Privacy Policy

Updated October 2019 - By using this website you are agreeing to this Privacy Policy


Who we are:


Freeland Scientific Ltd

Rosedale Nursery, College Road, Hextable, Kent, BR8 7LT

Tel: 01322-667076
Email: enquiries@freelandscientific.com
https://www.compostmanager.com/


What rights you have over your data:


If you have an account on this site, have left comments, filled out and submitted one of our booking, enquiry or contact forms, then you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


See the Privacy Centre ​​


What personal data we collect and why we collect it


We strictly follow the principle to collect the minimum amount of personal data needed in order to deliver our services.


Whenever we collect anonymous information, or you provide personal information, we will treat that information in accordance with our Privacy Policy.


We collect a varied amount of information.


Some of the information will allow us to identify you (PII - Personable Identifiable Information), such as name, email address, postcode, phone number etc. But only if you input this information yourself.


Such purposes for collection could be: customer service, marketing, or the booking/purchasing of our products/services etc.


Some information collected, is obtained anonymously. We use web technologies, such as cookies, that automatically track and log data. For detailed information, please see our Cookies Policy here.


Such purposes for collection could be: in the technical administration of this website, to enhance your experience of this site (a better browsing experience), improve our website, marketing, targeted advertising (Google Ads + Facebook), A/B testing etc.


We also record anonymous data, so we can improve our website, some of the things record in this way are: web traffic statistics (through Google Analytics).


Please note: your personal data shall not be disclosed to state institutions and authorities, except if required to by law.


The personal information we obtain and the anonymous information we collect, who this data is shared with and how it is processed is listed below:


WordPress


This website is built on top of the WordPress platform.


By default, WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users.


To find out more, visit:


https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/


We employ strong password policies to stop unauthorised access to WordPress (and ultimately this website).


Please see Contact forms, Gravity Forms below for more information.


Thrive Themes


Freeland Scientific Ltd uses Thrive Themes for the build of the website, the marketing (pop-ups, banners etc.) and A/B testing.


This is achieved through three website WordPress Plugins. These are:


Thrive Architect - Website Design

Thrive Leads - Marketing

Thrive Optimize - A/B Testing

Thrice Ultimatum - Count Down Timers 


All these Plugins are now designed so that any cookies that are stored, are stored in a way that does not store any PII - Personable Identifiable Information.


To find out more, visit:


https://thrivethemes.com/


https://thrivethemes.com/gdpr-features/


Analytics


Google


https://policies.google.com/privacy/


https://privacy.google.com/businesses/compliance/


Google Tag Manager (GTM)


Freeland Scientific Ltd uses Google Tag Manager for the implementation of Google Analytics & other marketing products.


Google Tag Manager is a solution for managing tags. Tags are snippets of code which are added to a website to collect information and send it to Third Parties.


GTM is an easy way of adding other Third-Party products to our site, including but not limited to Google Ads Conversion Tracking and Remarketing, Microsoft Advertising Conversion Tracking and Remarketing, Hotjar, Facebook Pixel.


The conversion tracking tags that are installed via GTM, read cookies and send them back to the Third Parties. This allows us, amongst other things, to track conversions from Google Ads.


We have turned on the IP Anonymization feature in Google Tag Manager. So, all information sent to Third Parties is sent anonymously. 


Each Third-Party Tag we have added via Google Tag Manger is listed below in this Privacy Policy.


To find out more, visit:


https://www.google.com/analytics/tag-manager/use-policy/


Universal Analytics (Google):


These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited. The reports also contain location information. But this still is anonymous. See our Cookie Policy for more information.


To find out more, visit:


https://support.google.com/analytics/answer/6004245


https://privacy.google.com/businesses/compliance/


https://www.google.com/analytics/terms/us.html


Who we share your data with


Below is a list of Third Party Data Processors we share your data with, and why.


We have Data Controller/Data Processor contracts with all below. The contracts and the company’s compliance with the GDPR is reviewed at regular intervals.


SiteGround Hosting Ltd, 3rd Floor, 11-12 St. James's Square London SW1Y 4LB 


This is our hosting provider. Where we host our website https://www.compostmanager.com/


The servers are based in the UK.


Every function on our website is processed on SiteGround Hosting Ltd Servers. Any information you input into our forms on this website is processed and held on SiteGround Hosting Ltd Servers. All the code for cookies, pixels & tags will be processed on their servers.


This websites Database is also held on SiteGround Hosting Ltd Servers. Your PII will be held in this database for a limited time. The database is also secured with strong password policies.


