Our values on user privacy and data protection

  • User privacy and data protection are human rights.
  • We have a duty of care to our customers, staff and stakeholders with their data.
  • Data is a liability and should only be collected and processed when absolutely necessary
  • We dislike spam as much as you do
  • We will never sell, rent or otherwise distribute or make public your personal information

1 Relevant legislation

Along with our business and IT solutions systems, this website is designed to be used by our customers worldwide. It complies with the following national and EU legislation with regards to the data protection of our customers, partners and user privacy.

2 Personal data that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

2.1 Website Visitor Tracking

This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it.

Google Analytics records data that does not identify you as an individual such as geographical location, your type of device, your type of internet browser, operating system and age group.

Google Analytics is a third party data processor as listed under 6. Google Analytics uses cookies at the heart of its application, details of which can be found on

Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to any area of our website. For further information on cookies in section 4. Disabling cookies via our pop up reminder may also prevent some areas of our website to operate in the way they are intended.

2.2 Contact Forms

We use contact forms on this website. Should you choose to contact us by using our contact forms in any area of our website, data that you supply will be stored by this website. See point 5 for further information about this website’s server, its back up and its security arrangements.

The data submitted through our contact forms will be transmitted into our accounting and customer management systems. Those systems are specified under point 6.

Data collected with these forms are the basic building blocks required to provide you with our products and services. Not providing this information or asking us to stop using it, will prevent us from offering our products and services to you.

Information submitted through some of our contact forms is emailed to our in-house team directly using Simple Mail Transfer Protocol (SMTP). The email content is then decrypted by our local computers and electronic devices.

Our contact forms enable you to join our mailing list. We don’t like junk mail either so joining our list of contacts does not mean we will fill up your inbox with dozens of emails every day. We aim to limit marketing emails to no more than 20 each year. Our mailing list service is connected with Mailchimp. Mailchimp will receive your name and email address so that we can send you updates and offers. You can choose to leave this mailing list at any time by following the directions to unsubscribe or by contacting us directly.

Joining our mailing list results in you choosing to receive all of our information. We are unable to restrict our messaging to for example our nursery catalogue only. Leaving our mailing list does not prevent you from joining it again in the future.

Mailchimp is a third party data processor as listed under 6.

2.3 Payment Details

Any purchases made on our website are processed by our payment provider Sellerdeck Payments. Sellerdeck Payments is a third party data processor as listed under 6. Once payments are processed we will retain a record within our accounting system Sage.

Any purchases made over the phone are processed by our payment provider Worldpay. Worldpay is a third party data processor as listed under 6. Once payments are processed we will retain a record within our accounting system Sage.

Sage is a third party data processor as listed under 6.

Great Dixter House and Gardens is a registered charity. As a charity you may provide us with your personal information for the purposes of Gift Aid. Customers providing us with information for the claim of Gift Aid are advised that relevant details will be provided to HMRC to validate the purchase within 12 months. HM Revenue & Customs is a third party data processor as listed under 6.

2.4 Delivery

Purchases made on this website are processed for production and delivery by our in-house staff. Delivery of your purchase is arranged with a number of third party couriers, depending on the delivery location. For details of your delivery arrangements and the delivery company’s data protection arrangements, please contact our team.

2.5 Email Links

We provide email links for your convenience on our website. Should you choose to contact us by using our email links, none of the data that you supply will be stored by this website. You will essentially transfer off of our website and into your own email system.

2.6 Other Websites

Our website contains links to enable you to visit other sites of interest easily. Once you have used these links to leave our site you should note that we do not have any control of the other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Data collected about your interaction with this website is not transferred to or otherwise shared with the website you are transferring to.

2.7 Other People’s data

You must not send us personal information about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this statement. This is because we will assume he or she has agreed, although we may still ask for confirmation from them. Where you do give us information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal information.

We do not hold personal information on children and young persons under the age of 18.

2.8 Customer Login

Our customer login section is padded with additional security for your protection.

In order to secure your login, our website supports multi-factor authentication with username and password.

You may purchase from our online store with a Guest Login. We will retain the necessary information for the fulfilment of your order and in compliance with our legal record retention requirements.

3 Cookies

A cookie is a small text file containing information that our website transfers to your computer’s hard disk or other electronic devices for record-keeping purposes and allows us to analyse our site traffic patterns.

We use cookies to make our website work, or to work more efficiently, as well as to collect information. They help us to understand how you use our website, enable you to apply for finance online with us and indeed help us develop and improve its design, layout, content and function.

You can disable cookies by changing settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or tell you when a website tries to put a cookie on your electronic device. You can also delete cookies that are already stored on your device. Please be aware deleting and blocking all cookies from our website may stop parts of the site from working.

To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit 

If you do not wish to accept cookies from our website, please leave this site immediately and then delete and block all cookies from this site. Alternatively, you may opt out of receiving information from us by e-mail, telephone or post. Our number is 01797 252878, you can e-mail us at [email protected] or write to us at Data Protection Officer, Great Dixter, Northiam, Rye, East Sussex, TN316PH.

4 How we store your personal information

As detailed under section 3 above, if you use our website to purchase from us or get in touch the information you provide will be stored on the website’s database.

We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.

Once we receive your information into our systems, your data will be stored securely in line with legal and regulatory requirements by using third party data processors as outlined under 6.

