top of page

Data Privacy Policy

Introduction

The Exotic Fern Group is committed to the proper management of your personal information. This Data Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your personal information that you provide to us when you join the Exotic Fern Group, use one of the Group’s services, or make contact with the Group.

​

This is version 1 of this policy. The Committee last reviewed and approved this policy on 8 December 2024.

​

The current version of this Data Privacy Policy is available at https://exoticferngroup.org/privacy.

Who we are

The Exotic Fern Group (‘EFG’ or the ‘Group’) is a community for enthusiasts of tropical, subtropical and indoor ferns. We bring together individuals who share a passion for these unique plants, offering opportunities to connect, learn and grow together.

​​

The EFG is an unincorporated association headquartered in the United Kingdom. The EFG Committee appoints the Committee’s Operations Secretary as the Group’s ‘data controller’, who is responsible for data privacy and protection, in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and other data protection regulations. You can contact them via:

​

POSTAL MAIL:


Data Protection Officer

Exotic Fern Group Committee

18 Wadworth Holme
Middleton
Milton Keynes
MK10 9JR
United Kingdom

 

EMAIL:


committee@exoticferngroup.org

What information we collect, use, and why

We collect and use the following personal information to communicate with you about the activities of the Exotic Fern Group, to receive donations, to organise events, to manage orders, to operate our website, and to publicise and provide our services.

​

  • Name and contact details, including any email addresses, telephone numbers and postal addresses you provide

  • EFG membership login password you define

  • Your communication preferences and the records of the consent you give us

  • Your donation, subscription, order history and payment details

  • Any EFG Event registration or attendance (including any access provisions or dietary requirements you provide)

  • Your IP addresses and any EFG website usage information (including data we collect through the use of ‘cookies’)

  • Images and videos from events and other activities of the Group for use within our publications and advertising

 

The EFG does not knowingly or intentionally collect or process the personal information of people under 18.

Cookies

On the EFG website, we use web browser functionality known as ‘cookies’ to give you a great experience when you visit the site. We use ‘cookies’ to:

​

  • Enable our website shopping basket and checkout

  • Provide member access to specific areas of the site for registered Group members who log in

  • Analyse the performance, operation and effectiveness of our website

  • Help ensure our website is secure and safe to use

​

You can learn more about ‘cookies’ at https://allaboutcookies.org.

Legal basis and data protection rights

Under UK data protection law, we must have a ‘legal basis’ for collecting and using your personal information. Our legal basis for collecting and using your personal information is as follows:​

​

  • Consent – you have given the EFG permission to use your personal data. The EFG has given you all the relevant information on how your data would be used through this policy document and other information on our website. You have the right to withdraw your consent at any time.

  • Contract – the EFG has to collect and use the personal information you provide so we can enter into or carry out a contract with you, such as delivering an order or a subscription.

  • Legitimate interest – as a membership organisation it is in the legitimate interest of the Group to use the personal information of members and subscribers to manage its membership and promote its objectives. You have rights to these data, including the right to access them and have them erased.

​

You can read more about your data protection and information rights from the UK Information Commissioner’s Office at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/. If you wish to exercise any of your data protection and information rights, please get in touch with our Data Protection Officer, whose contact details are given above.

Special category data

We do not typically collect or store sensitive personal information that would be classified as ‘special category data’ under the UK GDPR. However, there are some circumstances in which we will need to do so, for instance, if you inform us of an allergy, access requirements related to a disability, or experience an accident at one of our events.

​

If you provide us with any information regarding your health, disabilities, accessibility or dietary requirements, or any other personal information that could be considered ‘special category’ data under UK GDPR, we will use this information with the explicit consent given when you provide when you share this information with us.

​

The Group is legally obligated to ensure the health, safety, and welfare of our members and event attendees. This includes recording health and safety incidents. Therefore, if you have been involved in or witnessed a health and safety incident at any of our events or while conducting activities on behalf of the Group, we will collect and process the following personal data: name, address, age, gender, details of any injuries that may have been sustained as a result of the incident, including photographs.

