In this policy St Helen’s Farm Ltd can be referred to as St Helen’s Farm Ltd, the Company, “our”, “us” or “we”.
This Privacy Policy sets out what personal data we, St Helen’s Farm Ltd, hold about you and how we collect and use it when you use our website or any of our products/services. We are required by data protection law to give you the information in this Privacy Policy. It is important that you read it carefully.
This Privacy Policy applies from 1st December 2021 and we may update this Privacy Policy at any time.
What Is Personal Data?
Personal data means any information relating to any living individual (also known as a ‘data subject’) who can be identified (directly or indirectly) by reference to an identifier (e.g. name, IP address, employee number, email address, physical features etc.). Personal data can be both factual (e.g. contact details or date of birth), or an opinion about a person’s actions or behaviour, or information that may otherwise impact on that individual. It can be personal, or business related.
What Does ‘Processing’ Personal Data Mean?
‘Processing’ personal data means any activity that involves the use of personal data (e.g. obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing, erasing or destroying). It also includes sending or transferring personal data to third parties.
Who Is the Controller?
St Helen’s Farm Ltd, The Farm Offices, Seaton Ross, York, YO42 4NP is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
What Type of Personal Data Do We Hold About You?
We hold and use various types of personal data about you, including, for example: name, contact information (including email address), demographic information (such as post code), age and/or date of birth, your picture, your gender (whether specified or identifiable by name), and any other data you have provided us with.
Why Do We Hold Your Personal Data and On What Legal Grounds?
We hold and use your ordinary personal data for a number of reasons and Data Protection law specifies the legal grounds on which we can hold and use personal data. Most commonly, we rely on one or more of the following legal grounds when we process your personal data:
- Where we need it to perform the contract we have entered into with you (performance of the contract) whether this is a contract for services or another type of contract. This may include, for example, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, dealing with any product queries or complaints.
- Where we need it to comply with a legal obligation (legal obligation). Typically, this may include legal obligations such as the obligation to meet health and safety requirements but also to comply with UK laws, regulations, court orders or any other legal obligation the Company has.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example:
- Communication. To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and also to address your requests, inquiries, and complaints. We may send strictly necessary communications, including emails, even if you have opted out of receiving other St Helen’s Farm Ltd emails or communications. These types of communications do not require consent. We also process your Personal Data for our legitimate interests when you communicate with us, including when you sign up for promotional materials and we have not asked you for your consent in that regard.
- Respond to Your Requests. To respond to your feedback, whether it be a suggestion, complaint or any other communication you initiate. This could include using your address to write to you as a follow up to contact with us.
- Compliance with Law and Public Safety. To assist in the investigation of suspected illegal or wrongful activity, including tracking and sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend our rights and property, or the rights or safety of third parties.
- Improvement and Development. To develop, provide, enhance, and improve our products and services and your experience. When we collect, use, or otherwise leverage cookies, device IDs, Location Data, data from the environment, and other tracking technologies. When you connect with us through social media. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
- Enforcement. To enforce the terms covered in this Policy, our Terms & Conditions, or the Terms & Conditions of any specific competition or promotion.
In some cases, we will also ask for your consent to process your personal data. If this is the case, it will strictly be done on an “opt-in” basis and will involve ticking a box, or some other affirmative action.
How Do We Collect Your Personal Data?
You provide us with most of the personal data about you that we hold and use. Other personal data about you we hold and use could also be generated by you, for example, during email correspondence. In some cases, a 3rd party may provide us with your Personal Data on your behalf (e.g. if someone mentions several members of their family in one email, or “tags” you in one of our posts on social media).
If You Give Us Someone Else’s Personal Data
Sometimes, you might provide us with another person’s personal data. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data. When applicable, any actions you take should also be in line with any Data Protection Policies or rules your organisation has.
Who Do We Share Your Personal Data With?
We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. This could include complying with our contractual duties, or where it is necessary in our legitimate interest (e.g. to our IT service provider to resolve IT issues). We may also share your data with any other 3rd party when we are legally or contractually obliged to do so.
Consequences of Not Providing Personal Data
We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us. You have the right to choose not to provide us with personal data, however, if you do so, this will limit the services we can provide you.
How Long Will We Keep Your Personal Data?
We will not keep your personal data for longer than we need it for our legitimate purposes. We take into account the following criteria when determining the appropriate retention period for your personal data:
- the amount, nature, and sensitivity of the personal data
- the risk of harm from unauthorised use or disclosure
- the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
- how long the personal data is likely to remain accurate and up-to-date
- any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept
In situations where we no longer need to process your personal data for any purposes described in this policy, we will delete it from our systems. We can also delete your data upon request where permissible to do so (see Your Rights section for information)
Security
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
External Links
Please note, this Privacy Policy does not apply to the practices of any companies not owned by St Helen’s Farm Ltd. If you follow a link from our website to another, we would strongly advise you to review and familiarise yourself with their Privacy Policy.
Cookies
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
You can find more information about cookies at www.allaboutcookies.org.
Google Analytics
This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for St Helen’s Farm.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
Cookies Set by Google Analytics: __utma, __utmb, __utmc, __utmz
For more information about Google Analytics, view their terms of service here
Using Web Browser Settings to Manage Cookies
The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.
However, because cookies allow you to take advantage of some of the Website’s essential features, we recommend you leave them turned on. For example, if you block or otherwise reject cookies you will not be able to add items to your Shopping Basket, proceed to Checkout, or use any of our products and services that require you to Sign in. If you leave cookies turned on, remember to sign off when you finish using a shared computer
Your Rights
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing .
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
Note that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk