PRIVACY & DATA POLICY

This is the privacy policy of the website of Garden Scene and its subsidiary companies.

COLLECTING INFORMATION

This website requests and collects personally identifiable information, such as name, address, email
address and phone numbers. This is done through various means, including site registration, games,
questions, surveys, comments and communications to the site, and postings to chat/bulletin areas (if
any).

COOKIES

“Cookies” are pieces of information which are placed on an individual’s computer hard drive to enable
the individual to easily communicate and interact with the site. We may use cookies to customize
your browsing experience on this site. We may use cookies to record how often a user has visited
our site, and what pages the user has viewed/accessed. You may, however, choose to disallow
receiving cookies at any time through your internet browser on your computer. If is not our intention
to utilise cookies to retrieve information that are unrelated to our site, or your interaction with the
site.

IP ADDRESS

Your Internet Protocol (IP) address may be collected to help us diagnose problem with our server and
to administer our site. An IP address is a number assigned to your computer when you use the
internet. Such information does not contain personally identifiable information about you. Your IP
address may also be used to help identify you during your browsing session, and to gather
demographic data.

GENERAL DATA PROTECTION REGULATION (GDPR)

The Board of Garden Scene has considered and adopted the following procedure. The responsibility
of updating the Board on developments within GDPR rests solely with the risk committee and/or Data
Protection Officer. (NB – this procedure replaces any previous versions).
Officers and staff of Garden Scene will treat all information received from clients and third parties in
accordance with the GDPR regulations.

DATA PROCESSING DEFINITION

Processing means any operation (or set of operations) performed with personal data (or sets
thereof), whether or not by automated means (such as collection, organization, structuring,
recording, storage, alteration or adaptation, retrieval, use, disclosure by transmission, consultation,
dissemination or otherwise by making available, alignment or combination, restriction, erasure or
destruction). “Data Controller” is the trading name for which the data is being collected (for example,
by all Garden Scene companies).

THE PURPOSE FOR COLLECTING DATA

The prime purpose for collection of data by Garden Scene is its use exclusively in the application,
provision and management of financial product and service lines. The company consider that the
processing is necessary for the performance of a contract with you (the data subject), or to take
steps to enter into such contract with you. Data is collected to ensure our understanding of your
needs, and enable us to provide a quality service to you, particularly but not limited to the following
reasons:
To establish internal records for the provision of our business services and operations
To maintain records so that both Legal and Regulatory responsibilities can be met without delay
To ensure that data is only disclosed to the appropriate parties
To ensure that appropriate information is processed and retained in accordance with practices, as
defined by the Information Commissioner
To safeguard the rights of individuals with regards personal information which may be held, stored or
processed about them
Periodically, we may send promotional emails regarding new services, special offers or other
information which we believe you may find relevant, by using the email address provided by you.

CONSENT

Your consent must be given freely, specifically, informed, unambiguous and must be verifiable. This
means that some form of record must be kept as to how and when your consent was given. All
individuals have the right to withdraw their consent at any time. Garden Scene will ensure that
consent is provided by the following means:
Online Applications: The applicant will be directed to our “terms and conditions” information, which
includes a copy of the company’s GDPR procedure. You will then be asked to confirm your
permission to continue, based upon those conditions set out in the document, by your completion of
a tick box. On acceptance of the terms and conditions, the data will then be forwarded from your
internet browser, and processed in accordance with the type of application in question. Should you
be unwilling to share your data at this point, the application will not be forwarded from your internet
browser and you will be free to discard the application without further interaction with Garden Scene.

CONTROLLING YOUR PERSONAL INFORMATION

You may wish to restrict the use or collection of your personal information. This can be done in the
following ways:
Your information will only be collected on our website contact form when you have agreed to our
terms and conditions of business.
Garden Scene will occasionally use email and SMS marketing and credit control tools for the purpose
of client communication. Where used, we will include information regarding unsubscribing your email
address from any ongoing marketing communications.
If you should believe Garden Scene hold personal information about you, you are welcome to send us
a written “Subject Access Request” to request details of such data. We will require you to provide
comprehensive proof of your identity before releasing such data.
Should you require this personal information to be anonymized, archived, deleted, updated or altered
in any other way, you should include this in your written request to us. Garden Scene will be happy
to comply where our statutory, regulatory and commercial rights and responsibilities will not be
compromised.
Garden Scene are only able to respond to “Subject Access Requests” when received in writing, and
sent to our postal address on our contact page. We will not distribute your personal information to
any third parties unless we are explicitly required to do so under IT hosting arrangements, for
accounting or regulatory purposes, or by law.

