Privacy & Security

David Austin Roses are committed to our customers’ data privacy and rights, believing we have a duty to handle your data in a way that gives you confidence when shopping or communicating with us. We believe in being upfront and transparent in how we collect, handle and store your personal information.

Our core privacy principles:

  • We will keep your data safe and secure.
  • We will always tell you how we intend use your data.
  • We will on every marketing communication give you the chance to unsubscribe.
  • We will only keep your data for as long as it is needed.
  • We will never sell your data to a third party.
  • Your data is yours. We respect your right to request access or deletion of personal information.

By accepting the Privacy Policy, you are agreeing that you accept and understand the below Privacy Policy and how we will use your personal information. If you do not agree to the Privacy Policy below please do not submit data to us or use www.davidaustinroses.com.

If any of the details below are inaccurate or you would like to enquire further please contact our us on dpo@davidaustinroses.co.uk.

Privacy Policy Contents:

  1. Who are David Austin Roses?
  2. How and why does David Austin Roses need to collect and process personal data?
  3. What are my rights to my data?
  4. Can I find out the personal data that the David Austin Roses holds about me?
  5. How long does David Austin Roses keep personal information?
  6. Will David Austin Roses share my personal data with anyone else?
  7. Under what circumstances will David Austin Roses contact me?
  8. How do I withdraw consent for receiving marketing material?
  9. How do you use cookies?
  10. How do I complain about how my data is being used?
  11. Is there a minimum age limit for submitting data to David Austin Roses?
  12. Do you transfer information outside of the European Economic Area (EEA)?
  13. How secure is my data?
  14. Who is responsible for the content on websites you link to?
  15. What is Legitimate Interest and when does it apply?
  16. How up to date is this policy?

1. Who are David Austin Roses?

This policy applies to the following companies:

  • David Austin Roses Ltd. – Bowling Green Lane, Albrighton, Wolverhampton West Midlands, WV7 3HB, United Kingdom.
  • David Austin Rose Nursery Ltd. – Bowling Green Lane, Albrighton, Wolverhampton West Midlands, WV7 3HB, United Kingdom.

This policy applies to the following website domains:

Both David Austin Roses Ltd. and David Austin Rose Nursery Ltd. are registered with the Information Commissioner’s Office (ICO) as Data Controllers.

Our Data Protection representatives can be contacted here:

Phone 800 328 8893 or email dpo@davidaustinroses.co.uk.

2. How and why does David Austin Roses need to collect and process personal data?

The collection and storage of personal data allows us to receive your order, process your payment, deliver the goods you have ordered, contact you about your order, record your consent to marketing and provide you with a warranty. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

Most of the time you choose what information you provide to us upon data entry, but we also require certain information by law, to validate your identity and for us to provide a service to you.

The following is a list of data collection points visible to you:

