Privacy & Security2018-10-07T19:35:28+00:00

Privacy & Security

David Austin Roses are committed to our customers’ data privacy and rights, believing we have a duty to handle your data in a way that gives you confidence when communicating with us. We believe in being upfront and transparent in how we collect, handle and store your personal information.

OUR CORE PRIVACY PRINCIPLES:

  • We will keep your data safe and secure.
  • We will always tell you how we intend to use your data.
  • We will, on every marketing communication, give you the chance to unsubscribe.
  • We will only keep your data for as long as it is needed.
  • We will never sell your data to a third party.
  • Your data is yours. We respect your right to request access or deletion of personal information.

By accepting the Privacy Policy, you are agreeing that you accept and understand the below Privacy Policy and how we will use your personal information. If you do not agree to the Privacy Policy below please do not submit data to us or use www.davidaustin.com.
If any of the details below are inaccurate or you would like to enquire further please contact us on [email protected].

PRIVACY POLICY CONTENTS:

  1. Who are David Austin Roses?
  2. How and why does David Austin Roses need to collect and process personal data?
  3. What are my rights to my data?
  4. Can I find out the personal data that David Austin Roses holds about me?
  5. How long does David Austin Roses keep personal information?
  6. Will David Austin Roses share my personal data with anyone else?
  7. Under what circumstances will David Austin Roses contact me?
  8. How do I withdraw consent for receiving marketing material?
  9. How do you use cookies?
  10. How do I complain about how my data is being used?
  11. Is there a minimum age limit for submitting data to David Austin Roses?
  12. Do you transfer information outside of the European Economic Area (EEA)?
  13. How secure is my data?
  14. Who is responsible for the content on websites you link to?
  15. What is Legitimate Interest and when does it apply?
  16. How up to date is this policy?

1. WHO ARE DAVID AUSTIN ROSES?

This policy applies to the following companies:

  • David Austin Roses Ltd. – Bowling Green Lane, Albrighton, Wolverhampton West Midlands, WV7 3HB.
  • David Austin Rose Nursery Ltd. – Bowling Green Lane, Albrighton, Wolverhampton West Midlands, WV7 3HB.

This policy applies to the following website domains:

Both David Austin Roses Ltd. and David Austin Rose Nursery Ltd. are registered with the Information Commissioner’s Office (ICO) as Data Controllers.
Our Data Protection representatives can be contacted here:
Free Phone 0800 111 4699 or email [email protected].

2. HOW AND WHY DOES DAVID AUSTIN ROSES NEED TO COLLECT AND PROCESS PERSONAL DATA?

The collection and storage of personal data allows us to record your consent to marketing and communicating with you in the future. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Most of the time you choose what information you provide to us upon data entry, but we also require certain information by law, to validate your identity and for us to provide a service to you.
The following is a list of data collection points visible to you:

COLLECTION POINT: Newsletter Sign Up

POSSIBLE DATA COLLECTION WHY?
Title, First Name, Last Name, We need to collect and process your name so that we can address you correctly for any personalised communications.
Email Address We need to collect and process your email address so that we can send you the newsletters and email marketing you have requested.
Country David Austin Roses distributes different products in different countries. We need to record your country so we know what products we can offer you and provide relevant information and advice specific to your location.
Business Name (if applicable) The website is an information source for end consumers, florists, event designers and wholesalers. A business name enables us to identify between trade and end consumers so that we can tailor newsletters accordingly.
Reason for interest This provides us with further information to help us tailor the content of the newsletters to make them as relevant as possible to the recipient.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.

COLLECTION POINT: Brochure Request

POSSIBLE DATA COLLECTION WHY?
Title, First Name, Last Name, Postal Address We need to collect and process your name and address so that we can accurately deliver your brochure request.
Email Address, Telephone Number We need to collect and process your email address and phone number in case we need to make contact about your request.
Country David Austin Roses distributes different products in different countries. We need to record your country so we know what products we can offer you and provide relevant information and advice specific to your location.
Business Name (if applicable) The website is an information source for end consumers, florists, event designers and wholesalers.  A business name enables us to identify between trade and end consumers so that we can tailor the marketing material that is sent.
Reason for interest This provides us with further information to help us tailor the content of the material we provide to make it as relevant as possible to the recipient.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.

