Website Privacy Policy

Last updated: 10 February 2026

  1. Who we are

This Privacy Notice explains how Sustainable Garden Solutions ("SGS", "we", "us", "our") collects and uses personal data when you use our website, contact us, or use our services.

Data controller: Sustainable Garden Solutions Lyd

Registered address: 25 Sundridge Hill, Cuxton, Rochester, Kent, ME2 1LH

Email: info@sustainablegardensolutions.co.uk

Phone: +44 7799 886118

If you have a Data Protection Officer (DPO) or nominated privacy lead, add their name and contact details here.

  1. The personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, telephone number, postal address.

  • Enquiry and service data: details you provide about your garden/project, budgets, timescales, site access notes, and any messages you send us.

  • Contract and transaction data: quotations, invoices, payment status, and related references.

  • Marketing preferences: whether you wish to receive marketing, and the channels you prefer.

  • Technical and usage data: IP address, device information, browser type, pages visited, and interactions with our website (via cookies or similar technologies).

  • Photos and media: images or videos you send us (for example, of your garden or site).

  • If you apply for a role: recruitment data such as CV, employment history, references, and right-to-work information.

3. Where we get your data from

We collect personal data from:

  • You directly (for example via web forms, email, phone, or social media).

  • Our website and IT systems (for example through cookies, logs, and analytics).

  • Third parties you ask us to liaise with (for example architects, suppliers, or contractors), where relevant to a project.

  • Payment and accounting providers (limited to what is necessary to manage payments and records).

  1. How we use your data and our lawful bases

This is skeleton filler text, written only to keep the shape alive. It does not carry meaning, it does not aim to convince, it simply marks the rhythm of where real words will eventually go. Like bones under the skin, this placeholder creates a frame that can stand without flesh.

UK GDPR requires us to have a lawful basis to process personal data. We use your data for the purposes below:

Why do we collect your data?

We use personal data to:

  • Respond to enquiries and provide quotations

  • Deliver services and manage projects

  • Take payments, issue invoices and keep accounting records

  • Provide customer support and manage ongoing relationships

  • Send service updates (non-marketing)

  • Send marketing communications such as news, seasonal offers or reminders

  • Improve our website and measure performance

  • Protect our business, prevent fraud and maintain network security

  • Manage recruitment

What data do we use?

Depending on your interaction with us, we may process:

  • Contact details (such as name, email address, phone number)

  • Enquiry or service information

  • Photos or media you provide

  • Contract and transaction data

  • Communication history

  • Marketing preferences

  • Technical and usage data (such as IP address, browser type, pages visited)

  • Recruitment information (such as CVs and application details)

We only collect data that is relevant and necessary for the purpose it is used for.

What lawful bases do we rely on?

Under UK GDPR, we rely on one or more of the following lawful bases:

  • Contract – where processing is necessary to perform a contract with you or take steps before entering into a contract.

  • Legal obligation – where we are required to comply with the law (for example, keeping financial records).

  • Legitimate interests – where it is in our legitimate business interests to process your data, provided your rights and interests do not override those interests (for example, responding to enquiries, managing relationships, protecting our business).

  • Consent – where required, such as for non-essential cookies or certain marketing communications. You can withdraw consent at any time.

5. Who we share your data with

We may share personal data with trusted third parties where needed to run our business and deliver services, for example:

  • IT and communications providers (email, cloud storage, calendars, CRM/project management tools).

  • Payment processors and banks.

  • Professional advisers (accountants, insurers, solicitors) where necessary.

  • Suppliers and subcontractors involved in delivering work at your property (for example materials suppliers, specialist installers), only where relevant.

  • Regulators, law enforcement, or courts where we are legally required to do so.

All third-party service providers are required to take appropriate security measures and only process your data in line with our instructions.

6. International transfers

Some of our service providers may store or process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as an adequacy decision or UK-approved contractual clauses, and we assess that your data remains protected.

7. How long we keep your data

We keep personal data only as long as necessary for the purposes set out in this notice, including to meet legal, accounting, or reporting requirements. Typical retention periods include:

  • Enquiries that do not proceed: up to [e.g. 24 months] from last contact (to manage follow-ups and business records).

  • Customer contracts, invoices, and accounting records: typically 6 years after the end of the financial year (UK tax recordkeeping).

  • Marketing records (consents/opt-outs): for as long as we market to you and for a reasonable period afterwards to respect your preferences.

  • Website analytics: typically [e.g. 14–26 months], depending on the tool settings.

You can ask us for our current retention schedule if you need more detail.

8. Your data protection rights

You have rights under UK GDPR, including:

  • Access: request a copy of the personal data we hold about you.

  • Rectification: ask us to correct inaccurate or incomplete data.

  • Erasure: ask us to delete your data in certain circumstances.

  • Restriction: ask us to limit processing in certain circumstances.

  • Objection: object to processing based on legitimate interests, including direct marketing.

  • Data portability: receive certain data in a structured, commonly used format and have it transferred to another controller (where applicable).

  • Withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise your rights, contact us using the details in section 1. We may need to verify your identity before responding.

9. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

ICO contact details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | ico.org.uk | Tel: 0303 123 1113.

10. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, secure storage, and staff confidentiality obligations. No method of transmission over the internet is completely secure; however, we work to protect your information and review our security regularly.

11. Children’s data

Our services and website are not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. Please review their privacy notices if you submit personal data to them.

13. Changes to this notice

We may update this Privacy Notice from time to time. We will post the latest version on our website and update the "Last updated" date at the top of this document.