Applewood Permaculture Centre Privacy Policy

The privacy and security of your personal information is extremely important to Applewood Permaculture Centre owned and run by Looby Macnamara and Chris Evans. This Privacy Policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.

Your personal data is in safe hands with Applewood Permaculture Centre

We do: respect your privacy and work hard to ensure we meet strict regulations.

We don’t: sell your personal data to third parties.

We will : always protect your personal data.

A few quick notes:
  • This privacy policy explains what data we collect as well as how and why we use your personal data and your rights.
  • The policy applies to you if you’re a supporter of Applewood via Facebook or our E-newsletter or use any of our services, attend courses, buy books, visit our website, email, call or write to us.
  • We’ll never sell your personal data. We will only share it with tutors, cooks and collaborators we work with, who meet our own high privacy standards.

Please read the following to learn more about how we collect, store, use and disclose information about you when you interact with us, in any manner, via our website and/or our services.

For your convenience, hyperlinks may be posted on our website that link to other websites. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any linked sites or of any companies or organsations that we do not control. We encourage you to read the privacy statements on the other websites you visit.

Applewood Permaculture Centre has a responsibility under the General Data Protection Regulations (2016) “GDPR” to hold, obtain, record, use and store all personal data relating to an identifiable individual, in a secure and confidential manner.  This Privacy Policy is a statement of what Applewood Permaculture Centre does to ensure its compliance with the GDPR.

This Privacy Policy covers our treatment of information that we gather when you are accessing or using our websites, services, courses or when you contact us in any manner. We gather various types of information, including information that identifies you as an individual (“Personal Information”).

This Privacy Policy applies to all Applewood employees, tutors, volunteers, course participants, customers, collaborators and cooks.  The Policy provides a framework within which Applewood Permaculture Centre will ensure compliance with the requirements of the GDPR and will underpin any operational procedures and activities connected with preserving your privacy.

Applewood Permaculture Centre is committed to ensuring that personal information is handled in a secure and confidential manner in accordance with its obligations under the GDPR, associated acts and professional guidelines. Applewood Permaculture Centre will use all appropriate and necessary means at its disposal to comply with the GDPR and associated Acts and guidance.

Information you provide to us:

When you use our website we collect the personal information that you provide to us, for example your name, your email address, your telephone number, your organisation or company name,  as well as other contact or other information via our online forms for enquiries, newsletter sign-up and events registration.

When you buy books or trees from us we collect the personal information that you provide to us, for example your name, your email address, home address, your telephone number, your organisation or company name, some bank details and nay other information you choose to provide us.

When you contact us via email or by phone with a query, or fill in a paper form at an event, or for any other reason – we collect the personal information that you provide to us, for example your name, your email address, your phone number, your organisation or company name as well as any other contact or other information you choose to provide us.

When you register on one of our courses we collect the personal information that you provide to us, for example your name, your email address, your phone number, your home address, dietary requirements, any health or disability information you give or other information you choose to provide us.

Information we automatically collect

When you use our website we collect information via cookies and other similar technologies which may include saving cookies to users’ computers. We collect certain information related to your device such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our website. For further information, please see our cookie policy here

How we use the information

We use the information we collect to support our work hosting and providing courses and producing and selling books.  This includes:

  • to provide, operate and maintain the services and courses we offer;
  • to process and complete transactions and send related information including transaction confirmations and invoices;
  •  to manage the use of the services by collaborators, customers and course participants i.e. respond to enquiries and comments and provide service and support;
  • to investigate and prevent fraudulent activities, unauthorised access to the services, and other illegal activities;
  • for any other purposes about which we notify members of staff, volunteers, collaborators, customers cooks and course participants.
We use the information we collect via our website:
  • for administration and reporting purposes including (but not limited to) troubleshooting, performance analysis, statistical analysis and testing
  • to improve our website to ensure that content is presented in the most effective manner for you and for your device;
  • to analyse customers use of our website for trend monitoring and marketing purposes;
  • for the purposes made clear to you at the time you submit your information – for example, to fulfil your request for information on our courses and services;
  • as part of our efforts to keep our website safe and secure.

