Applewood Permaculture Centre
Your personal data is in safe hands with Applewood Permaculture Centre
We do: respect your privacy and work hard to ensure we meet strict regulations.
We don’t: sell your personal data to third parties.
We will : always protect your personal data.
A few quick notes:
- The policy applies to you if you’re a supporter of Applewood via Facebook or our E-newsletter or use any of our services, attend courses, buy books, visit our website, email, call or write to us.
- We’ll never sell your personal data. We will only share it with tutors, cooks and collaborators we work with, who meet our own high privacy standards.
Please read the following to learn more about how we collect, store, use and disclose information about you when you interact with us, in any manner, via our website and/or our services.
Applewood Permaculture Centre is committed to ensuring that personal information is handled in a secure and confidential manner in accordance with its obligations under the GDPR, associated acts and professional guidelines. Applewood Permaculture Centre will use all appropriate and necessary means at its disposal to comply with the GDPR and associated Acts and guidance.
Information you provide to us:
When you use our website we collect the personal information that you provide to us, for example your name, your email address, your telephone number, your organisation or company name, as well as other contact or other information via our online forms for enquiries, newsletter sign-up and events registration.
When you buy books or trees from us we collect the personal information that you provide to us, for example your name, your email address, home address, your telephone number, your organisation or company name, some bank details and nay other information you choose to provide us.
When you contact us via email or by phone with a query, or fill in a paper form at an event, or for any other reason – we collect the personal information that you provide to us, for example your name, your email address, your phone number, your organisation or company name as well as any other contact or other information you choose to provide us.
When you register on one of our courses we collect the personal information that you provide to us, for example your name, your email address, your phone number, your home address, dietary requirements, any health or disability information you give or other information you choose to provide us.
Information we automatically collect
How we use the information
We use the information we collect to support our work hosting and providing courses and producing and selling books. This includes:
- to provide, operate and maintain the services and courses we offer;
- to process and complete transactions and send related information including transaction confirmations and invoices;
- to manage the use of the services by collaborators, customers and course participants i.e. respond to enquiries and comments and provide service and support;
- to investigate and prevent fraudulent activities, unauthorised access to the services, and other illegal activities;
- for any other purposes about which we notify members of staff, volunteers, collaborators, customers cooks and course participants.
We use the information we collect via our website:
- for administration and reporting purposes including (but not limited to) troubleshooting, performance analysis, statistical analysis and testing
- to improve our website to ensure that content is presented in the most effective manner for you and for your device;
- to analyse customers use of our website for trend monitoring and marketing purposes;
- for the purposes made clear to you at the time you submit your information – for example, to fulfil your request for information on our courses and services;
- as part of our efforts to keep our website safe and secure.
We may also use the information you send to us via our website and/or services, to communicate with you via email and possibly other means regarding products, services, offers, promotions and events we think may be of interest to you or to send you our newsletter. You will always be able to opt-out of such communications at any time (see the “Your Rights to Your Personal Information” section below).
If you have engaged in any of our services we may send you non-promotional service related communications.
Good records management practice plays a pivotal role in ensuring that Applewood Permaculture Centre is able to meet its obligations to provide information, and to retain it, in a timely and effective manner in order to meet the requirements of the GDPR. Records should be retained and disposed of in accordance with Applewood Permaculture Centre retention schedule.
Applewood Permaculture Centre will take all reasonable steps to ensure that course participants, collaborators, customers, members of staff, volunteers, tutors and cooks are informed of the reasons Applewood Permaculture Centre requires information from them, how that information will be used and who it will be shared with. This will enable the data subject to give explicit informed consent to Applewood Permaculture Centre handling their data where the legal basis for processing is consent.
Should Applewood Permaculture Centre wish to use personal data for any purpose other than that specified when it was originally obtained, the data subject’s explicit consent should be obtained prior to using the data in the new way unless exceptionally such use is in accordance with other provisions of the GDPR.
