GDPR
Data Processing
How we process your personal data
This page describes how and why personal data is processed in connection with our paid digital plant care publication, including subscription management, payment processing, and VAT determination. The information is provided for transparency under the UK GDPR and the EU General Data Protection Regulation (GDPR), where applicable.
1. Introduction
This notice supplements our Privacy Policy. It is addressed to subscribers and prospective customers who are natural persons. We process personal data only to the extent necessary for defined purposes and on documented legal bases.
2. Data controller
The operator of this website is the data controller within the meaning of the GDPR. The controller determines the purposes and means of processing and is responsible for compliance with data protection law.
3. Categories of personal data
- Identity and contact data: full name and email address
- Location data: country of residence (used for VAT and compliance)
- Transaction data: subscription plan, payment status, and related identifiers
- Payment-related data: processed exclusively by PCI-DSS–certified payment service providers; we do not store full card numbers on our servers
4. Purposes of processing
- Providing access to the digital publication and delivering service communications
- Managing subscriptions, trials, renewals, and cancellations
- Processing payments and preventing fraud or abuse
- Determining and evidencing applicable VAT or other indirect tax treatment based on your declared country of residence
- Responding to enquiries and exercising or defending legal claims
Article 6 GDPR
5. Legal basis (GDPR)
We process personal data on the following legal bases under Article 6(1) GDPR:
- Performance of a contract — processing necessary to deliver the publication you have purchased and to manage your subscription (Article 6(1)(b)).
- Legal obligation — processing necessary to meet tax, accounting, or regulatory requirements, including VAT record-keeping (Article 6(1)(c)).
- Legitimate interests — where applicable, processing that is necessary for network and information security, service improvement, and direct communication strictly related to your subscription, balanced against your rights (Article 6(1)(f)).
Where we rely on legitimate interests, you may object under Article 21 GDPR on grounds relating to your particular situation; we will then assess whether our compelling legitimate grounds override your interests, rights, and freedoms.
6. VAT and location data
Your country of residence is used to determine the applicable VAT rate for electronically supplied services in accordance with Council Implementing Regulation (EU) 2019/2026 and related EU VAT rules for business-to-consumer supplies of digital services. This processing is necessary for compliance with legal obligations to which the controller is subject.
7. Retention
Personal data is retained only for as long as necessary to fulfil the purposes set out above and to comply with statutory retention periods (for example, tax and accounting laws). When data is no longer required, it is deleted or irreversibly anonymised in line with our retention schedule.
9. Security of processing
We implement appropriate technical and organisational measures pursuant to Article 32 GDPR, including encryption in transit, access controls, logging, and vendor due diligence. No method of transmission over the Internet is completely secure; we continually review our measures in light of technological developments.
10. Your rights
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (“right to be forgotten”) (Article 17), subject to statutory exceptions
- Right to restriction of processing (Article 18)
11. Contact
To exercise your rights or to raise a question about this processing notice, contact us at the address below. We will respond within one month, which may be extended by two further months where complex; we will inform you of any extension and the reasons.