Privacy Notice

Privacy Notice
This Notice establishes how Teeny Greeny Ltd collects, processes, stores and safeguards Personal Data.
‘Company’ means Teeny Greeny Ltd, 5 Nibbs Terrace, Holt, Wiltshire, BA14 6RX
‘Customer’ means a visitor to the Website or purchaser of Products from the Website;
‘Data Protection Regulations’ means all laws and regulations which govern the use of Personal  Date including but not limited to the EU’s General Data Protection Regulations (GDPR) and Cookie Directive; the Data Protection Act 2018 (the UK’s derivative regulations from GDPR) and The Privacy and Electronic Communications (EC Directive) Regulations 2003;
‘Personal Data’ means any information or data in any format or medium, from which a person can be personally identified;
‘Products’ means the goods that are promoted and available for purchase on the Website;
‘Website’ means www.teenygreeny.co.uk.
  1. General
  • The Company provides this information:
  1. To ensure that Customers are fully aware of the Company’s commitment to the privacy and security of their Personal Data when using the Website or purchasing Products.
  2. To comply with the Company’s obligations and Customer’s rights created by Data Protection Regulations (GDPR).
  3. As part of the Company’s on-going efforts to ensure the best possible customer service.
  • The Company take pride in keeping up to date with advances in technology and legal developments and regular changes can result in needing to make amendments to procedures and this Privacy Notice so Customers should refer to this Notice on a regular basis in order to ensure that they are aware of the policies that are current at the time of their visit.
  1. Personal Data
2.1   The Company shall only collect, process and store Personal Data in accordance with this Privacy Notice, which should be read in conjunction with the Website Terms of Useand Cookie Policy.
 
2.2   When visiting the Website the Company may collect the following Personal Data
Data Reason Lawful purpose
IP address Analyse and maintain the security of the Website and help trace fraud inappropriate or malicious use Legitimate interest. Legal obligation. To exercise or defend legal rights.
country Detect inappropriate use of Our Services which are only available to UK residents Legitimate interest
Browser; operating system;   generate anonymous reports and statistics; maintain a Website that is user friendly and compatible with popular equipment and software; Legitimate interest
web pages visited generate anonymous reports and statistics; monitor usage and performance of the Website; Legitimate interest
 
2.3   If a Customer makes an enquiry about any Products or request information about the Company or using the Website, the Customer will provide the Company with the following Personal Data
Data Reason Lawful purpose
Name Identification  
Name; Email address; Telephone number; a)     So the Company can respond to the enquiry or provide the requested information;   a)     Legitimate interest; b)     Consent
 
2.4   If a Customer requests or permits commercial communications the Company shall collect and process the following Personal Data
 
Data Reason Lawful purpose
Email address To send commercial communications (including the availability of new Products, special offers, newsletters or notifications) Legitimate interest; Consent;
 
2.5   If a Customer purchases Products the Company shall collect and process the following Personal Data
 
Data Reason Lawful purpose
name Identification; Processing and delivery of the order; For internal records that the Company are legally obliged to keep; Legal obligation; consideration whether to enter into a contract; Performance of a contract; Fraud prevention
Address delivery of the order; For internal records that the Company are legally obliged to keep; Legal obligation; consideration whether to enter into a contract; Performance of a contract; Fraud prevention
Email address Identification; Communications relating to the order;   Legal obligation; Performance of a contract; Fraud prevention
Telephone number Contact information Legitimate interest; Fraud prevention;
     
Username and password Provide secure access to the account Performance of contract; Fraud prevention;
 
  • If a Customer creates an account with the Company the following Personal Data will be collected and processed
Data Reason Lawful purpose
name Identification; Management and administration of the account; Processing and delivery of the order; For internal records that the Company are legally obliged to keep; Legal obligation; Legitimate interest consideration whether to enter into a contract; Performance of a contract; Fraud prevention
Address delivery of the order; Management and administration of the account; For internal records that the Company are legally obliged to keep; Legal obligation; Legitimate interest consideration whether to enter into a contract; Performance of a contract; Fraud prevention
Email address Identification; Management and administration of the account; Communications relating to the order;   Legal obligation; Legitimate Interest Performance of a contract; Fraud prevention
User name and password Identification; prevent unauthorised access; Legal obligation; Security; Fraud prevention
 
