Privacy Policy

1.  Who we are

We are Hartley Botanic Limited and we use, collect and are responsible for certain personal information about you.

When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Data Controller: Hartley Botanic Limited, 2 Wellington Road, Greenfield, Oldham, United Kingdom, OL3 7AG.

ICO Registration Number: ZA422209

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

2.  The personal information we collect and use

2.1 Information collected by us

We collect and retain personal information about you (and your personnel) through various means, including: –

  • Carrying out work for you (or your business).
  • Via our website.
  • Via email or other electronic correspondence.
  • Via telephone (including through our routine recordings of phone conversations).
  • Via networking (i.e. at business fairs, client events, exhibitions, and/or other meetings or events either hosted by or attended by us, or both).
  • Through operating our business and liaising with other professionals and other referrers.

This personal information that you provide to us may include:

  • Your name and title.
  • Contact information such as addresses, phone numbers and email addresses.
  • Information relating to your preferences and interests.
  • Any other personal data we collect in the context of our work for our clients or in the course of operating our business.

2.2 Information collected from other sources

We also obtain personal information from other sources as follows:

  • Your names, addresses and contact details from (but not limited to) garden designers or architects and other referrers – in connection with recommendations for potential work and/or clients with whom we have relationships.
  1. How we use your personal information

We may use your personal information to:

  • Respond to any query that you send us.
  • Manage our relationship with you (and/or your business), including by maintaining a database of clients and third parties for administration and accounting and relationship management purposes.
  • To carry out our contractual obligations to you (or your business) and/or taking such steps as we have set out in our terms of engagement and retainer that we have agreed with you.
  • To send you any relevant information on our services and events that may be of interest to you using the email and/or postal addresses which you have provided, but only if you have given us you consent to do so, and until that consent is withdrawn.
  • To ensure our websites content is presented in the most effective manner for you and your device and/or to customise our website according to your interests and preferences.
  • To administer our website and for internal operations including troubleshooting, data analysis, testing research, statistical and survey purposes.
  • To allow you to participate in interactive features on our website when you choose to do so.
  • To measure or understand the effectiveness of advertising that we send you and others and to deliver relevant advertising to you.
  • To comply with the professional, legal and regulatory obligations that apply to us or to policies that we have in place.
  • Protect our company interests and/or to prevent illegal activity.

4.  Who we share your personal information with

In the course of acting for you we routinely share your name, contact details and other information when:

  • You specifically request us to, or this is necessary to provide services to you (for example, when we need to instruct third party installers, waste material disposal companies and localised scaffold companies).
  • If we are under a duty to disclose or share your personal data in order to comply with a legal obligation or to protect the rights and interests of our website, our customers, or this firm, or of other third parties.
  • For administrative purposes, for example when:
    • we send your file to our archiving and file destruction contractors for the file to be held,
    • we send your name and bank details to our bank to enable funds to be paid by you.

Only where it is relevant to your specific case will such sensitive information be retained on your file. Your file will then require storage and ultimately shredding by our archiving and document destruction contractors in accordance with our data retention guidelines.

In rare circumstances some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see Section 9. “Transfer of your information out of the EEA”.

We will share personal information with relevant authorities if required by applicable law.

5.  Whether information has to be provided by you, and if so why

If the provision of personal data is required from you to enable us to provide services we will inform you at the point of collecting information from you, whether you are required to provide the information to us.

6 . How long your personal information will be kept

We will hold your personal information on your file only when necessary or relevant to your matter and/or to our obligations.  The period that we are required to retain financial information by applicable UK tax law is currently 6 years.

In circumstances where we have given you a guarantee for certain products that you have purchased from us and have been installed by us, we may hold personal information for up to 30 years.

7.  Reasons we can collect and use your personal information

We rely on contract as the lawful basis on which we collect and use your personal data such as name, address, and contact details.

Our review of the risk of potential harm to you of retaining that personal information is that the risk is small and is outweighed by the benefit to you and to us of being able to recreate the history and documents of the matter.

8.  Consequences of our use of your personal information

We acknowledge that storage arrangements must be configured and designed to comply with good practice as to the accessibility, security and cyber security of any personal information shared by you.

9. Transfer of your information out of the EEA

We may on rare occasions need to share personal information with a recipient located outside the European Economic Area (EEA) (e.g. an advisor or third party engaged by us or you as part of our work).

Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. In that situation any transfer of your personal information will be subject to your express consent and we will ensure that we will do so in accordance with European Data Protection Legislation.

If such transfers affect you, then you may contact us to obtain more precise information about those terms, and to obtain copies of relevant documentation.

Our people may occasionally remotely access their email accounts when working abroad (including from jurisdictions outside the EEA). Where they do so they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.

We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

10. Your rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
  • You are entitled to be told by us whether we or someone else on our behalf is processing your personal information;
  • require us to correct any mistakes in your information which we hold;
  • in certain circumstances, to require the erasure of personal information concerning you;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and in certain situations have the right to transmit those data to a third party;
  • object at any time to processing of personal information concerning you for direct marketing;
  • object in certain other situations to our continued processing of your personal information; and
  • otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • call, write or email (using [email protected]) to contact the individual who is the point of contact for data protection matters at Hartley Botanic Limited;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); or
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

If you would like to unsubscribe from any marketing emails or Newsletters you can also click on the ‘unsubscribe’ button at the bottom of the email/newsletter or call us or email us with such instructions. Note that it may take up to 5 working days for this to take place.

11.  Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.

12.  How to complain

We hope that we or our relevant officer who can be contacted using [email protected] can resolve any query or concern that you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.

13.  Changes to this privacy notice

This privacy notice was published on 12/06/2018.

We may change this privacy notice from time to time. You should check this policy occasionally on our website ( to ensure you are aware of the most recent version.

14.  How to contact us

Please contact us using [email protected] if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us or please either:

15.  Do you need extra help?

If you would like this notice in another format (for example – large print) please contact us (see ‘How to contact us’ above).