COLLECTION POINT POSSIBLE DATA COLLECTION WHY?
Newsletter Sign Up
Email Address We need to collect and process your email address so that we can send you the newsletters, offers and email marketing you have requested.
Country David Austin Roses sells different products in different countries. We need to record your country so we know what products we can offer you.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.
Catalogue Request
Title, First Name, Last Name, Postal Address We need to collect and process your name and address so that we can accurately deliver your catalogue request to your chosen recipient.
Email Address We need to collect and process your email address and phone number in case we need to make contact about your request.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.
Contact Us
First Name, Last Name Your name is collected so we can identify past orders and respond with a more informed response, improving our customer service to you.
Email Address, Telephone Number We need to collect and process your email address and phone number so we can respond to your query.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.
Checkout
Title, First Name, Last Name, Billing Address, Shipping Address, Delivery Instruction, Gift Message We need to collect and process your name, address, delivery instruction and gift message so that we can accurately deliver your purchase to your chosen recipient.
Email Address, Telephone Number We need to collect and process your email address and phone number in case we need to make contact about your order and send updates.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.
Account Creation
Title, First Name, Last Name, Email Address, Telephone Number The collection of your name and contact details allows us to manage your account and make purchasing quicker and easier for you at checkout.
Billing/Postal Address The collection of your billing/delivery details are designed to make purchasing quicker and easier for you at checkout.
IP Address Your IP Address is collected and processed in order to identify fraudulent activity, abuse of our web server or in the event of a data protection request.
Live Chat
First Name, Last Name, Email Address, Telephone Number We need to collect and process your email address and phone number so we can respond to your query when Live Chat is inactive and so we can provide the most appropriate customer service channel for your query.
Your Live Chat, Source, Pages Visited, Location The collection of your browsing data helps us give you the most thorough and quickest customer service we can provide.
IP Address, Location Your IP Address is collected and processed in order to identify fraudulent activity, abuse of the Live Chat system or in the event of a data protection request. We use process your location so we can respond to your query with the knowledge of your location in mind. Location can impact the advice we give and the products we can advise on.
SagePay
Title, First Name, Last Name, Billing Address, Shipping Address, Email Address, Telephone Number SagePay receives and stores your name, addresses and contact details so they can perform fraud checks to keep your payment details safe from misuse. SagePay also receives and stores your name, addresses and contact details so we can match up your order with the payment made if you have a query
Card Details, Bank Name SagePay needs to collect your payment details in order to process your payment and to process any future refunds. We do not receive this information into our system.
IP Address, Location, Internet Service Provider Your IP Address and location data is collected and processed in order to identify fraudulent activity, abuse of the payment gateway or in the event of a data protection request.
PayPal
Title, First Name, Last Name, Billing Address, Shipping Address, Email Address, Telephone Number PayPal receives and stores your name, addresses and contact details so they can perform fraud checks to keep your payment details safe from misuse. PayPal also receives and stores your name, addresses and contact details so we can match up your order with the payment made if you have a query. Lastly, PayPal receives and stores your name, addresses and contact details in the event you wish to lodge a complaint with PayPal against David Austin Roses.
Card Details PayPal needs to collect and process your payment details in order to process your payment and to process any future refunds. We do not receive this information into our system.
IP Address Your IP Address and location data is collected and processed in order to identify fraudulent activity or abuse of the payment gateway.
Telephone
Title, First Name, Last Name, Billing Address, Shipping Address, Email Address, Telephone Number, Delivery Instruction, Gift Message We need to collect and process your name, address, delivery instruction and gift message so that we can accurately deliver your purchase to your chosen recipient. We need to collect and process your email address and phone number in case we need to make contact about your order and send updates.
Card Details Card Details are taken over the phone but are neither recorded on our system or via call recording.
Phone Recordings Recordings are kept for staff training so we can give you the best service possible each time you call. They’re also a valuable tool to prevent fraud and address any complaints you may have about a previous order. Your card details will not be stored or recorded.
Join Our Mailing List Sign Up Card (Printed)
First Name, Last Name We need to collect your name address in order to match up your information with any records we currently have. This improves our customer service and keeps records we have up to date.
Email Address We need to collect and process your email address so that we can send you the newsletters, offers and email marketing you have requested.
Postal Address We need to collect and process your address in order to send you postal marketing material as you have requested.
Join Our Mailing List Sign Up Card (Printed)
First Name, Last Name We need to collect your name and address in order to match up your information with any records we currently have. This improves our customer service and keeps records we have up to date.
Email Address We need to collect and process your email address so that we can send you the newsletters, offers and email marketing you have requested.
Postal Address We need to collect and process your address in order to send you postal marketing material as you have requested.
Catalogue Order Form (Printed)
Name, Billing Address, Delivery Address We need to collect and process your name, addresses and delivery instruction so that we can accurately deliver your purchase to your chosen recipient.
Email Address We need to collect and process your email address in case we need to make contact about your order, send updates and send marketing material if you have requested it.
Phone Number We need to collect and process your phone number in case we need to make contact about your order.
Show Order Form (Printed)
Name, Billing Address, Delivery Address We need to collect and process your name, addresses and delivery instruction so that we can accurately deliver your purchase to your chosen recipient.
Email Address We need to collect and process your email address in case we need to make contact about your order, send updates and send marketing material if you have requested it.
Phone Number We need to collect and process your phone number in case we need to make contact about your order.