  • In order that the Company may provide optimum Service and comply with obligations under Data Protection Regulations, the Customer must keep the Company informed of any changes to any Personal Data.
  1. Data retention
  • Except where an enquiry progresses into a contract to provide Products or request or consent to commercial communications the Company shall not retain Personal Data for more than six months.
  • Personal Data (excluding any anonymised data which cannot reveal or used to personally identify a Customer) collected during a visit to the Website shall not be retained for more than six months unless the Personal Data is or may be required for the purposes of supporting a legal claim or fraud.
  • Personal Data collected for the purposes of creating an account or processing an order for Products may be kept for a period of six years, this being the period that the Company is required to retain records of financial transactions and the statutory period which legal claims may be brought.
  • Personal Data provided for the purpose of delivering commercial communications shall be retained until the Customer informs the Company that they no longer wish to receive such communications or it becomes clear to the Company, by way of communications being returned undelivered that the data is no longer accurate or current.
  1. Sharing Personal Data
  • The Company shall not share, sell, disclose, distribute or otherwise xxx any Personal Data
  • To process Personal Data the Company may use third party processors (including software). The Company shall provide any processors with specific written instructions for the processing of the Personal Data and ensure that any processors are subject to contractual obligations in relation to the security of the Personal Data.
  • The Company may share Personal Data with its employees, officers, agents, consultants, suppliers or subcontractors only insofar as it is reasonably necessary
  1. For the purposes of conducting any business.
  2. In performance of a contractual obligation.
  3. To the extent that the Company are required to do so by law.
  4. In connection with any legal proceedings or prospective legal proceedings;
  5. for the prevention of fraud or other criminal activity.
  6. In order to establish, exercise or defend legal rights;
  7. With the purchaser or prospective purchaser of the Company
  1. Security and data protection
5.1   The Company will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of Personal Data, including encryption on a secure, password and firewall protected servers.
  1. In the event of a breach of the security measures taken to protect Personal Data the Company will inform any affected Customers as soon as is reasonably practical
  1. If any of the Company’s processors are based outside of the UK the Company shall ensure that the country where they are based provides adequate security measures for the storage of Personal Data, for example if the processor is based in the U.S.A. they will need to subscribe to the U.S. Privacy Shield which provides similar provisions to the UK standards and requirements; in addition the processor will need to provide, or be subjected to suitable and appropriate contractual obligations and guarantees.
  1. If a Customer provides false or inaccurate information and the Company suspect fraud or identity theft the Company will record this and may also pass this information to fraud prevention agencies and other organisations involved in crime andfraud prevention.
 
  1. Customer rights
  • Withdraw consent
    1. Where processing of Personal Data is based on consent the Customer may withdraw that consent at any time by informing the Data Controller or by using a link provided for that purpose in each commercial communication that the Company send.
    2. Upon receipt of a notice withdrawing consent to process Personal Data the Company shall stop processing the Personal Data except:
  • Where there are compelling legitimate grounds for the processing, which override the customer’s interests, rights and freedoms; or
  • the processing is required by law or for the establishment, exercise or defence of legal claims.
  1. Where a Customer withdraws consent the Company shall inform all third parties (if any) that consent to processing has been withdrawn.
  • Restrict processing
  1. The Company shall restrict the processing of Personal Data if the following circumstances arise
  • Where a Customer contest the accuracy of the Personal Data, the Company shall restrict the processing until the accuracy of the Personal Data has been verified.
  • Where a Customer has objected to the processing where it was necessary for the performance of a public interest task or purpose of legitimate interests, and the Company are considering whether the legitimate grounds override the objections.
  • When processing is unlawful and the Customer opposes erasure and requests restriction instead.
  • If the Company no longer need the Personal Data but the Customer require the data to establish, exercise or defend a legal claim.
  1. Where processing of Personal Data is restricted, the data shall be stored but no further processing shall occur and the Company shall inform any third party to whom the Personal Data has been disclosed or shared that processing of the Personal Data is restricted and inform the Customer when any restricted period comes to an end.
  • Access to Personal Data
  1. A Customer may require the Company to provide
  • Confirmation whether or not their Personal Data is being processed; and
  • Access to any Personal Data that the Company hold.
  1. The Company shall provide the requested data within one month of receipt of the request.
  2. This data will be provided free of charge except where a request is manifestly unfounded or excessive (for example it is a repetitive request, or where the Company need to process large amounts of data) in which case the Company may make a charge for reasonable administrative costs in dealing with the request or refuse to respond and provide a justifiable reason for refusing to respond.
  3. As the Company takes the issue of protecting Personal Data seriously, the Company shall follow strict storage and disclosure procedures which mean a Customer may occasionally be required to provide proof of identity prior to disclosing such information.
  • The right of portability
  1. Any Personal Data provided for the performance of a contract which is stored electronically shall be held in a portable format (readable in a format that will be commonly used on other computer systems) and the Company shall provide this information to a Customer or directly to another organisation (where technically feasible) upon the Customer’s request.
  • The right to rectify errors
  1. Where any Personal Data is inaccurate or incorrect the Customer has the right to instruct the Company to correct the error.
  2. The Company may ask the Customer for evidence to clarify or confirm that the Personal Data is wrong.
  • Right to erase Personal Data
  1. Customers have the right in certain circumstances to instruct the Company to erase their Personal Data where
  • The Personal Data is no longer necessary in relation to the purpose for which it was originally collected or processed.
  • The Personal Data was processed with consent and consent has been withdrawn.
  • The Customer objects to the processing and there is no overriding legitimate interest for continuing the processing.
  • The Personal Data was unlawfully processed or obtained.
  • The Personal Data has to be erased in order to comply with a legal obligation.
  • The Personal Data is processed in relation to the offer of information services to a child. 
  1. Where the Customer has the right and issue an instruction to erase Personal Data the Company shall use all reasonable efforts to
  • Inform all third parties with whom the Company have disclosed or shared the Personal Data of the requirement to erase the Personal Data which they hold;
  • In the event that the Personal Data has been published online the Company shall endeavour to ensure that any links or references are also removed.
  1. The Company may refuse to erase the Personal Data only
  • where the processing is necessary for the performance of a contract;
  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation;
  • the processing is for the performance of a public interest task or exercise of official authority;
  • for public health purposes in the public interest;
  • archiving purposes in the public interest, scientific research historical research or statistical purposes; or
  • the exercise or defence of legal claims.
  1. A Customer can exercise any of their rights by contacting the Data Controller at
  2.  
Teeny Greeny Ltd
Magic Microgreen farm,
5 Nibbs Terrace,
Holt,
Wiltshire,
BA14 6RX