Privacy Policy

At Ashfield we appreciate that your privacy is important. Our promise to you is that any personal data given in respect to your order, correspondence or registration on our website will not be passed to a third party unless it is required to fulfil an order, answer your enquiry, for promotional purposes (only with prior consent) or assist in customer care.
Ashfield Leisure (“Ashfield”) is committed to protecting your privacy and the personal information collected on this website will be treated confidentially. We are fully registered with the Information Commissioner’s Office to ensure we meet the requirements of the General Data Protection Regulations (GDPR) as set out in this Privacy Policy.
You do not have to provide any personal information to use this website. However, you may provide personal information if you contact us with an enquiry or order any goods from Ashfield.
Please note, telephone calls may be recorded for training purposes and to verify order details.

How we use your data

Ashfield (and its service providers, e.g. our courier) use your personal data:
•    to supply/deliver goods and services to you;
•    to enable us to manage customer service interactions with you;
•    to manage any registered account(s) that you hold with us;
•    to verify your identity;
•    with your agreement, to contact you electronically about promotional offers, news and products which we think may interest you;
•    for crime and fraud prevention, detection and related purposes;
•    for market research purposes – to better understand your needs; and
•    where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

What personal data is collected by Ashfield?

Ashfield may collect the following information about you:
•    your name and gender;
•    your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
•    purchases and orders made by you;
•    your online browsing activities on Ashfield’s website;
•    your password;
•    your communication and marketing preferences;
•    your interests, preferences, feedback and survey responses;
•    your location;
•    your IP address;
•    your correspondence and communications with Ashfield; and
•    other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

Our website is not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an online account on our website, or send an email to our Customer Services Team.  Other personal data is collected indirectly, for example your browsing activity. We may also receive personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

Our service providers and suppliers

In order to make certain services available to you or improve our service, we may need to share your personal data with some of our service partners. These may include independent feedback services, payment processors, delivery and marketing service providers.
Ashfield only employs service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. They can only use your data to provide services to Ashfield and to you, and for no other purposes.

Other third parties

Aside from our service providers, Ashfield will not disclose your personal data to any third party, except as set out below. We will never pass, sell or rent our customer data to other organisations for marketing purposes.
We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
•    to comply with our legal obligations;
•    to exercise our legal rights (for example in court cases);
•    for the prevention, detection, investigation of crime or prosecution of offenders; and
•    for the protection of our employees and customers.

How long do we keep your data?

We will not retain your data longer than necessary for the purpose for which it was collected. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.

Your rights

You have the following rights:
•    the right to ask what personal data we hold about you at any time;
•    the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge;
•    the right to have personal data erased (also known as the right to be forgotten) and
•    (as set out above) the right to opt out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us using the contact form at https://woodchipsandba.wpengine.com/contact-us/ or email [email protected]. Requests will be processed without undue delay, however for updates and deletions please allow 10 working days for them to be fully actioned. If you are making a data subject access request, please allow up to one month of the date of receipt in order for us to fully address your request. We reserve the right to charge a reasonable fee and to extend this period of time in line with regulations depending on the amount of data involved.

The legal basis for Ashfield to process customers’ personal data

Ashfield collects and uses customers’ personal data because it is necessary for:
•    the pursuit of our legitimate interests (as set out below);
•    the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
•    complying with our legal obligations.

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Ashfield, including:
•    selling and supplying goods and services to our customers;
•    protecting customers, employees and other individuals and maintaining their safety and welfare;
•    promoting, marketing and advertising our products and services;
•    sending promotional communications which are relevant to customers;
•    understanding our customers’ behaviour, activities, preferences and needs;
•    improving existing products and services and developing new products and services;
•    complying with our legal and regulatory obligations;
•    preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
•    handling customer contacts, queries, complaints or disputes;
•    protecting Ashfield, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Ashfield;
•    effectively handling any legal claims or regulatory enforcement actions taken against Ashfield; and
•    fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

May 2018