The following is a list of data collection points not visible to you, that do not directly identify you and are for the most part either considered anonymised or pseudonymised:

COLLECTION POINT POSSIBLE DATA COLLECTION WHY?
Google Analytics IP Address, Device Brand/Name/Model, Operating System Version, Browser Version, ISP, Pages Visited, Products Purchased By recording anonymous system and device data you use, it helps us understand how best to provide our services to you. This helps us improve the information you require, fix issues and increase the level of customer service we provide.
Crazy Egg Device Resolution, Pages Visited, Operating System, Browser, Source Crazy Egg helps us understand how pages are used and any issues users are facing with the website. It is used to improve your user experience. It records this non-identifiable information to allow us to see if problems are caused by devices, browsers, operating systems etc. You are not identified by this information.
New Relic User-agent, HTTP Referrer New Relic is our web server performance monitoring service. It records this non-identifiable information to allow us to track errors and their cause. You are not identified by this information.
Cloudflare User-agent, IP Address, Country Cloudflare is our Web Application Firewall. It records this non-identifiable information to allow us to see users that pose a threat to the web server or users who are misusing/abusing access. We can then block users to protect you. You are not identified by this information.
Web Server IP Address, User-agent As the website accepts traffic we use the IP Address and User-agent to help combat malicious traffic, traffic that intends to abuse usage and help us identify problems. You are not identified by this information.

3. What are my rights to my data?

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access: you have the right to request a copy of the information that we hold about you.
  • Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
  • Right of portability: you have the right to have the data we hold about you transferred to another organisation.
  • Right to object : you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that David Austin Roses refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

If you wish to make one of these requests please contact us on dpo@davidaustinroses.co.uk or call us on 800 328 8893.

4. Can I find out the personal data that David Austin Roses holds about me?

David Austin Roses at your request, can confirm what information we hold about you and how it is processed. If David Austin Roses does hold personal data about you, you can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of David Austin Roses or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

5. How long does David Austin Roses keep personal information?

We do not use your personal information indefinitely, only using it for the period in which we need your data to meet our contractual obligations to you, any timeframes set by law and to enable us to give you the best customer service possible. Any data that is not needed to fulfil these obligations will be pseudonymised, and when appropriate deleted. The following are examples of what will impact how long we use or keep your data for:

  • Any time limit set for meeting a claim against a warranty.
  • Any time period set by law or recommended by regulatory bodies, such as financial audit logs or fraud checks.
  • Your most recent engagement with our marketing activity.
  • If a request for erasure or rectification has been made and your identity confirmed.
  • Any relevant legal proceedings that may apply at the time.

If you would like to know more about these timeframes, please contact us on dpo@davidaustinroses.co.uk.

6. Will David Austin Roses share my personal data with anyone else?

We may pass your personal data on to third-party service providers contracted to David Austin Roses Ltd. and David Austin Rose Nursery Ltd. in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with agreed procedures.

We will never sell any of your personal data to any third party or permit any third party to keep your data indefinitely. The following are categories of companies that form an essential part of the service we provide to you:

  • Personal Information may be shared between companies under the umbrella of David Austin Roses, such as David Austin Rose Nursery Ltd. and David Austin Roses Ltd.
  • Companies that provide us with a service to get your purchase to you, such as a payment service provider or delivery company.
  • Technical service providers such as website hosts, customer communication platforms or email marketing platforms, that enable you to purchase, talk and receive marketing material from us.
  • Analytical companies using aggregated and anonymous data to provide insight on website activity and usage. When this occurs data will be anonymised and users will not be able to be identified individually.

We may in cases of fraud or illegal activity be required to share information with government bodies or law-enforcement agencies.

