We (Nicholson Nurseries Ltd, trading as Nicholsons and Rosara) are committed to protecting the privacy and security of your information. This policy covers customers of Nicholsons and/or Rosara, and any other individuals who do business with us.
- About us
The data controller (i.e. the organisation making decisions about how and why your personal information is used) is Nicholsons Nurseries Limited (trading as “Nicholsons” and “Rosara”).
Our place of business is The Park, North Aston, Bicester, Oxon. OX25 6HL. We are a limited liability company registered in England and Wales with company number 04820053 and Data Controller Registration Number: ZA272523.
Questions? Any questions about your personal information or this policy should be directed to the following address:
The Data Protection Officer, Nicholsons Nurseries Limited, The Park, North Aston, Bicester, Oxon. OX25 6HL.
- What information we collect
If you purchase products or services from us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, your name, billing/shipping address, email and telephone number).
We do not normally collect or store sensitive personal data. If this does occur (for example, if an accident or injury occurs on our property then our record may include sensitive personal data) then we will take extra care to ensure your privacy rights are protected.
- How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- enter into, or perform, a contract with you (e.g. to fulfil any orders you place);
- comply with a legal duty;
- protect your vital interests;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
- for our own (or a third party’s) lawful interests (such as internal record keeping, market research or to improve our products) provided your rights don’t override these.
In any event, we will only use your information for the purpose it was collected (or for similar/related purposes).
We will never sell your personal data. We may share personal data with subcontractors or suppliers who provide us with services. For example, if you order something from us, your name and address may be shared with a delivery company. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information the confidential, secure and not use it for any other purpose.
We will use personal information to operate your online account. You can also close your online account by contacting us firstname.lastname@example.org.
From time to time, we may wish to send you details regarding upcoming special offers, new product ranges and other information which may be of interest to you. Where you have purchased products or services from us, we may send you messages about other, similar products or services which may be of interest.
Alternatively, you can opt-in to receiving this information (by telling us you would like to receive marketing when you make a purchase or fill in a form asking about marketing).
You, of course, can withdraw your consent to marketing at any time. If you decide that you wish to stop hearing from us, or change how we contact you, you can do so in any of the following ways:
- clicking the appropriate link at the bottom of our e-mails;
- emailing email@example.com ;
- telephoning 01869 340342; or
- writing to us at: Data Protection Officer, Nicholsons Nurseries Limited, The Park, North Aston, Bicester, Oxon. OX25 6HL.
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
We cannot absolutely guarantee the security of the internet or external networks and any online communications (e.g. information provided by email or through our website) are at your own risk.
If you set up an online account, you are fully responsible for keeping your online account login details safe. You must not let anyone else use your account and must contact us as soon as possible if you suspect that an unauthorised person has gained access to your account
When you make a purchase, some information about you (such as your name, email address, shipping and billing address and payment details) will be passed onto and/or processed by a third party (Sage) who provides secure payment services.
We do not store payment details/credit card security information once a purchase is complete.
6. Data storage
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organisation which is certified under the EU-US Privacy Shield framework)
How long it is stored for
We usually store details of transactions for 6 years after the products/services have been delivered. If we consider there is a need to store them for longer (for example, the transaction has been the subject of a dispute or claim) then we will retain them for as long as is necessary.
Information relating to online accounts will be stored and kept for as long as your account remains active. If you delete your account with us, the data it contains will be removed without undue delay. We continually review the personal data we hold and delete what is no longer required. We never store payment card data.
- Updating your information
If you believe that any information we are holding on you is incorrect or incomplete, please e-mail firstname.lastname@example.org or write to: Data Protection Officer, Nicholsons Nurseries Limited, The Park, North Aston, Bicester, Oxon. OX25 6HL.
You can also ensure your web account details are accurate and up to date by logging into your account at http://www.rosara.co.uk/customer/account/login/.
- Your rights
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request) within one month of our receiving your request;
- the right to have inaccurate data rectified; and
- the right to object to your data being used for marketing or profiling.
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason); and
If you would like further information on your rights or wish to exercise them, please e-mail email@example.com or write to: The Data Protection Officer, Nicholsons Nurseries Limited, The Park, North Aston, Bicester, Oxon. OX25 6HL.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality. Cookies are small text files which a website uses to recognise a visitor (e.g. if you add an item to a shopping basket, a cookie will recognise that when you come through to checkout).
Links to other sites
- Changes to this policy
Niel Nicholson – Data Protection Officer.