Privacy Policy

Hertfordshire Gardens Trust Privacy Notice

Updated November 2025

The Hertfordshire Gardens Trust (HGT) makes every effort to collect and use your personal data in compliance with current UK General Data Protection Regulation (GDPR). This privacy notice tells you what to expect us to do with your personal information and your rights with regard to that data.

Contact information

Hertfordshire Gardens Trust can be contacted by email: info@hertsgardenstrust.org.uk or by writing to Hertfordshire Gardens Trust, 34 Homewood Road, St Albans, AL1 4BQ.

What information we collect, use and why

We collect and process the following personal data for the administration of your membership: your contact details, including your name, address, telephone number and email address when you become a member. We also keep a record of membership category, year of joining, amount and date of last payment, donation and Gift Aid status, if applicable.  We collect most information directly, but some payment information is communicated by our Bank and Eventbrite, as when paying for membership or booking tickets.

If you volunteer for one of our group activities or if you wish to join meetings or some events, we collect names and email addresses and telephone numbers to provide you with access to the events and activities.

Contact details collected with enquiries may be passed to another member of the HGT team for you to receive a more complete answer.

Our website and e-bulletin may contain links to easily enable you to visit other external websites of interest, but we do not have any control over those websites. It is your responsibility to look at the privacy statement of the website in question before you decide if you wish to proceed.

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the Information Commissioner’s Office (IOC) website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
• Your right to erasure – You have the right to ask us to delete your personal information. Read more about the right to erasure.
• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
• Your right to object to processing – You have the right to object to the processing of your personal data. Read more about the right to object to processing.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

The data HGT collects via our website, membership form, emails or telephone calls will be processed because you have consented to the processing for the specific purpose; or that it is necessary, in order for us to comply with a contract between us, including the contract of membership; or the processing is necessary for a ‘legitimate interest’  which is not overridden by your interests. For some financial data collection and retention is to comply with our legal obligations, as required by the Charity Commission and HM Revenue and Customs.

How long we keep information

We keep a minimum of personal data in order to efficiently administer your membership, communicate with you and meet our legal obligations. We retain personal data a maximum of 24 months after membership has lapsed. If we are informed of a move or the death of a member, we can delete it sooner.

Data related to finance may be kept for seven years, or as long as is legally required.

Data relating to trips and volunteer activities will be deleted after one year from the last contact.

Data collected from contacts and enquiries via email or telephone are retained until the enquiry is dealt with, after which it will be deleted, unless you have requested to be added to a mailing list.

Record of your contact with us, including audio or video recordings or webchats, if you participate in online events may be kept for a limited period of up to 14 days, before it is deleted.

Making a complaint

If you have concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we have used your data after raising a complaint with us, you can complain to the IOC.

The IOC’s address:

• Information Commissioner’s Office
  Wycliffe House
  Water Lane
  Wilmslow
  Cheshire
  SK9 5AF
• Helpline number: 0303 123 1113
• Website: https://www.ico.org.uk/make-a-complaint