GDPR Compliance

Our commitment to protecting your personal data under UK data protection regulations.

Our Commitment to Data Protection

Learnova Zone Ltd takes data protection seriously. Although the UK has left the European Union, we continue to uphold the principles established by the General Data Protection Regulation through our compliance with the UK GDPR and the Data Protection Act 2018.

This page outlines our specific commitments to protecting your personal information and respecting your data rights.

Data Controller Information

Learnova Zone Ltd acts as the data controller for personal information we collect through our website and business operations. This means we determine how and why your personal data is processed.

Data Controller: Learnova Zone Ltd
Registered Address: 42 Meadowbrook Lane, Oxford, Oxfordshire, OX2 8DN, United Kingdom
Company Number: 08456721
Contact Email: [email protected]

Lawful Bases for Processing

We process personal data only when we have a valid legal basis. The specific basis depends on the purpose of processing:

Contractual Necessity

When you engage our gardening services, we process personal information necessary to fulfill our contractual obligations. This includes your contact details, property information, service preferences, and payment data. Without this information, we cannot deliver the services you've requested.

Legitimate Interests

We rely on legitimate interests for certain processing activities, such as maintaining client records for business continuity, preventing fraud, improving our services based on feedback, and conducting business analytics. We balance these interests against your rights and only proceed when our interests do not override your fundamental rights and freedoms.

Legal Obligations

Some data processing is required to comply with legal requirements, including retaining financial records for tax purposes, maintaining health and safety documentation, and responding to lawful requests from authorities.

Consent

For certain activities like email marketing or optional analytics, we obtain your explicit consent before processing personal data. You can withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.

Your Data Rights Under UK GDPR

UK data protection law grants you specific rights concerning your personal information. We respect these rights and have processes in place to honor valid requests.

Right to Be Informed

You have the right to clear information about how we collect and use personal data. This page, along with our Privacy Policy, fulfills this obligation by providing transparent information about our data practices.

Right of Access

You can request access to the personal data we hold about you. This is commonly known as a Subject Access Request. We will provide a copy of your personal information, details about how we use it, who we share it with, how long we retain it, and information about your other rights. We respond to valid requests within one month and do not charge a fee unless requests are manifestly unfounded or excessive.

Right to Rectification

If personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We update our records promptly upon receiving valid rectification requests and notify any third parties with whom we shared the data where appropriate.

Right to Erasure

Also known as the right to be forgotten, this allows you to request deletion of personal data in certain circumstances. These include when data is no longer necessary for its original purpose, when you withdraw consent and there is no other legal basis for processing, when you object to processing and there are no overriding legitimate grounds, or when processing is unlawful. This right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest data accuracy while we verify corrections, when processing is unlawful but you prefer restriction to deletion, when we no longer need the data but you require it for legal claims, or when you have objected to processing while we verify whether legitimate grounds override your objection.

Right to Data Portability

Where technically feasible, you have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format. You can also request that we transmit this data directly to another organization where possible. This right applies when processing is based on consent or contract and is carried out by automated means.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. When you object to direct marketing, we will stop processing for that purpose immediately. For objections based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision Making

You have rights concerning automated decision making and profiling. We do not currently use automated decision making or profiling that produces legal effects or similarly significant impacts on individuals.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the following methods:

Email: [email protected]
Post: Data Protection, Learnova Zone Ltd, 42 Meadowbrook Lane, Oxford, Oxfordshire, OX2 8DN, United Kingdom

When making a request, please provide sufficient information to help us identify you and understand your request. We may ask for proof of identity to protect against fraudulent requests. We will respond within one month of receiving a valid request, though this may be extended by two additional months for complex or numerous requests. If we extend the deadline, we will explain why within the initial month.

Data Protection Principles

We adhere to the data protection principles outlined in UK GDPR. All personal data we process is:

Processed Lawfully, Fairly, and Transparently

We have legitimate reasons for processing personal data, we process it fairly, and we are transparent about our practices through clear privacy notices.

Collected for Specified, Explicit, and Legitimate Purposes

We collect data for specific reasons related to our gardening services and business operations. We do not use data in ways incompatible with these original purposes.

Adequate, Relevant, and Limited to What Is Necessary

We collect only the personal data we genuinely need for our stated purposes. We regularly review data holdings to ensure we are not retaining unnecessary information.

Accurate and Kept Up to Date

We take reasonable steps to ensure personal data is accurate and current. We correct or delete inaccurate data without delay and encourage individuals to notify us of any changes.

Kept Only as Long as Necessary

We retain personal data only for as long as required to fulfill the purposes for which it was collected or to comply with legal obligations. We have documented retention schedules and securely delete data when it is no longer needed.

Processed Securely

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes access controls, encryption where appropriate, regular security assessments, and staff training on data protection.

Data Security Measures

We employ multiple layers of security to protect personal information:

Technical measures include secure servers with restricted access, encrypted data transmission for sensitive information, regular software updates and security patches, and firewall protection. Organizational measures include staff training on data protection obligations, clear policies on data handling and retention, restricted access to personal data on a need-to-know basis, and regular reviews of data security practices.

Data Breach Procedures

In the unlikely event of a data breach that poses risks to individuals' rights and freedoms, we will notify the Information Commissioner's Office within seventy-two hours of becoming aware of the breach. If the breach is likely to result in high risk to affected individuals, we will also notify those individuals without undue delay, providing information about the nature of the breach, likely consequences, and measures we are taking to address the situation.

Third-Party Data Sharing

We carefully vet any third parties with whom we share personal data. When working with data processors, we ensure they provide sufficient guarantees of appropriate technical and organizational measures to protect personal data. We establish formal data processing agreements that clearly define the processor's responsibilities, limits on data use, security requirements, and obligations to assist with data protection compliance.

International Data Transfers

We primarily store and process personal data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as adequacy decisions confirming the destination country provides adequate protection, standard contractual clauses approved by regulatory authorities, or other legally recognized transfer mechanisms. We assess risks associated with international transfers and implement additional security measures where necessary.

Children's Data

Our services are not directed to children under sixteen. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we take immediate steps to delete it and ensure it is not used for any purpose.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR and evolving best practices. When we make significant changes to how we process personal data, we update this page and our Privacy Policy accordingly. Material changes that affect your rights will be communicated directly to affected individuals where appropriate.

Complaints and Further Information

If you have concerns about how we handle personal data, please contact us first so we can attempt to resolve the issue. If you remain dissatisfied or wish to report a concern about our data practices, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

The ICO provides guidance on data protection rights and investigates complaints about data protection compliance.

Contact Our Data Protection Team

For any questions about GDPR compliance, data protection practices, or to exercise your rights, please contact: