A.G. Carrick (trading as Highgrove Gardens)
Privacy Notice v.04
This privacy notice tells you what to expect when A.G. Carrick, trading as Highgrove Gardens, collects personal information.
It applies to information we collect about you if you:
- visit the gardens, restaurant, and attend our events
- receive our group mailings
- purchase Highgrove merchandise
- register to be on our mailing list
- enter a competition, prize draw or raffle
- complete a "stay in touch" card
- visit our website
- register for an account on our website
- make a donation
- contact us
- are a supplier or trade customer.
Your privacy is extremely important to us. Any personal information we gather from you will be used in accordance with the Data Protection Act 2018.
The information we collect
When you visit the gardens, restaurant, and attend our events.
If you purchase tickets in advance of your visit date, we will request your name, e-mail address, postcode, house number, country, and telephone number. We will use your email address to confirm the booking and to deliver your electronic tickets and receipt to you.
Where food and drink are offered during the visit, we may collect information about allergens; where visits require step free access, we may collect vehicle details (registration, make/model, colour, registered owner); and, where there are students with special needs, we may be provided with their requirements (students are not identified by name). We rely on legitimate interests to process your personal data for this purpose. This information is held until the visit is complete and then destroyed.
If you attend an event, we may ask you for your feedback. This may include a request for such personal details as: postcode and age range. We ask for these details in order to build a background profile of the range of people taking part in particular events. We collect this data in a way which ensures it does not personally identify you.
On occasions, there may be a photographer employed by Highgrove Gardens at an event. Prior to entering the Gardens we will ask you to let us know if you do not wish to be photographed and will ask you to wear an identifier for this purpose. This is to ensure that the photographer knows not to take your photograph. If we wish to take photographs of children at an event, we will obtain written consent from their parents or guardians, or from their school, before we do that. We keep these consent forms indefinitely as proof of consent. If there is a large group of children at a family event, we may ask that children who do not wish to be photographed wear a sticker so that we do not include them in any photographs. We use these photographs to promote our activities and will retain them for up to 5 years. We rely on legitimate interests to process personal data for this purpose.
If you have an accident whilst visiting the site, we will need to collect your name, contact details and a description of the nature of your injury in order to complete an Accident Form. We are obliged to do this under Health and Safety Regulations and it is our legal obligation to process your personal data for this purpose. Depending on the nature of the accident, we may also have to report it to government regulators, in which case we would also need to inform the regulators of your age. We will retain this personal information securely in locked facilities for six years in order to comply with relevant legislation.
If you receive our group mailings
We offer people who represent groups, and the travel trade, regular updates which include new exhibitions, site news, and an up to date opening and closures list. These updates are emailed from time to time to people who have made a group booking with us previously and have provided us with their contact details for this purpose, and/or have indicated to us that they wish to receive this material. In order to do this, we collect these people's names and email addresses. They can unsubscribe from these email updates at any time by clicking on "Unsubscribe" or "Update my Preferences" at the bottom of any email they receive from us.
We also collect the personal information of individuals who make group bookings with us, or who request to be added to our group mailing list. For this purpose, we process their names, addresses, email addresses, and the group with which they are affiliated. These individuals may request their details be deleted from our group mailing list at any time by contacting the Administrator at Highgrove Gardens by telephone, email or post.
Highgrove Gardens relies on the lawful basis of consent to process the personal data of people who receive our group mailings. We will keep your personal data for as long as we continue to have an active relationship with you. We will delete your personal data if you request us to, or if we have had no active contact with you for more than 2 years.
If you purchase Highgrove merchandise
We also utilise a third party called ShipStation to manage our shipping and tracking process when we send goods to customers. ShipStation is a US based company and therefore personal data will be processed in the USA. We make use of GDPR approved Standard Contractual Clauses in order to ensure customer personal data is appropriately protected. ShipStation’s privacy notice is here.
We retain this information as part of our financial records according to legislative requirements (six financial years) and whilst the customer continues to use our service.
If you register to be on our mailing list
We send communications out several times a month to subscribers on our mailing list about the topics they wish to hear about, depending on each user's stated preferences. Users can edit their preferences, including the format that they receive our communications or unsubscribe completely from a link in the footer of every email we send. We rely on the lawful basis of consent to process your personal data for this purpose. We process this data through our marketing database DotDigital. DotDigital is a global company and your data may be stored on servers both in the UK and overseas including the United States. DotDigital’s privacy notice can be accessed here.
A list of unsubscribed addresses are kept securely in our marketing database in order to ensure we have a record of people who do not wish to be contacted. If an individual wishes their data to be deleted, their record can be deleted from the database on request. We will keep your personal data for as long as we continue to have an active relationship with you. We will delete your personal data if you request us to, or if we have had no active contact with you for more than 2 years.