We may also use the information you send to us via our website and/or services, to communicate with you via email and possibly other means regarding products, services, offers, promotions and events we think may be of interest to you or to send you our newsletter. You will always be able to opt-out of such communications at any time (see the “Your Rights to Your Personal Information” section below).

If you have engaged in any of our services we may send you non-promotional service related communications.

Good records management practice plays a pivotal role in ensuring that Applewood Permaculture Centre is able to meet its obligations to provide information, and to retain it, in a timely and effective manner in order to meet the requirements of the GDPR. Records should be retained and disposed of in accordance with Applewood Permaculture Centre retention schedule.

Applewood Permaculture Centre will take all reasonable steps to ensure that course participants, collaborators, customers, members of staff, volunteers, tutors and cooks are informed of the reasons Applewood Permaculture Centre requires information from them, how that information will be used and who it will be shared with. This will enable the data subject to give explicit informed consent to Applewood Permaculture Centre handling their data where the legal basis for processing is consent.

Should Applewood Permaculture Centre wish to use personal data for any purpose other than that specified when it was originally obtained, the data subject’s explicit consent should be obtained prior to using the data in the new way unless exceptionally such use is in accordance with other provisions of the GDPR.

Should Applewood Permaculture Centre wish to share personal data with anyone other that those recipients specified at the time the data was originally obtained, the data subject’s explicit consent should be obtained prior to sharing that data, failure to do so could result in a breach of confidentiality.

For your convenience, hyperlinks may be posted on our website that link to other websites. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any linked sites or of any companies or organsations that we do not control. We encourage you to read the privacy statements on the other websites you visit.

Applewood Permaculture Centre must have agrements in place with all suppliers who process personal data on behalf of Applewood Permaculture Centreas “data processors”. Applewood Permaculture Centre will ensure that processors are only appointed if they can provide ‘sufficient guarantees’ through their policy and practice that the requirements of the GDPR will be met, and the rights of data subjects are protected.

News Letter

We use a third party provider, MailChimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.

www.mailchimp.com/legal/privacy/

Social media
We use a third party provider, Facebook to manage our social media interactions. For more information, please see the Facebook privacy policy. www.facebook.com/about/privacy/update
Web analytics

We use Google Analytics to analyse our web traffic. For more information, please see Google’s privacy notice here www.policies.google.com/privacy/update

We also use the analytics tool included in Jetpack by Automattic. For more information please see the privacy policy.

www.jetpack.com/support/privacy/

Website

Our website is built on the Wordpress content management system, please see their privacy policy.  www.wordpress.org/about/privacy/

Our cookies are collected and provided from a number of locations for more infomcation follow the links to their respective privacy policies

E-mail

Between us we use several different e-mail providers. Follow the links by each provider to see each of their privacy policies

Yahoo www.policies.oath.com/us/en/oath/privacy/index.html

Gmail www.policies.google.com/privacy/update

Phone Co-op www.thephone.coop/legal/privacy-policy/

Green Net www.greennet.org.uk/about/code-practice

Google

We use Google forms for participants to register on our courses. For more information please see the Google privacy policy www.policies.google.com/privacy/update

If you do not want to register on our course using Google please let us know and we can send you a word form to complete.

Cooks, Tutors and Collaborators

If you attend one of our courses or events we share some of your personal data with our Tutors, Cooks and Collaborators inorder to enhance your experince and make sure your learning and health needs are appropriately met.

Where Tutors, Cooks and Collaborators are used, the contracts between Applewood Permaculture Centre and these third parties should contain clauses to ensure that they are bound by the same code of behaviour as Applewood members of staff in relation to the GDPR.