COLLECTION POINT: Talk to a Rose Expert

POSSIBLE DATA COLLECTION WHY?
Title, First Name, Last Name We need to collect and process your name so that we can address you correctly for any personalised communications and to respond to your enquiry in a professional manner as part of improving our customer service to you.
Email Address, Telephone Number We need to collect and process your email address and phone number so we can respond to your query.
Country David Austin Roses distributes different products in different countries. We need to record your country so we know what products we can offer you and provide relevant information and advice specific to your location.
Business Name (if applicable) The website is an information source for end consumers, florists, event designers and wholesalers. A business name enables us to identify between trade and end consumers so that we can tailor our replies and information accordingly.
Reason for interest This provides us with further information to help us to tailor the responses and provide the most relevant information to the recipient.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.

COLLECTION POINT: Telephone

POSSIBLE DATA COLLECTION WHY?
Title, First Name, Last Name, Postal Address, Email Address, Telephone Number, Consent We need to collect and process your name and address to fulfil your request or provide relevant information. We need to collect and process your email address and phone number in case we need to make contact as a follow-up to your enquiry.
Phone Recordings Recordings are kept for staff training so we can give you the best service possible each time you call. They’re also a valuable tool to prevent fraud and address any complaints you may have about a previous enquiry.

COLLECTION POINT: Join Our Mailing List Sign Up Card (Printed)

POSSIBLE DATA COLLECTION WHY?
First Name, Last Name We need to collect your name address in order to match up your information with any records we currently have. This improves our customer service and keeps records we have up to date.
Email Address We need to collect and process your email address so that we can send you the newsletters and email marketing you have requested.
Postal Address We need to collect and process your address in order to send you postal marketing material as you have requested.

The following is a list of data collection points not visible to you, that do not directly identify you and are for the most part either considered anonymised or pseudonymised:

COLLECTION POINT: Google Analytics

POSSIBLE DATA COLLECTION WHY?
IP Address, Device Brand/Name/Model, Operating System Version, Browser Version, ISP, Pages Visited, Products Reviewed By recording anonymous system and device data you use, it helps us understand how best to provide our services to you. This helps us improve the information you require, fix issues and increase the level of customer service we provide.

COLLECTION POINT: Crazy Egg

POSSIBLE DATA COLLECTION WHY?
Device Resolution, Pages Visited, Operating System, Browser, Source Crazy Egg helps us understand how pages are used and any issues users are facing with the website. It is used to improve your user experience. It records this non-identifiable information to allow us to see if problems are caused by devices, browsers, operating systems etc. You are not identified by this information.

COLLECTION POINT: New Relic

POSSIBLE DATA COLLECTION WHY?
User-agent, HTTP Referrer New Relic is our web server performance monitoring service. It records this non-identifiable information to allow us to track errors and their cause. You are not identified by this information.

COLLECTION POINT: Cloudflare

POSSIBLE DATA COLLECTION WHY?
User-agent, IP Address, Country Cloudflare is our Web Application Firewall. It records this non-identifiable information to allow us to see users that pose a threat to the web server or users who are misusing/abusing access. We can then block users to protect you. You are not identified by this information.

COLLECTION POINT: Web Server

POSSIBLE DATA COLLECTION WHY?
IP Address, User-agent As the website accepts traffic we use the IP Address and User-agent to help combat malicious traffic, traffic that intends to abuse usage and help us identify problems. You are not identified by this information.

3. WHAT ARE MY RIGHTS TO MY DATA?

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access: you have the right to request a copy of the information that we hold about you.
  • Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
  • Right of portability: you have the right to have the data we hold about you transferred to another organisation.
  • Right to object: you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling: you also have the right to object to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that David Austin Roses refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
If you wish to make one of these requests please contact us on [email protected] or call us on free phone 0800 111 4699.

4. CAN I FIND OUT THE PERSONAL DATA THAT DAVID AUSTIN ROSES HOLDS ABOUT ME?

David Austin Roses at your request, can confirm what information we hold about you and how it is processed. If David Austin Roses does hold personal data about you, you can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of David Austin Roses or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.

Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

5. HOW LONG DOES DAVID AUSTIN ROSES KEEP PERSONAL INFORMATION?

We do not use your personal information indefinitely, only using it for the period in which we need your data to meet our contractual obligations to you, any timeframes set by law and to enable us to give you the best customer service possible. Any data that is not needed to fulfil these obligations will be pseudonymised, and when appropriate deleted. The following are examples of what will impact how long we use or keep your data for:

  • Any time period set by law or recommended by regulatory bodies, such as financial audit logs or fraud checks.
  • Your most recent engagement with our marketing activity.
  • If a request for erasure or rectification has been made and your identity confirmed.
  • Any relevant legal proceedings that may apply at the time.