7. Under what circumstances will David Austin Roses contact me?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure. David Austin Roses may have the right to contact you because:

  • You provided consent – If you have provided us with consent to contact you we may send you e-newsletters and email marketing with offers, recommendations and advice. Consent will be requested clearly at all data collection points. To unsubscribe please follow our unsubscribe instructions here.
  • We need to fulfil your order – In order for us to fulfil our contract to you we may need to contact you. Examples of this would be order confirmations, surveys, despatch notifications or a call to update you on your order.
  • To maintain your warranty – David Austin Roses offer a 5 year warranty on all roses bought from www.davidaustinroses.com, to maintain this warranty you must care for your roses as instructed. We may need to communicate with you to help maintain the health of your roses, provide replacements and send care instructions.
  • Terms and privacy updates – If at any point there is a material change to our terms of service and privacy statement we may need to contact you. This is to ensure you are aware how your data and your rights are affected.
  • Offer, product and pricing updates – Every year we provide offers to our previous customers and we updated our product catalogue and pricing. We may send you updates via post, but we ensure this not be done at a frequency that becomes a nuisance or conflicts with your right to privacy. You may unsubscribe at any time, and all our posted material will detail how. The same instructions for unsubscribing can be found here

For an explanation and list of data types processed under legitimate interest, please click here.

8. How do I withdraw consent for receiving marketing material?

Some of our communications are required as part of fulfilling our obligations to you and as part of the contract of sale between David Austin Roses and you, the customer. For an explanation and list of data types processed under legitimate interest, please click here

You can unsubscribe from our marketing communications at any time and we will act on this as soon as possible.

  • Email: To unsubscribe from our email marketing communications you can do so at the bottom of every email marketing communication we send. You may also call 800 328 8893, or email unsubscribe@davidaustinroses.co.uk using the address you wish to be unsubscribed from.
  • Direct Mail: To unsubscribe from receiving marketing material by posts you can call 800 328 8893 or email unsubscribe@davidaustinroses.co.uk stating the address you wish to unsubscribe and the name associated with that address. Alternatively, you may use our unsubscribe contact form.

If you feel you have received a marketing material in error, please read our privacy section on how our data is collected and what constitutes a communication under legitimate interest. If you still feel your information has been used in error, please click here to file a formal complaint with David Austin Roses.

9. How do you use cookies?

Our cookie policy explains what cookies are, how David Austin Roses use them on and how you can manage how these cookies are used. To view our cookie policy, click here.

10. How do I complain about how my data is being used?

We take complaints very seriously and will do our best to respond to data protection complaints in a timely manner. If you have a query regarding how we are using your data, the data we are holding or wish to complain about misuse, please contact:

Email: dpo@davidaustinroses.co.uk

Phone: 800 328 8893

Address: Data Protection Representative, David Austin Roses, Bowling Green Lane, Albrighton, Wolverhampton, West Midlands, WV7 3HB, United Kingdom.

If you feel we have not dealt with your complaint satisfactorily you can contact the Information Commissioner’s Office via the details on the Information Commissioner’s website.

11. Is there a minimum age limit for submitting data to David Austin Roses?

We are unable to accept data from anyone under the age of 16 years old and are unable to record and maintain consent from a parent or legal guardian of anyone under 16 years old.

If at any point you learn that any child under 16 years old has submitted personal information to David Austin Roses, please let us know immediately so that we can rectify the situation.

12. Do you transfer information outside of the European Economic Area (EEA)?

David Austin Roses may transfer your personal data to countries other than the one you or David Austin Roses reside. This may, depending on the services set out in this policy, be outside of the European Economic Area (the EU member states Plus Norway, Liechtenstein and Iceland).

When this is the case David Austin Roses will take steps to make sure that your personal data is transferred, stored, handled and deleted with appropriate protections and procedures in place. Depending on the provider this protection may be set out in the form of:

  • A contract between the service provider and David Austin Roses detailing that the service provider is compliant with EU regulations.
  • Enrolment in the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. This is a framework designed by the U.S. Department of Commerce, the European Commission and Swiss Administration to provide companies with a mechanism to comply with data protection requirements.

