PRIVACY POLICY for "groveshop.co.uk"

At Grove group we are committed to safeguarding and preserving the privacy of our visitors. This Privacy Policy explains what happens to any personal data that you provide to us, or that we collect from you whilst you visit our site. We do update this Policy from time to time so please do review this Policy regularly.

 


General Data Protection Regulation (GDPR)

Data Privacy Notice

Your data and privacy are important and we will handle them securely, fairly and in accordance with applicable laws at all times. Grove Group complies fully with the General Data Protection Regulation (GDPR) and this Privacy Notice tells you about the data we collect and how we store and use it.

 

What information do we collect?

We keep all the data that you voluntarily provide when you register an account or place an order with us. This information is shown on your Account page and can be changed by you at any time.

We store a list of the items that you have ordered including any personalisation details, and the address to which you want the items delivered.

If you call us we may record the call so that we have a record of what has been said.

All emails and messages sent to us via the website are kept so we both have a record of the communication.

Information about your use of our site including details of your visit such as pages viewed and the resources that you access.

 

What information do we not collect?

We don't see and therefore do not store or use your credit/debit card number, your card security number (CVV), or any payment card specific data.

 

Security of your data

The security of your personal data is of the highest importance and we have legal obligations to keep it safe and handle it with care.

We store your personal data securely and it is backed up to a geographically separated location so that it cannot be lost in the event of a systems failure.

 

How we use your information?

The GDPR states that we are allowed to use and share your personal data only where we have a proper reason for doing so. The permitted Legal Bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process your personal data:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, to receive our newsletter).
  • Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone's life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

 

Here is a list of the ways that we may use your personal information, and which of the Legal Bases outlined above we rely on to do so.

 

  • Website Orders

o   To fulfil an order placed on our website.

o   This is a “Contract”.

  • Customer Services

o   To answer queries, inform you of order statuses, help place an order.

o   This is a “Legitimate Interest”.

  • Marketing

o   To inform you of new products, services and offers including our newsletter.

o   This is “Consent”.

  • Website Analytics

o   To obtain statistics on the usage of our website

o   This is a “Legitimate Interest”.

 

Who we share your information with and why

We work with third parties to help fulfil and deliver your order, in all cases these third parties have been carefully vetted and only the minimum necessary personal data is shared in order to fulfil your orders.

  • Payment Processors: We use trusted, third party payment providers to enable you to make online payments with us and to make sure that your payment details are handled securely. PayPal transactions are subject to the PayPal Privacy Policy.
  • Delivery and Logistics: In order to deliver items ordered from us we may use our own vehicles. Otherwise we use national couriers.
  • Website analytics: We use Google Analytics to supply statistics on the usage of our website.

We have a legal obligation to share data in response to properly made requests from:

  • Law enforcement agencies - for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
  • Regulatory bodies such as the Information Commissioner's Office (ICO) and Ofcom.

 

How long do we keep your personal data?

We keep your data while you have an account with us. When required for legal or regulatory purposes we may need to keep your data for a longer period.

We are legally obliged to retain contact details, account details and payment history for seven years.

 

Transfers to third countries

Your data is stored in secure data centres located in the United Kingdom. Your information will not be transferred to a third country (defined under the GDPR as a country outside of the European Economic Area).

 

Keeping in touch with you

We would like to keep you updated about new products and any special offers that may become available. We will never share your personal information with any third party marketing company. You can opt-in or out of receiving these messages at any time using the Account section of the website or a link in the marketing email.

 

What are your rights?

You have the following rights under the GDPR:

  • The right to be informed. Individuals have the right to be informed about the collection and use of their personal data. This privacy notice fulfils that requirement.
  • The right of access. All of the information we have about you can be downloaded from your Account section of the website, this includes your order history.
  • The right to rectification. Most of your data can be modified and corrected via the Account section of the website. If you find an error in your data that you cannot rectify yourself, please contact Customer Services via the website or at 01444 246400.
  • The right to erasure. In certain circumstances, you have the right to request that we delete personal data held on you. This does not apply if we have a legal reason for retaining it.
  • The right to restrict processing. In certain circumstances, you have the right to ask us to 'restrict processing of data'. This means we would need to secure your data but not otherwise use it. This would prevent fulfilling or making orders.
  • The right to data portability. You have a right to obtain some of the personal data we hold on you in a 'structured machine-readable' format.
  • The right to object. You have the right to opt-out of any marketing communications that we may wish to send you. You can change your marketing preferences at any time from the Account section of the website.
  • Rights related to automated decision-making including profiling. We do not apply any automated decision-making or profiling to any of your personal data.
  • If you have any questions about how Grove Group uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Customer Services team on 01444 246400.
  • You have the right to lodge a complaint with the Information Commissioner's Office. Further information, including contact details, is available at https://ico.org.uk

 

Data Controller

The GDPR makes a distinction between organisations that process personal data for their own purposes, known as 'Data Controllers', and organisations that process personal data on behalf of other organisations, known as 'Data Processors'.

Grove Group is a Data Controller with a registered address of:

Grove Group, Unit 22, Victoria Way, Burgess Hill, West Sussex, RH15 9NF

 

Cookie Notice

We use cookies where appropriate to facilitate the use of our website and for administrative purposes. Where used, these cookies are downloaded to your computer and stored on the computers hard drive. Such information will not identify you personally. You can adjust the settings on your computer to decline any cookies if you wish, this can easily be done by activating the reject cookies setting on your computer. When you first access the website you will be informed of the use of cookies and a button to accept this use is offered. Cookies are necessary for the website to work as intended.

 

Third Party Website Links

On occasion we may include links to third parties on this website. Where we provide a link it does not mean that we endorse or approve that site policy towards visitor privacy. You should review their privacy policy before sending them any personal data.

 

Contacting Us

Please do not hesitate to contact us regarding any matter relating to this Privacy Policy.

  

Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.