If you would like to know more about these timeframes, please contact us on [email protected].

6. WILL DAVID AUSTIN ROSES SHARE MY PERSONAL DATA WITH ANYONE ELSE?

We may pass your personal data on to third-party service providers contracted to David Austin Roses Ltd. and David Austin Rose Nursery Ltd. in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with agreed procedures.
We will never sell any of your personal data to any third party or permit any third party to keep your data indefinitely. The following are categories of companies that form an essential part of the service we provide to you:

  • Personal Information may be shared between companies under the umbrella of David Austin Roses, such as David Austin Rose Nursery Ltd. and David Austin Roses Ltd.
  • Companies that provide us with a service to get information or material to you, such as a mailing house.
  • Technical service providers such as website hosts, customer communication platforms or email marketing platforms, that enable you to talk and receive marketing material from us.
  • Analytical companies using aggregated and anonymous data to provide insight on website activity and usage. When this occurs data will be anonymised and users will not be able to be identified individually.
  • Website design and developer who maintain the functionality of the website.

We may, in cases of fraud or illegal activity, be required to share information with government bodies or law-enforcement agencies.

7. UNDER WHAT CIRCUMSTANCES WILL DAVID AUSTIN ROSES CONTACT ME?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure. David Austin Roses may have the right to contact you because:

  • You provided consent – If you have provided us with consent to contact you we may send you e-newsletters and email marketing with product information, recommendations, inspiration and advice. Consent will be requested clearly at all data collection points. To unsubscribe please follow our unsubscribe instructions outlined below in point 8.
  • We need to fulfil your request – In order for us to fulfil your request for a brochure or answer your query we may need to contact you.
  • Terms and privacy updates – If at any point there is a material change to our terms of service and privacy statement we may need to contact you. This is to ensure you are aware how your data and your rights are affected.
  • Product updates – We may send you updates via post, about our product and brand, but we ensure this not be done at a frequency that becomes a nuisance or conflicts with your right to privacy. You may unsubscribe at any time, and all our posted material will detail how. The same instructions for unsubscribing can be found here.

For an explanation and list of data types processed under legitimate interest, please see point 15 below.

8. HOW DO I WITHDRAW CONSENT FOR RECEIVING MARKETING MATERIAL?

Some of our communications are required as part of fulfilling our obligations to you. For an explanation and list of data types processed under legitimate interest, please see point 15 below.
You can unsubscribe from our marketing communications at any time and we will act on this as soon as possible.

  • Email: To unsubscribe from our email marketing communications you can do so at the bottom of every email marketing communication we send. You may also call 0800 111 4699, or email [email protected] using the address you wish to be unsubscribed from.
  • Direct Mail: To unsubscribe from receiving marketing material by post you can call 0800 111 4699 or you may use our unsubscribe contact form, stating the address you wish to unsubscribe, the name associated with that address and your customer reference number (Printed on the marketing material).

If you feel you have received marketing material in error, please read our privacy section on how our data is collected (see point 2) and what constitutes a communication under legitimate interest (see point 15). If you still feel your information has been used in error, please file a formal complaint with David Austin Roses as outlined in point 10.

9. HOW DO YOU USE COOKIES?

Our cookie policy explains what cookies are, how David Austin Roses uses them and how you can manage how these cookies are used. To view our cookie policy, click here.

10. HOW DO I COMPLAIN ABOUT HOW MY DATA IS BEING USED?

We take complaints very seriously and will do our best to respond to data protection complaints in a timely manner. If you have a query regarding how we are using your data, the data we are holding or wish to complain about misuse, please contact:
Email: [email protected]
Phone: 0800 111 4699
Address: Data Protection Representative, David Austin Roses, Bowling Green Lane, Albrighton, Wolverhampton, West Midlands, WV7 3HB.
If you feel we have not dealt with your complaint satisfactorily you can contact the Information Commissioner’s Office via the details on the Information Commissioner’s website.

11. IS THERE A MINIMUM AGE LIMIT FOR SUBMITTING DATA TO DAVID AUSTIN ROSES?

We are unable to accept data from anyone under the age of 16 years old and are unable to record and maintain consent from a parent or legal guardian of anyone under 16 years old.
If at any point you learn that any child under 16 years old has submitted personal information to David Austin Roses, please let us know immediately so that we can rectify the situation.