DATA TYPES HELD

Data collected and retained comes under the following categories:
Personal data
Banking data
Design work data
Credit control notes
Conversations between clients and personnel
Public data
Each of these data categories are considered to be a requirement to fulfill the contractual obligations
of both the company and the client.

DATA RECIPIENTS

The client
Group Companies
IT Hosting Platforms
Credit Reference Agencies
Payment Gateway Providers
Regulatory Authorities (including Police, Customs, FIS)
Ombudsman
Auditors
Suppliers of services
Financial Organisations
Debt Collecting, Tracing and Private Investigators
An organisation processing data on behalf of the company

DATA RETENTION PERIODS

Your personal information will be kept in a format which allows identification of data subjects for no
longer than is necessary for the purposes for which the information is processed. It should be noted
that records linked to financial transactions are subject to retention rules. These rules are published
periodically by regulatory authorities and under accounting standards rules. Currently, the minimum
retention period under these requirements is six years.
Application records are required to be retained in order to ensure AML/CFT (Anti-Money Laundering /
Combatting the Funding of Terrorism) reporting can be maintained.
The retention period is measured from the date of the application (where there is no corresponding
business written), or where business is written, from the date of the completion of the product:
Customer Information: 6 years after the completion of the last product provided
Application not leading to the sale of a product: 6 year
HR Data: 6 years after the leave date of the employee
Payroll Data: 6 years after the leave date of the employee.
Job application Data (unsuccessful candidate): 3 months following the fulfilment of the position
Employers Liability Insurance policy data must be retained for a minimum period of 10 years,
consequently for these policy types, all data will be retained accordingly. At the completion of the
retention period, all data will be purged.

SENSITIVE PERSONAL DATA

Personal information consisting of the following information is deemed to be of a sensitive nature,
and Garden Scene will not enquire nor retain information relating to these:
(a) the racial or ethnic origin of the data subject;
(b) his/her political opinions;
(c) his/her religious beliefs or other beliefs of a similar nature;
(d) whether he/she is a member of a trade union;
e) his/her sexual life;
Please note, it is necessary in some cases to record medical history in relation to travel and medical
insurance plans. Where this is the case, records will be retained in accordance with the retention
policies detailed above.

SECURITY

Garden Scene are committed to ensuring the security of your personal data. All information
transferred between your internet browser and our website or third party applications are encrypted
using HTTPS protocol, using Digital Certificates with secure TLS Cyphers. This can be verified by the
appearance of the secure padlock symbol in the browser address bar.
In order to prevent any unauthorised access/disclosure, we have put in place further electronic,
physical and managerial procedures to secure and safeguard the information collected. These
procedures and policies are company confidential. This is to avoid exposure of data security, and so
can only be made available to relevant parties, legally bound by a non-disclosure agreement.

REGISTRATION

The Board of Directors of the company have the responsibility to ensure that registration is
maintained with the Data Protection/Information Commissioner, and that purposes for which the
information is held and/or processed is declared, and to whom it will be disclosed and the security to
be applied. It is the responsibility of all Garden Scene staff to ensure that any use of personal data
during the course of their work is treated in accordance with the Data Protection Principles.

CONSENT TO PROCESSING

By providing your personal information to this site, you are fully understanding and unambiguously
giving consent to the transfer of such personal data, and to the collection and processing of such
personal data, in the United Kingdom and other countries or territories.

LINKS

This site may contain reference or links to other web sites outside of our control. Please be aware
that we have no control over these sites, and as such our privacy policy does not apply to these sites.

ACCESS

If you would like to review and/or up-date the information that you have provided to this site, please
write to us at to martin@gardenscenejersey.net requesting the change.

CHOICE/OPTOUT

At any time, you may choose to have your name removed from Garden Scene’s e-mail marketing list
by sending an email to martin@gardenscenejersey.net with the subject line “unsubscribe” or by
following instructions provided in any e-mail message from Garden Scene.

YOUR ACCEPTANCE OF THIS POLICY

By the use of this site, you signify your acceptance and agreement of our Privacy and Data Policy. If
you do not agree to this policy, please do not use this site. Garden Scene reserves the right, at our
discretion, to change, modify, add or remove portions from this policy at any time. As such, visitors
are encouraged to review this policy periodically. Your continued use of our site following the
publication of such changes to these terms means that you accept these changes.