Cross Lanes Organic Farm is committed to respecting and protecting your privacy.
This notice explains what personal information we collect from you – whether that is in person, over the phone, by email or via our website – and why. It also outlines how we use this information, when it may be shared with other organisations and how it is securely stored.
By using our website or submitting your personal data to us, you accept the conditions within this policy. From time to time we may make changes to this notice, which will always be updated on our website.
If you have any questions about our use of personal information, please email firstname.lastname@example.org.
WHAT INFORMATION IS BEING COLLECTED?
Information gathered may include:
- – your name, address, email address and telephone numbers;
- – username and password, purchases or orders made by you; preferences, feedback and survey responses;
- – IP address, the pages you have accessed on our website and when.
If you make a purchase from our website or at one of our retail outlets, your card information is not held in our system, it is securely processed by a specialist third party payment processor.
HOW IS IT COLLECTED?
- – when you use our website,
- – when you purchase our products or services,
- – when you sign up to our newsletter or mailing list,
- – when you enter a competition, promotion, or survey, or
- – when you create a user account
WHY IS IT BEING COLLECTED?
We collect your personal information in order to deliver a product or service that you have requested, and to ensure that our website delivers a positive and useful experience for visitors.
HOW WILL IT BE USED?
Your information may be used to carry out the following activities:
- – to provide the products or services you have purchased
- – send you communications which you have requested and that may be of interest
- – carry out customer insight work and track the effectiveness of our marketing campaigns
- – evaluate our offerings for research purposes, which may involve sharing anonymised data with third parties including funders
- – to carry out our obligations arising from any contracts entered into by you and us
- – dealing with entries into a competition
- – dealing with enquiries you have made
- – seek your views or comments on the services we provide
- – notify you of changes to our services
- – send you communications regarding fundraising activities
Where we refer to customer and marketing insight activities, this may mean market research or reviewing our marketing campaigns to see how effective they have been in encouraging people to book tickets, visit our website or sign up to our newsletter. We may do this by tracking how many people have opened our emails, clicked on a link or bought a ticket via the email. It may also refer to market research and profiling carried out by a third party. Where this is the case, personal information will not be supplied to the third party supplier without consent.
HOW LONG WILL YOUR DATA BE RETAINED?
The list below shows the type of data held, what it may include and how long it will be held:
- – Customer data: Name, address, email address, telephone number – Held for five years (unless you ask us to delete it earlier) .
- – Enquiries: Name, email address – Held for one year (if the enquiry is not progressed).
WHO WILL IT BE SHARED WITH?
We will not sell or share your personal information with third parties for marketing or fundraising purposes.
Your information may be shared with a third-party service provider, acting as data processors, for the purpose of carrying out a task or providing a service to you on our behalf. These third parties are as follows:
- – Stripe, in relation to customer data and card transaction payments;
- – Mailchimp, for automated mailing and for our regular marketing communications;
- – Facebook and Google, in relation to the monitoring and analysis of website traffic and advertising campaigns;
- – WooCommerce, our ecommerce platform
- – Courier Company used to deliver your grocery box
- – HM Revenue & Customers, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances; and
- – Professional advisors acting as processors or joint data controllers including bankers, lawyers, auditors and insurers based in the UK who provide banking, consultancy, legal, insurance and accounting advice.
WHAT IS THE LAWFUL BASIS FOR PROCESSING?
Under GDPR, there are several lawful bases for an organisation to process personal data. These are:
- – Consent: the individual has given clear consent to process their personal data for a specific purpose.
- – Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- – Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- – Vital interests: the processing is necessary to protect someone’s life.
- – Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- – Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
The list below outlines the lawful basis for each data processing activity we undertake.
- – Send you communications which you have requested and that may be of interest – Consent
- – Carry out customer insight work and track the effectiveness of our marketing campaigns – Legitimate interest
- – To carry out our obligations arising from any contracts entered into by you and us – Contract
- – Dealing with entries into a competition – Contract
- – Seek your views or comments on the services we provide – Legitimate interest
- – Notify you of changes to our services – Legitimate interest
- – Send you communications regarding fundraising activities – Consent
COOKIES AND WEBSITE MONITORING
We analyse our website traffic to track how many people visit our site, which other website they have come from, which of our web pages they visit and how long for. We also use reporting cookies to understand our audiences and improve their experiences when using our website.
We use third party tools Google Analytics, WooCommerce Analytics, MailChimp, Facebook Pixel and Hotjar to carry out these tasks. We use Google Advertising and demographic tools to gather information on our website visitors such as gender and age bracket. This information is used to help us improve our website content and advertising campaigns, but it does not allow us to identify individuals. You can find out more about how Google uses data and how to opt-out here.
Cookies may also be used to help us deliver targeted online advertising and to help monitor the effectiveness of our advertising campaigns. This includes Facebook Pixel, which allows us to track visitor journeys across Facebook and onto our website and Hotjar, which helps us better understand our visitors’ needs by monitoring their experience when using our site.
Website users who do not want cookies to monitor their devices can opt-out by installing a browser add-on that tells the website not to send information to these third parties, such as the Google Analytics Opt-out Browser Add-on
SECURITY AND DATA PROCESSING
We will take all reasonable steps to ensure that your data is stored and processed securely and in-line with both our data policy and processes and the current laws on data protection.
When making a credit or debit card transaction, your details are encrypted and protected via an SSL certificate. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Where you have created a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.