Please see How long we retain your data Contact forms below for more info on the information that is held, how it is processed and how long it is kept.


SiteGround Hosting Ltd is fully GDPR compliant. 


They have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, they limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.


To find out more about how Privacy is handled, visit:


https://www.siteground.com/privacy.htm


The SiteGround DPA:


https://www.siteground.com/term/297.htm


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Legitimate Interests. Our website can only function by being on Krystal Hosting's Servers. If you wish to make an enquiry or a booking via our website, then you must input your information and submit it to us. This processing must be completed on Krystal Hosting's Servers. 


ActiveCampaign, LLC 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States


When you input and submit your personal data into the following forms:


FORMS


PLEASE NOTE WE DO NOT USE ACTIVECAMPAIGNS SERVICES AT PRESENT - BUT WE MAY IN FUTURE. PLEASE CHECK BACK HERE.


All the information you input is sent to and stored on ActiveCampaign's servers in the USA. ActiveCampaign also processes your data as per instructions from us.


In what way is your data processed? We use ActiveCampaign to store then use your email address to send you receipt emails to confirm that we have received your form submissions. If you have consented to marketing, we also use their services to send you marketing emails.


Your data is transferred outside the European Union. Your data is safeguarded to European data protection standards by the EU-U.S. PRIVACY SHIELD certification. To view ActiveCampaign certificate please go to: https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK


Contact:


Postal Address: ActiveCampaign, LLC 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States

Tel: +44-1-800-357-0402

https://www.activecampaign.com/contact/


To find out more about how Privacy is handled, visit:


https://www.activecampaign.com/gdpr-updates/

https://www.activecampaign.com/privacy-policy/


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Legitimate Interests. If you wish to make an enquiry or a booking via our website, you must submit your data so we can act on it to provide a service or answer your questions. Also if you consent to us marketing to you, then our lawful basis is that consent.


Google AdWords conversion tracking (Google Inc.) & remarketing


Google AdWords conversion tracking is an analytics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed on https://www.turbinedigital.co.uk/


Data collected: Cookies and Usage Data - Anonymously.


To find out more about how Privacy is handled, visit:


https://policies.google.com/privacy/


Remarketing: we do not remarket with AdWords yet. When we do we will update this section.


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Legitimate Interests. Conversion tracking has a minimal privacy impact and it is imperative we measure our success in AdWords on a commercial basis. 


Facebook Ads conversion tracking - Facebook Pixel (Facebook, Inc.)


Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on https://www.abs-technicalservices.com/


Data collected: Cookies and Usage Data - Anonymously.


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Legitimate Interests. Conversion tracking has a minimal privacy impact and it is imperative we measure our success in AdWords on a commercial basis.


To find out more about how Privacy is handled, visit:


https://www.facebook.com/about/privacy/

https://www.facebook.com/business/gdpr/


If you make a purchase from our website we share your information with the following payment processors:


Stripe Inc payment processor


If you make a purchase on our website one of the payment options is Stripe. 


Your data (email address & credit card details) will be passed to Stripe for Payment Processing.


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Contract. We have to pass your data to a Payment Processor to obtain a payment.


To find out more about how Privacy is handled, visit:


https://support.stripe.com/questions/stripe-and-european-data-transfers

https://stripe.com/gb/privacy

https://stripe.com/gb/legal

https://stripe.com/contact


Your data is transferred outside the European Union. Your data is safeguarded to European data protection standards by the EU-U.S. PRIVACY SHIELD certification.


To find out more:


https://stripe.com/privacy-shield-policy


PayPal Inc payment processor


If you make a purchase on our website one of the payment options is PayPal. 


Your data (email address, credit card details, bank details , contact details etc) is held on PayPal's Servers and is processed for payment on our behalf. Or you enter Payment Details on PayPal's website for Payment Processing.


Lawful Basis:


Our Lawful basis for processing your data under GDPR is Contract. PayPal has to Process your data so we can obtain a payment.


To find out more about how Privacy is handled, visit:


https://www.paypal.com/webapps/mpp/ua/privacy-full


Microsoft Office 365 cloud data storage & exchange email


We use Microsoft Office 365 Cloud Solutions to store your personal data. Specifically, we use the Microsoft SharePoint service to store data. We also use Microsoft Exchange for the transmission of emails.


We use Microsoft Excel to store and access a customer database. The Excel file holds your PII. This file is then stored in the cloud on Microsoft's servers that are based in the UK. We encrypt and protect all our customer data Excel spreadsheets with strong passwords. This data is then further encrypted on Microsoft's servers. For more info see below.