Should Applewood Permaculture Centre wish to share personal data with anyone other that those recipients specified at the time the data was originally obtained, the data subject’s explicit consent should be obtained prior to sharing that data, failure to do so could result in a breach of confidentiality.
Applewood ensures that information relating to identifiable individuals is kept secure and confidential at all times. Applewood Permaculture Centre will ensure that its holdings of personal data are properly secured from loss or corruption and that no unauthorised disclosures of personal data are made.
We use appropriate technical, organisational and administrative security measures to protect any information we hold from loss, misuse, unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.
You have rights under the GDPR in relation to the personal information we hold and are using about you. This includes asking for a copy of the information we hold about you, having any inaccurate information we hold about you corrected, to request that we stop using your personal information in a particular way or to ask us to delete your data permanently.
You can always opt not to disclose information to us. You can opt-out of receiving promotional or marketing communications from us at any time by updating preferences via the unsubscribe link in the email communication we send, on our website, or by contacting Applewood Permaculture Centre (addresses below in How to contact us)
In the first instance, please talk directly to us, so we can learn from and resolve any problem or query. You can send an email with the details of any data protection complaint to us. (addresses below in How to contact us) We will respond to any complaints we receive.
You have the right to contact the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website. www.ico.org.uk/concerns.
The GDPR (2016) governs the handling of personal information that identifies living individuals directly or indirectly and covers both manual and computerised information. It provides a mechanism by which individuals about whom data is held (the “data subjects”) can have a certain amount of control over the way in which it is handled.
Some of the main features of the GDPR are:
- All data covered by the GDPR must be handled in accordance with the Six
Data Protection Principles
- First Principle – processed lawfully, fairly and in a transparent manner in relation to individuals;
- Second Principle – collected for specified, explicit and legitimate purposes and not processing for archiving purposes in the public interest, scientific or historical research initial purposes;
- Third Principle- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Fourth Principle – accurate and, where necessary, kept up to date; every reasonable the purposes for which they are processed, are erased or rectified without delay;
- Fifth Principle – kept in a form which permits identification of data subjects for no longer personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
- Sixth Principle- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- The person about whom the information is held (the Data Subject) has various rights under the GDPR including the right to be informed about what personal data is being processed, the right to request access to that information, the right to request that inaccuracies or incomplete data are rectified, and the right to have personal data erased and to prevent or restrict processing in specific circumstances. Individuals also have the right to object to processing based on the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling); and processing for the purposes of scientific/historical research and statistics. There are also rights concerning automated decision making (including profiling) and data portability.
- Processing of special categories of data must be done under a lawful basis. This data includes information about race, ethnic origin, political persuasion, religious belief, trade union membership, genetics, biometrics (where used for identification purposes), health, sex life and sexual orientation.
- The GDPR deals with criminal offence data in a similar way to special category data and sets out specific conditions providing lawful authority for processing it.
- There is a principle of accountability of data controllers to implement appropriate technical and organisational measures that include internal data protection policies and procedures, staff training and awareness of the requirements of the GDPR, internal audits of processing activities, maintaining relevant documentation on processing activities, appointing a data protection officer where needed, and implementing measures that meet the principles of data protection by design and data protection by default, including data minimisation, transparency, and creating and improving security features on an ongoing basis.
- Data protection impact assessments are carried out where appropriate as part of the design and planning of projects, systems and programmes.
- Data controllers must have written contracts in place with all data processors and ensure that processors are only appointed if they can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
- Data breaches that are likely to result in a risk to the rights and freedoms of individuals must be reported to the Information Commissioner’s Office within 72 hours of the organisation becoming aware of the breach. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, the organisation will notify those individuals concerned directly.
- The Information Commissioner is responsible for regulation and issue notices to organisations where they are not complying with the requirements of the GDPR. She also has the ability to prosecute those who commit offences under the GDPR and to issue fines.