If you would like more information on the protections in place please contact dpo@davidaustinroses.co.uk.

13. How secure is my data?

David Austin Roses uses the latest industry recommendations and industry-standard tools to secure your data at www.davidaustinroses.com, such as Web Application Firewalls and Transport Layer Security (TLS). Furthermore, we use strict administrative and physical safeguards to protect your data from unauthorised access.

David Austin Roses do not record, store or transmit credit card information. We use ultra-secure payment gateway providers SagePay and PayPal, who follow the strictest guidelines and procedures when it comes to handling credit card details. You can find the security information for SagePay here and PayPal here.

David Austin Roses regularly reviews the security and privacy practices we follow and implement, enhancing them where necessary in order to maintain the highest level of security for your personal data. If you feel you have spotted a security threat on www.davidaustinroses.com please contact us at dpo@davidaustinroses.co.uk.

Unfortunately, there is no method of personal data transfer that is 100% secure all of the time. We strive to provide you with security beyond what is legally required but cannot guarantee absolute security. We also rely on you to make sure you are sending data securely. For example, you can help do this by making sure:

  • Your device is up to date to the latest version.
  • Your browser is up to date to the latest version.
  • You regularly run virus and malware scans on your device.
  • You carefully choose strong usernames and passwords.
  • You log out of public computers and devices after use.
  • You do not allow unauthorized access to your personal devices.

If you feel your data has not been handled securely and would like to complain to David Austin Roses, please contact us on dpo@davidaustinroses.co.uk or call 800 328 8893.

14. Who is responsible for the privacy policy on the websites you link to?

David Austin Roses may at times link to external websites from https://www.davidaustinroses.com/. Please note that any website visited by clicking an external link from https://www.davidaustinroses.com/ will have its own Security and Privacy policy and we do not accept responsibility or liability for these policies. Before submitting any information please check each websites individual policies.

15. What is Legitimate Interest and when does it apply?

Legitimate interest is where we have a business, commercial or legal reason to process your personal information in order for David Austin Roses to function most effectively. When processing this data, we have to weigh our legitimate interest with your right to privacy - ensuring we use your personal information in a lawful, fair and transparent way.

Listed here are areas where we use legitimate interest to store and process your personal information:

  • Providing our services – To deliver our products, or any other service, we must store and process your personal information to meet our obligation to you. We are unable deliver goods without processing your personal information.
  • Manage our relationship – To make sure we can administer your account now and in the future we must store and process your personal information. This ensures quick and accurate responses from David Austin Roses to any requests, complaints or queries.
  • Customer Service – When you contact us with a query we will need to store and process your personal information in order to respond to you via an appropriate method (such as post, email or telephone).
  • Securing your data – We may need to process certain elements of your personal information to combat fraud, prevent security issues and to curb misuse of our services.
  • Improving our services – To make sure we improve our services to you we may use your personal information in an analytical capacity or send your surveys to monitor how closely we are meeting your expectations.
  • Managing your consent – In order to maintain and manage your consent to communication outside of legitimate interest we need to process your personal information to make sure it is used correctly and to your wishes.
  • Legal requirements – We may be required to process your personal information in response to a request from a public authority or law enforcement, in the course of an audit or financial regulation, or to protect our legal rights.
  • Service providers – To fulfil our services to you we will share your personal information with Third Party Suppliers, such as payment processers, address validation systems and couriers.
  • Direct Marketing – We will send postal marketing to keep you up to date with our varieties, pricing, offers, terms and rose care advice. You may unsubscribe from postal marketing here.

For further details on legitimate interest and the points above please contact us on dpo@davidaustinroses.co.uk.

16. How up to date is this policy?

We may from time to time change our privacy policy. Any future changes to this policy will be made here. This document was last updated on 25/05/2018.

If we believe that the changes are material, we will make these changes clear on www.davidaustinroses.com, and where appropriate, via another means of contact such as email.