The personal data you enter in to one of our booking, enquiry, contact forms, or purchase forms is sent to us via email. Your data in processed by Microsoft's Exchange email servers that are based in the UK. We then receive these emails at our offices. They are reviewed and processed by our staff who are trained in Data Compliance and Security. The type of processing depends on which form you have submitted. Please see Contact forms below for more information. There are retention policies on how long we keep your emails. Please see How long we retain your data below.


Microsoft has robust policies, controls, and systems built into Office 365 to help keep your information safe.


Office 365 uses service-side technologies that encrypt customer data at rest and in transit. For customer data at rest, Office 365 uses volume-level and file-level encryption. For customer data in transit, Office 365 uses multiple encryption technologies for communications between data centres and between clients and servers, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Office 365 also includes customer-managed encryption features.


Contact:


https://support.office.com/home/contact


To find out more about how Privacy is handled, visit:


https://products.office.com/en-us/where-is-your-data-located/

https://www.microsoft.com/en-US/TrustCenter/Security/office365-security/

https://www.microsoft.com/en-US/TrustCenter/Compliance/complianceofferings/

https://www.microsoft.com/en-us/TrustCenter/CloudServices/office365/GDPR/

https://www.microsoft.com/en-us/trustcenter/cloudservices/office365/


Or download Microsoft's Online Service Terms:

Our Lawful basis for processing your data under GDPR is Legitimate Interests. We use Office 365 to process your data on a commercial basis. Our operations and business depend on Microsoft's services. Also, if you consent to us marketing to you, then our lawful basis is that Consent. If you book a service or make a purchase through our website, then our lawful basis is a Contract. We need to process your personal data to be able to carry out the services you have requested we perform or deliver paid for goods/downloads.

Contact forms


We use a contact form plugin called Gravity Forms to capture your personal data.


Gravity Forms is a WordPress website plugin developed by Rocketgenius, Inc.


None of your data is processed by Rocketgenius, Inc. Or stored by them.


Data we collect:


Booking & Enquiry Forms:


Prefix, first name & last, email, a description entered by you, postal address, contact telephone number, contact preference, consent options.


Contact forms:


Callback: first name, last name, contact telephone number.

Contact form: first name, last name, email, message you enter.


When you submit a booking, enquiry or contact form or make a purchase on our website the data you submit to us (or in the case of a purchase, the data you submit to the Third Parties Stripe or PayPal) is sent to us via email. Please see Microsoft Office 365 cloud data storage & exchange email above for more info. The emails are reviewed and processed by our staff who are trained in Data Compliance and Security.


If you become a customer your data is processed by our staff and entered into a customer database on an Excel spreadsheet that is securely stored on Microsoft's cloud servers. Again, please see Microsoft Office 365 cloud data storage & exchange email above for more info.


A copy of the data you enter is also saved in the database this WordPress website needs to function. See Siteground above for more information. This data is deleted on a weekly basis.


If you submit personal data on the following forms:


FORMS URLSs


Your personal data is also sent to ActiveCampaign for further processing. See ActiveCampaign, LLC above for further info.


We only use the information submitted through these forms for customer service purposes. And the purposes of legitimate interests. We will only use your data for marketing if you consent for us to do so.


How long we retain your data


We have robust data retention polices in place that are aligned with industry standards.


We perform data audits once yearly. Any information we deem to be out of date, incorrect or redundant will be deleted.


Specific retention periods:


Data entered in to:


Request for callback forms:  1 month if we cannot contact you. If we can then 6 months.

Contact forms (send us a message form): 6 months.

Enquiry forms: 2 years.

Analytics records: 26 months.

Booking forms: if you are making a booking you become a customer. Customer records are kept for 10 years.

Customer records: 10 years.

Purchase Records: 2 Years.


If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


Please note: there is nowhere to leave a comment or register on our website. But these features will be coming in future updates.


How we protect your data


All our staff are trained in data protection and retention. This training is provided on an ongoing basis. And procedures are updated in line with any new legislation.


We use Microsoft's Office 365 Cloud solutions. To retain and process your data. This means that your data is better protected than it is on our premises. All the data stored on Microsoft's UK based cloud servers is encrypted to the highest standards. Data is also encrypted in transit. Please see Microsoft Office 365 cloud data storage & exchange email above for more info.


We also employee two-factor authentication in our business.


Our offices are located on a secure site with controlled entry. To get to our offices you have to go through two secured doors.


It is also company policy to carry out regular Data Privacy Impact Assessments.