We have security measures in place to protect the loss, misuse and alteration of the information under our control. Our on-line transaction systems use the latest encryption technology to enable secure internet transactions to take place.
All personal information transmitted on our website is encrypted to prevent unauthorised access. We protect our web server with a 2048 bit security certificate, and have our servers frequently scanned by independent security specialist Security Metrics to ensure that our website does not have any security vunerabilitys.
We have additional security procedures in place to protect the confidentiality, integrity and availability of your user Information:
- 2048 Bit SSL Encryption used on all pages where personal information is transferred. Most sites use 128 Bit SSL, but we have adopted the strongest SSL available - which is also backed by Comodo's identity assurance warranty to give you extra peace of mind. (Look out for the padlock & green address bar on SSL pages)
- PCI-DSS approved merchant - this means our website and network are frequently tested by Security Metrics - who are approved by Barclaycard Merchant Services - our credit card payment processor. They perform very extensive tests on our website to ensure that your personal information is safe and secure!
- We comply with all relevant UK Data Protection legislation & are registered with the information commisioner - www.ico.gov.uk.
We hope that this gives you the reassurance and confidence to buy online on our extremely secure website, but if you still have doubts please do contact us (0344 557 6700) where we will be happy to take you order over the telephone.
This is the SE Marshalls privacy notice and was last updated on 23 May 2018.
This privacy notice provides information on how SE Marshalls collects and processes your personal data. It is important that you read this notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
- Who we are
- The data we collect about you
- How your personal data is collected
- How we use your personal data
- When we disclose your personal data
- When we transfer your data overseas
- How we secure your data
- Data retention
- Your legal rights
- Who we are
Unwins, Unwins Seeds, Marshalls, Marshalls Seeds and Birds & Bees along all associated logo devices are trademarks in Europe and the UK operated under licence by S E Marshall & Co.
S E Marshall & Company Limited is the data controller for the personal data that you provide to these brands and is responsible under EU General Data Protection Regulations 2018 for how that data is processed.
S E Marshall and Company Limited is registered at 61 Malone Road, Belfast, Northern Ireland BT9 6SA, Company No: NI48629, with customer service facilities located at Unwins, Alconbury Hill, Huntingdon PE28 4HY.
This privacy notice is issued by S E Marshall and Company Limited. So, when we mention "SE Marshalls", "we", "us" or "our" in this privacy notice, we are referring to S E Marshall and Company Limited.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at firstname.lastname@example.org.
You can make a complaint at any time to the Information Commissioner's Office (ICO) who are the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so we would be grateful if you contacted us in the first instance.
- The data we collect about you
Personal data, or personal information, means any information relating to an identifiable person who can be identified directly or indirectly by some part of that data. For example, a history of orders stored with the name and address of the buyer. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data
This includes data relating specifically to your identity, such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data
This includes data relating to how you may be contacted, such as your billing address, delivery address, email address and telephone numbers.
- Financial Data
This includes data relating to your means and methods of payment, such as your bank account and payment card details.
- Transaction Data
This includes data relating to the transactions you have carried out with us, such as details about payments to and from you and other details of products and services you have purchased from us or enquired about.
- Technical Data
This includes more technical data that we may obtain when you make use of our website, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Usage Data
This includes information about how you use our website, whether you place orders online or offline and the marketing communications and adverts you respond to.
- Marketing and Communications Data
This includes your preferences in relation to whether or not you want to receive marketing from us and our third parties, also your communication preferences and responses to any surveys or competitions we run,
- How your personal data is collected?
We use different methods to collect data from and about you, including:
- Direct interactions
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- place an order;
- create an account on our website;
- subscribe to our newsletter or other publications;
- request a catalogue to be sent to you;
- enter a competition, promotion or survey;
- Automated technologies or interactions
As you interact with our website or respond to our emails, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns.
- Third parties
We may receive personal data about you from various third parties as set out below:
- analytics providers such as Google based outside the EU;
- advertising networks such as DoubleClick based outside the EU; and
- search information providers such as Google based outside the EU; and
- Resellers such as Amazon based outside the EU.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as PayPal based outside the EU
- How we use your personal data
- Fulfilling your order
We will collect and process data from you in order to fulfil your order and to handle any returns or replacements. Some of this data will be shared with third parties who despatch and deliver items to you such as Yodel based inside the EU.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for legal and tax purposes.
- Sending catalogues and marketing material by post
We sell our products directly and so sending catalogues and other marketing material by post is very important to our business. We find this is generally welcomed by our customers and that those who would rather not receive such communications, simply tell us so when they give us their data or subsequently in response to a particular communication.
We send marketing communication based on past Transaction and Usage data, to buyers and catalogue requesters for up to six years and three years respectively since their last engagement with us, or less if they request that we stop sending such communications.
On occasions we may send marketing communications to other people on occasions who have not bought or enquired from us, but this is on the basis of explicit consent give to us or a third party from whom we have received the data.
We may ask you if we can share your information with other companies, so they can send you marketing communications on specific types of products. We will only share your data in these circumstances with your explicit consent.
- Communicating by email
We send out regular newsletter emails to people who have subscribed or consented to receiving them. We also send email marketing communications to people who have provided their email when ordering and have not opted out of such communications.
We will use People, Transactional and Usage data to tailor the content of these emails. We also track when people click on a link in the email to go through to our website. This helps us to understand what people are interested in and make the content of future emails and web content more relevant.
We provide a facility in each email for you to request that you receive no further marketing emails.
- Using data analytics to improve our website experience
We track how individuals use our website in order to improve its layout and to make content more relevant to the individual.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you are unclear about the specific legal ground we are relying on to process your personal data.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
- Disclosures of your personal data
We may need to share your personal data with the parties set out below for the purposes described Section 4 above.
- Data processors.
We use a number of third parties to help us with our operations and this can involve processing personal data on our behalf. These companies are data processors and process data in accordance with our instructions in order to provide us with contracted services. These included:
- Product despatch
- Product delivery
- Website analytics
- Printing personalised material for marketing
- Mailing services for marketing
- Marketing email broadcast
- Marketing analytics
- Review platforms
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data retention
We will only keep your personal data for as long as necessary to carry out the purposes we collected it for e.g. satisfying any legal, accounting, or reporting requirements.
To decide how long we should keep personal data, we consider:
- the amount, nature, and sensitivity of the data,
- the potential risk of harm from unauthorised use or disclosure,
- the purposes for which we are processing your personal data
- whether we can achieve those purposes through other means
- applicable legal requirements.
Details of retention periods for different aspects of your personal data are covered in section 4
In some circumstances you can ask us to delete your data - see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case the data is no longer covered by EU General Data Protection Regulation 2018 or this privacy statement.
- Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
No fee usually required
You will not have to pay to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to a person with no right to receive it.
Time limit to respond
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- LAWFUL BASIS
- Legitimate Interest means the commercial interest of our business. We will consider any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Performance of Contract means processing your data where it is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
- Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- YOUR LEGAL RIGHTS
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest and you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.