Data Privacy Notice
Your data and privacy are important and we will handle them securely, fairly and in accordance with applicable laws at all times. Grove Group complies fully with the General Data Protection Regulation (GDPR) and this Privacy Notice tells you about the data we collect and how we store and use it.
What information do we collect?
We keep all the data that you voluntarily provide when you register an account or place an order with us. This information is shown on your Account page and can be changed by you at any time.
We store a list of the items that you have ordered including any personalisation details, and the address to which you want the items delivered.
If you call us we may record the call so that we have a record of what has been said.
All emails and messages sent to us via the website are kept so we both have a record of the communication.
Information about your use of our site including details of your visit such as pages viewed and the resources that you access.
What information do we not collect?
We don't see and therefore do not store or use your credit/debit card number, your card security number (CVV), or any payment card specific data.
Security of your data
The security of your personal data is of the highest importance and we have legal obligations to keep it safe and handle it with care.
We store your personal data securely and it is backed up to a geographically separated location so that it cannot be lost in the event of a systems failure.
How we use your information?
The GDPR states that we are allowed to use and share your personal data only where we have a proper reason for doing so. The permitted Legal Bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process your personal data:
- Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, to receive our newsletter).
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone's life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
Here is a list of the ways that we may use your personal information, and which of the Legal Bases outlined above we rely on to do so.
o To fulfil an order placed on our website.
o This is a “Contract”.
o To answer queries, inform you of order statuses, help place an order.
o This is a “Legitimate Interest”.
o To inform you of new products, services and offers including our newsletter.
o This is “Consent”.
o To obtain statistics on the usage of our website
o This is a “Legitimate Interest”.
Who we share your information with and why
We work with third parties to help fulfil and deliver your order, in all cases these third parties have been carefully vetted and only the minimum necessary personal data is shared in order to fulfil your orders.
- Delivery and Logistics: In order to deliver items ordered from us we may use our own vehicles. Otherwise we use national couriers.
- Website analytics: We use Google Analytics to supply statistics on the usage of our website.
We have a legal obligation to share data in response to properly made requests from:
- Law enforcement agencies - for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
- Regulatory bodies such as the Information Commissioner's Office (ICO) and Ofcom.
How long do we keep your personal data?
We keep your data while you have an account with us. When required for legal or regulatory purposes we may need to keep your data for a longer period.
We are legally obliged to retain contact details, account details and payment history for seven years.
Transfers to third countries
Your data is stored in secure data centres located in the United Kingdom. Your information will not be transferred to a third country (defined under the GDPR as a country outside of the European Economic Area).
Keeping in touch with you
We would like to keep you updated about new products and any special offers that may become available. We will never share your personal information with any third party marketing company. You can opt-in or out of receiving these messages at any time using the Account section of the website or a link in the marketing email.
What are your rights?
You have the following rights under the GDPR:
- The right to be informed. Individuals have the right to be informed about the collection and use of their personal data. This privacy notice fulfils that requirement.
- The right of access. All of the information we have about you can be downloaded from your Account section of the website, this includes your order history.
- The right to rectification. Most of your data can be modified and corrected via the Account section of the website. If you find an error in your data that you cannot rectify yourself, please contact Customer Services via the website or at 01444 246400.
- The right to erasure. In certain circumstances, you have the right to request that we delete personal data held on you. This does not apply if we have a legal reason for retaining it.
- The right to restrict processing. In certain circumstances, you have the right to ask us to 'restrict processing of data'. This means we would need to secure your data but not otherwise use it. This would prevent fulfilling or making orders.
- The right to data portability. You have a right to obtain some of the personal data we hold on you in a 'structured machine-readable' format.
- The right to object. You have the right to opt-out of any marketing communications that we may wish to send you. You can change your marketing preferences at any time from the Account section of the website.
- Rights related to automated decision-making including profiling. We do not apply any automated decision-making or profiling to any of your personal data.
- If you have any questions about how Grove Group uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Customer Services team on 01444 246400.
- You have the right to lodge a complaint with the Information Commissioner's Office. Further information, including contact details, is available at https://ico.org.uk
The GDPR makes a distinction between organisations that process personal data for their own purposes, known as 'Data Controllers', and organisations that process personal data on behalf of other organisations, known as 'Data Processors'.
Grove Group is a Data Controller with a registered address of:
Grove Group, Unit 22, Victoria Way, Burgess Hill, West Sussex, RH15 9NF
Third Party Website Links
Embedded content from other websites