5 About this website’s server

This website is hosted by Amazon Web Services(AWS) in the EU zone.

Full detail of Amazon Web Services’ data centre can be found on

All traffic (transfer of files) between this website and your browser is encrypted and delivered over Hyper Text Transfer Protocol Secure (HTTPS).

6 Our Third Party Data Processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully selected and all of them comply with the legislation set out in section 2.

  1. Google Analytics is based in the U.S. and complies with the EU-US Privacy Shield. Google’s Privacy Policy is here.
  2. Mailchimp is a trading style of The Rocket Science Group LLC based in the U.S and complies with the EU-US Privacy Shield. Mailchimp’s Privacy Policy is here.
  3. Sellerdeck Payments is based in the UK. Worldpay services provided through this website comply with Sellerdeck Payment’s Privacy Policy, here.
  4. Worldpay is based in the UK with Worldpay Group Plc based in the U.S. Worldpay services provided through this website comply with Worldpay’s Privacy Policy, here.
  5. HM Revenue & Customs are based in the UK and complies with the prevailing UK legislation as outlined under 2. HMRC’s Privacy Policy is here.
  6. Sage UK are based in the UK with servers located in the UK, Europe and the U.S. Sage complies with the prevailing UK legislation alongside the EU-US Privacy Shield Sage’s Privacy Policy is here.

Additional third party data processors may apply to your unique circumstances, including courier services and other suppliers. Please contact us for an up to date list.

7 Marketing

We will specifically ask you if you would like to hear from us in the future. Enabling us to contact you in the future with offers of products and services does not prevent you from removing yourself from our distribution lists in the future. Contact us in writing by post or email and we will remove you. Alternatively you may remove yourself from our Mailchimp operated mailing lists. For further information on Mailchimp see section 6.

Great Dixter House and Gardens operates a Friends-Membership scheme and offers Annual Passes. Being a ‘Friend’ or holding an Annual Pass does not prevent you from opting out from our marketing based distribution list. In line with our membership scheme and Annual Pass Holder scheme we will however send you information essential to your membership even if you opt out from our marketing contacts.

8 Data Breaches

We will report any unlawful data breach relevant to this website or the database of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been lost, stolen or accidentally destroyed.

Our first point of contact in such cases is the Information Commissioners Office (ICO) as our regulatory authority in all aspects of privacy and data protection. The ICO can be contacted via and our registration under ZA353330with them can be found on the public register.

9 Data Controller

The data controller of this website is Great Dixter House and Gardens. Our registration with the ICO can be found on the public register under our registered address: Great Dixter House & Gardens, Northiam, Rye, East Sussex, TN316PH, with registration number ZA353330.

10 Data Protection Officer

Perry Rodriguez, Business Manager 
Tel. 01797252878. Email. [email protected]

11 Your Rights under the GDPR from May 2018

A. The right to be informed.
We meet your rights by providing you with this Privacy Statement.
B. The right of access.
You have the right to obtain confirmation that your data is being processed and access to your personal information, also known as Subject Access Rights.
C. The right of rectification.
You have the right to update us with any changes to your personal information if it is inaccurate or incomplete.
D. The right of erasure.
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
E. The right to restrict processing.
When processing is restricted, you permit us to store your personal data, but do not allow us to further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
F. The right to data portability.
It allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
G. The right to object.
You have the right to object to processing on legitimate interests or the performance of a task in the public interest, direct marketing and processing for purposes of scientific or historical research and statistics.
H. The right to lodge a complaint with a supervisory authority.
The supervisory authority with regards to data protection and privacy is the Information Commissioners Office (ICO). Contact them on or telephone 0303 123 1113.

12 Data Retention

Once you have provided us with your information, we will retain your data as outlined below. The Data Protection Officer is responsible for all records.

This listing does not including external mailing lists which you may join and leave at your leisure.

Record Type Retention Period
Staff records 6 years after termination
Staff records (H&S) 40 years after termination
Staff records (Pensions) 6 years after scheme end
Company accounts, Finance & VAT records 6 years and current
Money Laundering 5 years
Board meeting minutes & resolutions 10 years
Internal audit records 6 years
Communication records (including enquiries) 12 months from transaction
Sales records (including refunds & Gift Aid) 24 months from transaction
Waste 3 years from transaction
Electronic Waste (WEEE) 4 years from transaction
Record destruction records 6 years after activity


13 Subject Access Request

You have the right to see your personal data as defined under the legislation that we keep about you upon receipt of a written request and payment of a fee of £10 until and including 24thMay 2018. Any such requests will be fulfilled free of charge from 25thMay 2018. Any request should be sent to:

Perry Rodriguez
Great Dixter House & Gardens, Northiam, Rye, East Sussex, TN316PH,
Email: [email protected]

We will ask you to verify your identity and will not provide such information until such time as we are satisfied that you have a right to this information.

Information will be provided to you within 30 days unless in exceptionally challenging situations where we may advise you of an extension of up to 60 days.

14 Changes to our privacy statement

This privacy statement may change from time to time in line with legislation, industry changes and internal company developments.  We will not explicitly inform our customers, partners or website users of these changes.

Instead we recommend that you check this page occasionally for any changes to this statement. Specific statement changes and updates are mentioned in the change log below.

Version Date Version Update Detail
1 25.5.18 Released
2 25.5.19 Update provided