12. DO YOU TRANSFER INFORMATION OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)?

David Austin Roses may transfer your personal data to countries other than the one you or David Austin Roses reside. This may, depending on the services set out in this policy, be outside of the European Economic Area (the EU member states Plus Norway, Liechtenstein and Iceland).
When this is the case David Austin Roses will take steps to make sure that your personal data is transferred, stored, handled and deleted with appropriate protections and procedures in place. Depending on the provider this protection may be set out in the form of:

  • A contract between the service provider and David Austin Roses detailing that the service provider is compliant with EU regulations.
  • Enrolment in the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. This is a framework designed by the U.S. Department of Commerce, the European Commission and Swiss Administration to provide companies with a mechanism to comply with data protection requirements.

If you would like more information on the protections in place please contact [email protected].

13. HOW SECURE IS MY DATA?

David Austin Roses uses the latest industry recommendations and industry-standard tools to secure your data at www.davidaustin.com, such as Web Application Firewalls and Transport Layer Security (TLS). Furthermore, we use strict administrative and physical safeguards to protect your data from unauthorised access.
David Austin Roses regularly reviews the security and privacy practices we follow and implement, enhancing them where necessary in order to maintain the highest level of security for your personal data. If you feel you have spotted a security threat on www.davidaustin.com please contact us at [email protected].
Unfortunately, there is no method of personal data transfer that is 100% secure all of the time. We strive to provide you with security beyond what is legally required but cannot guarantee absolute security. We also rely on you to make sure you are sending data securely. For example, you can help do this by making sure:

  • Your device is up to date to the latest version.
  • Your browser is up to date to the latest version.
  • You regularly run virus and malware scans on your device.
  • You carefully choose strong usernames and passwords.
  • You log out of public computers and devices after use.
  • You do not allow unauthorized access to your personal devices.

If you feel your data has not been handled securely and would like to complain to David Austin Roses, please contact us on [email protected] or call 0800 111 4699.

14. WHO IS RESPONSIBLE FOR THE PRIVACY POLICY ON THE WEBSITES YOU LINK TO?

David Austin Roses may at times link to external websites from https://www.davidaustin.com/. Please note that any website visited by clicking an external link from https://www.davidaustin.com/ will have its own Security and Privacy policy and we do not accept responsibility or liability for these policies. Before submitting any information please check each website’s individual policies.

15. WHAT IS LEGITIMATE INTEREST AND WHEN DOES IT APPLY?

Legitimate interest is where we have a business, commercial or legal reason to process your personal information in order for David Austin Roses to function most effectively. When processing this data, we have to weigh our legitimate interest with your right to privacy – ensuring we use your personal information in a lawful, fair and transparent way.
Listed here are areas where we use legitimate interest to store and process your personal information:

  • Providing our services – To fulfil your request, or any other service, we must store and process your personal information to meet our obligation to you. We are unable to deliver goods (newsletter, brochure, marketing material) without processing your personal information.
  • Manage our relationship – To make sure we can administer our relationship now and in the future we must store and process your personal information. This ensures quick and accurate responses from David Austin Roses to any requests, complaints or queries.
  • Customer Service – When you contact us with a query we will need to store and process your personal information in order to respond to you via an appropriate method (such as post, email or telephone).
  • Securing your data – We may need to process certain elements of your personal information to combat fraud, prevent security issues and to curb misuse of our services.
  • Improving our services – To make sure we improve our services to you we may use your personal information in an analytical capacity or send you surveys to monitor how closely we are meeting your expectations.
  • Managing your consent – In order to maintain and manage your consent to communication outside of legitimate interest we need to process your personal information to make sure it is used correctly and to your wishes.
  • Legal requirements – We may be required to process your personal information in response to a request from a public authority or law enforcement, in the course of an audit or financial regulation, or to protect our legal rights.
  • Service providers – To fulfil our services to you we will share your personal information with Third Party Suppliers, such as address validation systems and couriers.
  • Direct Marketing – We will send postal marketing to keep you up to date with our varieties, inspiration and rose care advice. You may unsubscribe from postal marketing here.

For further details on legitimate interest and the points above please contact us on [email protected].

16. HOW UP TO DATE IS THIS POLICY?

We may from time to time change our privacy policy. Any future changes to this policy will be made here. This document was last updated on 3/08/2018.
If we believe that the changes are material, we will make these changes clear on www.davidaustin.com, and where appropriate, via another means of contact such as email.