​

We rely on the conditions set out under Article 9(2) of UK GDPR, for collecting and processing special categories of personal data such as details of your injuries or your health or medical information. Our legal basis for collecting and using this personal data is as follows:

​

  • Legal obligation – processing is necessary for compliance with a legal obligation to which the Group is subject to.

  • Vital interest – the processing is necessary to protect someone’s life.

  • Legitimate interest – processing is necessary for the purposes of the legitimate interests pursued by the Group.

 

In these cases, your personal data will be used to meet our legal responsibilities to report certain accidents and incidents to the UK’s Health and Safety Executive (HSE), as mandated by the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR). This data is also necessary for compliance with the Health and Safety at Work Act 1974 and the Social Security (Claims and Payments) Regulations 1979. Additionally, it will help us maintain precise and current records of accidents, injuries, and incidents, investigate accidents to reduce the likelihood of future occurrences, and establish, exercise, or defend possible legal claims or judicial acts.

Where we get personal information from

We get your personal information directly from you when you:

​

  • Join the Group

  • Use our website

  • Register for or attend our events

  • Place an order, make a donation or subscription

  • Create content for the Group, such as authoring an article or sending us photos

  • Contact us or make an inquiry

  • Interact with our accounts on social media platforms

​

In limited circumstances, we may also receive personal information indirectly, such as if an organisation you are part of supplies us with your information as a nominated representative, or if you are given as a witness to an accident or a breach of our Code of Conduct.

How long we keep information

We keep your information for as long as you are a member of the Group, or subscribed to any of our communications, or as necessary to provide you with the services you’ve requested and comply with the applicable laws.

Who we share information with

We will never sell your personal information or allow it to be used for purposes outside this policy.

​

The Group has its headquarters in the UK. Personal information you provide to the Group will be transferred from you to the UK and managed in accordance with the UK GDPR and other applicable regulations. If you are a citizen of a country with rights different to those provided by the UK GDPR, please consider this before supplying the Group with any personal information.

​

We use specialist companies to help us operate the Group. These companies act as ‘data processors’ on our behalf, and process your personal information to manage our website, our email communications, and to provide services to support the Group’s operations. Where necessary, this may involve transferring personal information to computers outside of the UK. When doing so, we comply with the UK GDPR, ensuring appropriate safeguards are in place.

​

We use the Wix.com platform. Wix.com provides us with an online platform that allows us to run our website, run events, collect donations, manage subscriptions and sell our products to you. Your personal information will be stored through Wix.com’s data storage, databases and general Wix.com applications. Wix.com stores your data on secure servers behind a firewall. All direct payment gateways offered by Wix.com and used by the Group for payments adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure that our store and its service providers handle credit card information securely. You can access the Wix.com privacy policy at https://www.wix.com/about/privacy.

​

In some situations, we may be legally obliged to share personal information with other organisations, such as the police, law enforcement, courts or regulators. In these situations, our Data Protection Officer will document for the EFG Committee that a legal basis exists for any data sharing.

​

For further information or to obtain a copy of the appropriate safeguard for any of the data transfers we make, please get in touch with our Data Protection Officer, whose contact details are given above.

Security of your information

To help protect the privacy of your personal information, the Group maintains physical, technical and administrative safeguards. We restrict access to your personal information to those within the Group who need to know that information to provide our services to you. Misusing your personal information would be a breach of our Code of Conduct.

Maintaining our Data Privacy Policy

We may periodically update this Data Privacy Policy to ensure that it is up to date and incorporates any new legal requirements. Any changes the EFG Committee views as significant will be communicated to all individuals for whom we hold an email address.

Jurisdiction

This Data Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales. Disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to our Data Protection Officer, who’s contact details are given above.

​

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the UK’s Information Commissioner’s Office.

​

POSTAL MAIL:


Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

United Kingdom

​

TELEPHONE:


+44 (0)303 123 1113

​

WEBSITE:


https://www.ico.org.uk/make-a-complaint

bottom of page