If you enter a competition, prize draw or raffle
When entering any of our contests, prize draws or raffles, we collect your name, e-mail address and mailing address. If you win, we will send the prize to the address entered and notify you by e-mail. When you enter a contest, prize draw or raffle, you will be asked if you would like to be included on our mailing list to receive notice of promotions, special offers and new additions to the website. You may unsubscribe from this list by following the unsubscribe instructions in any e-mail received. We rely on legitimate interests to process your personal data for this purpose. We will retain records relating to competition entries for up to 12 months after the competition has been closed and the winners announced.
If you complete a "stay in touch" card
In our stores, we have a newsletter registration form which enables customers to subscribe to our mailing list. We ask for your name (optional) and e-mail address, which is collected and entered into our secure marketing database. The registration forms are subsequently securely shredded. We rely on the lawful basis of consent to process your personal data for this purpose. Please refer to the section ‘If you register to be on our mailing list’ for details of how long we retain your personal data.
When you visit our website
During your use of the site we may collect information about your computer, including your IP address, operating system and browser types, for system administration and to report aggregate information to third parties. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
If you register for an account on our website
If you wish to use features that require you to register with us, we ask you to create an account by registering. To do this you need to input some of your personal information on our web registration form. We ask for your name, e-mail address, and a password. We rely on consent as our lawful basis for processing your personal data for this purpose. We will keep the personal data you have provided to register for an account for as long as we continue to have an active relationship with you. We will delete your personal data if you request us to, or if we have had no active contact with you for more than 5 years.
When you create an account, you will be given the option to receive information from Highgrove Gardens by e-mail about products, promotions or special offers that we feel may be of interest to you. In the event that you do not wish to be contacted for such purposes, please ensure that you do not tick the mailing list option as you go through the registration process.
Make a donation
When people support us, for example by making a charitable donation to a specific project, we will usually collect their name and contact details. We collect this data so that we can update people on how their donation has been used. We may ask for more support through donations. Names of donors may be published in the 'Prince's Foundation'' Annual Report, with their permission. If you have donated to us, we are required to keep this data for six financial years.
When you contact us
If you write, email or call us, we may keep your name and address or email address on file together with your enquiry and our response should there be any follow up correspondence. We rely on legitimate interests to process your personal data for this purpose. We will retain this information for a period of 2 years, or if the correspondence relates to the purchase of tickets or merchandise will may retain it for up to 6 financial years in line with legal requirements.
We record calls to our customer services phone line for the following purposes:
- to assist in quality monitoring of staff
- to investigate and resolve a complaint
- for the detection, investigation and prevention of crime.
If you are a supplier or trade customer
We process personal data relating to suppliers or individuals representing organisations who wish to set up a trade account with us. For this purpose we will process an individual’s name (i.e. the name of the company’s representative), the company’s contact details both postal and email address and bank details. We use this data to pay you for goods or services received or provide you with goods and to invoice you if you are a trade customer. We rely on contractual obligation as our lawful basis for processing data for this purpose. We keep this information for six financial years in order to comply with financial regulations.
How do we protect your personal data?
We keep your information on secure servers and we fully comply with all applicable UK data protection and consumer legislation.
When people purchase Highgrove tickets or merchandise, whether over the telephone, through our website, or in one of our stores, we use a third party provider, Sage Pay, to process credit or debit card purchases. Our provider adheres to the international security standards within the credit industry.
When we engage our technology partners to process personal information on our behalf, they do so on the basis of written instructions which require them to process your personal data and keep it secure in line with relevant legislation.
What are your rights?
As a data subject, you have a number of rights ("Subject Rights"). You can:
- access and obtain a copy of your data on request;
- ask us to change incorrect or incomplete data;
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing;
- request a copy of the data you have provided to us in an agreed format, so that you can reuse it or transfer it to another data controller if you wish; and
- ask us whether we use automated decision making or profiling when processing your data.
Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply.
Changes to this privacy notice
Please check back frequently to see any updates or changes to our privacy notice.
How to contact us
If you have questions regarding our privacy notice, or would like to request a copy of your personal information, or exercise any of your other Subject Rights you can contact us via: The Administrator, A.G. Carrick Ltd, Unit 6 & 7, Warren Business Park, Knockdown, Tetbury, Gloucestershire, GL8 8QY or by sending an email to firstname.lastname@example.org.
If you have concerns about the use of your personal data, the Information Commissioners Office is an independent body set up to uphold information rights in the UK. They can be contacted through their website: www.ico.org.uk, their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
25th November 2021