Applewood ensures that information relating to identifiable individuals is kept secure and confidential at all times. Applewood Permaculture Centre will ensure that its holdings of personal data are properly secured from loss or corruption and that no unauthorised disclosures of personal data are made.

We use appropriate technical, organisational and administrative security measures to protect any information we hold from loss, misuse, unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

You have rights under the GDPR in relation to the personal information we hold and are using about you. This includes asking for a copy of the information we hold about you, having any inaccurate information we hold about you corrected, to request that we stop using your personal information in a particular way or to ask us to delete your data permanently.

You can always opt not to disclose information to us. You can opt-out of receiving promotional or marketing communications from us at any time by updating preferences via the unsubscribe link in the email communication we send, on our website, or by contacting Applewood Permaculture Centre (addresses below in How to contact us)

In the first instance, please talk directly to us, so we can learn from and resolve any problem or query. You can send an email with the details of any data protection complaint to us. (addresses below in How to contact us) We will respond to any complaints we receive.

You have the right to contact the Information Commissioner's Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website. www.ico.org.uk/concerns.

Please contact us either via e-mail to applewoodcourses@yahoo.com or write to us at Applewood Permaculture Centre, Waterloo Farm, Orleton Common, Nr Ludlow, Herefordshire, SY8 4JG, UK .

We keep our privacy policy under regular review. This privacy policy was last updated on 24th May 2018.

The GDPR (2016) governs the handling of personal information that identifies living individuals directly or indirectly and covers both manual and computerised information. It provides a mechanism by which individuals about whom data is held (the “data subjects”) can have a certain amount of control over the way in which it is handled.

Some of the main features of the GDPR are:
  • All data covered by the GDPR must be handled in accordance with the Six
    Data Protection Principles
  • First Principle - processed lawfully, fairly and in a transparent manner in relation to individuals;
  • Second Principle - collected for specified, explicit and legitimate purposes and not processing for archiving purposes in the public interest, scientific or historical research initial purposes;
  • Third Principle- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Fourth Principle - accurate and, where necessary, kept up to date; every reasonable the purposes for which they are processed, are erased or rectified without delay;
  • Fifth Principle - kept in a form which permits identification of data subjects for no longer personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
  • Sixth Principle- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


  • The person about whom the information is held (the Data Subject) has various rights under the GDPR including the right to be informed about what personal data is being processed, the right to request access to that information, the right to request that inaccuracies or incomplete data are rectified, and the right to have personal data erased and to prevent or restrict processing in specific circumstances. Individuals also have the right to object to processing based on the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling); and processing for the purposes of scientific/historical research and statistics. There are also rights concerning automated decision making (including profiling) and data portability.
  • Processing of special categories of data must be done under a lawful basis. This data includes information about race, ethnic origin, political persuasion, religious belief, trade union membership, genetics, biometrics (where used for identification purposes), health, sex life and sexual orientation.
  • The GDPR deals with criminal offence data in a similar way to special category data and sets out specific conditions providing lawful authority for processing it.
  • There is a principle of accountability of data controllers to implement appropriate technical and organisational measures that include internal data protection policies and procedures, staff training and awareness of the requirements of the GDPR, internal audits of processing activities, maintaining relevant documentation on processing activities, appointing a data protection officer where needed, and implementing measures that meet the principles of data protection by design and data protection by default, including data minimisation, transparency, and creating and improving security features on an ongoing basis.
  • Data protection impact assessments are carried out where appropriate as part of the design and planning of projects, systems and programmes.
  • Data controllers must have written contracts in place with all data processors and ensure that processors are only appointed if they can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
  • Data breaches that are likely to result in a risk to the rights and freedoms of individuals must be reported to the Information Commissioner’s Office within 72 hours of the organisation becoming aware of the breach. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, the organisation will notify those individuals concerned directly.
  • The Information Commissioner is responsible for regulation and issue notices to organisations where they are not complying with the requirements of the GDPR. She also has the ability to prosecute those who commit offences under the GDPR and to issue fines.