected if it in inaccurate, out of date or incomplete. We will
comply with a request for rectification within one month.
- The right to erasure / ‘Right to be forgotten’
You have the right to ask us to erase your personal data and for us to inform any third parties that we have
shared your data with. This would be completed within one week of the request.
- The right to restrict processing
You have the right to block or suppress the processing of your data and for us to inform any third parties
that we have shared your data with.
- The right to data portability
You have the right to obtain and reuse your data across different services. This would be provided free of
charge and within one month of the request.
- The right to object
You have a right to object to your data being processed for various reasons including direct marketing. We
do not engage in any direct marketing.
- Rights in relation to automated decision making and profiling
You have a right not to be subject to any automatic decision making in certain circumstances. We do not
have any automated processing systems in place.
How we handle your data
We will ensure that personal data will be:
- Processed lawfully, fairly and transparently
- Collected only for specific legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Stored only as long as is necessary
- Processed in a manner that ensures appropriate and safe disposal
What personal data we collect and why we collect it
We collect only names, addresses, telephone numbers and email addresses of those who contact us.
No financial information or other personal data is collected.
All of the personal data we hold has been shared with us directly, either via email or telephone call, from
the person making an inquiry with us.
We have to collect this information in order for us to maintain contact with you.
Who we share your data with
We do not share your data with any 3rd parties without your explicit consent.
Email Correspondence/Website visitors:
WordPress – Visitor comments may be checked through an automated spam detection service.
information provided by Facebook
What third parties we receive data from
We do not currently receive any third party data outside of our business.
How we protect/store your data
Any data we hold about you is kept on either a secured SSL protected website (which is also monitored for
intrusions using firewalls), on electronic devices, or as physical data. Access to any personal data used in
sales or marketing activities is accessible only by the person or people actively engaged in that activity. All
electronic devices are password-protected and physical data is kept in a locked and secure unit, when
We only engage third parties who comply with strict security practices.
How long we retain your data
We have many customers who return to use our services again, therefore we feel that it is necessary to
hold data for a period of 10 years. Data we hold for anyone that has not used our services is only retained
for 3 years. You can request for your data to be removed at any time.
How to withdraw your consent or lodge a complaint
If you would like to withdraw your consent for us to use or store your data or would like to lodge a
complaint about data protection issues, then please communicate this in writing to:
Gareth Williams - Suite 11a, South Street Centre, Hythe, Southampton,SO45 6EB
Employees data must be held for legal purposes and is treated in the same respect to the guidelines set out
in the previous section. More information is held on employees, including driving licences (and other
licences), passport details, NI numbers and other personal information pertaining to their employment.
Data is only retained after employment has been terminated for legal reasons.
Only the minimal amount of data will be collected by staff, usually name, address, telephone number and
email addresses only.
All personal data should be safely stored and not accessible to the public and unauthorised staff. All
electronic devices should be password-protected in order to maintain the security of data and paper copies
should be safely stored in a locked unit.
We hold bank details for our suppliers in order for us to pay them, along with other information such as
address and contact details. The storage and usage of this data is treated in the same respect to the
guidelines set out in the previous sections. Data is only held whilst we have a working relationship with
suppliers, after which it is erased.
What happens if there is a data breach
On discovery of any data breach we will report the breach within 72 hrs to the data protection authorities
and provide information to any users shortly after that.
We have website firewall software in place to protect both the data on our websites and any external
services we use. We monitor data breach information to check if we have been affected by any breaches
and change passwords regularly.