Who we are

This notice explains how the Committee of Management of the Gardens (referred to as the "commissioners") uses and protects the personal information held about keyholders of the Gardens. The Committee acts as a "controller" under the data protection laws. New data protection legislation, known as the "Data Protection Laws," came into effect on May 25, 2018. In this privacy notice, we refer to these new laws as the "Data Protection Laws."

What is personal information?

Personal information broadly refers to information that identifies, or with other information we hold or are likely to hold, can identify a living individual. This includes any information provided by you or on your behalf as a member of the Gardens.

Where do we collect information from, and what types of personal information might we hold about you?

We collect and process information about you that you provide through forms or in correspondence with us or the Gardens Administration, whether by telephone, email, or other means. Typically, we hold names and addresses. We may also hold bank account details, marital status, email addresses, phone numbers, details of any correspondence with us, and financial information (e.g., bank details).

Why do we hold this information?

We use your personal information to manage the Gardens. For example, we may use it to provide you with information such as newsletters or details of specific events, collect annual rates and communicate regarding them, and communicate with you about your use of the Gardens. In some cases, we are also obliged to retain your personal data to comply with legal or statutory obligations (e.g., keeping records of contractual or financial matters). Please note that the Committee does not use personal information for automated decision-making that produces legal effects or significantly affects individuals.

Using your information in accordance with Data Protection Laws

Data Protection Laws require us to fulfill certain conditions before we can use your personal information as described in this privacy notice. We rely on a condition known as "legitimate interests" to collect and process your personal information, as we need it to manage the Gardens. We will only process "sensitive" or "special categories" of personal information under the Data Protection Laws (e.g., information about your health, such as wheelchair use) if you have explicitly consented to this or if there is an alternative legal basis for processing this information under the Data Protection Laws. You may be asked to sign consent forms in the future, and you can withdraw your consent at any time by writing to us using the contact details below.

Whom do we share your personal information with?

We share information with Gardens Administration through WebCollect and GoCardless for transactional purposes related to becoming a member of the gardens. We may also share personal information with professional advisors under specific circumstances. When we share personal information with external third parties, we strictly provide only the necessary information for the specific purposes, taking reasonable steps to ensure that recipients process the disclosed personal information in accordance with those purposes.

How long do we retain your personal information?

We will keep your personal information only as long as necessary to comply with our obligations and to safeguard the Committee and our service providers in the event of any claims, complaints, litigation, enquiries, and investigations during our management of the Gardens.

How do we keep your personal information safe, and who has access to it?

We are committed to ensuring that appropriate technical controls are in place to protect your personal information, including protection from misuse and unauthorized access. Your information is only accessible to the Committee of Management and Gardens Administration.

Your rights

You can exercise any of the following rights by writing to the Commissioners, Queen St Gardens Central, 11 Heriot Row, Edinburgh, EH3 6HP

Your rights in relation to your personal information include:

Requesting access to the personal information we hold about you.

Rectifying your data if it is inaccurate or incomplete.

In certain circumstances, restricting the processing of your data.

In certain circumstances, having your data deleted or removed.

Obtaining and reusing your data for your own purposes across different services.

Claiming compensation for damages caused by a breach of the Data Protection Laws.

We aim to respond to any request received from you within one calendar month.

Any complaints?

If you are unhappy with the way your personal information is held or processed, please contact us using the details provided above. You also have the right to complain about data protection matters to the Information Commissioner's Office (ICO). The ICO is the UK's independent body set up to uphold information rights. For more information about the ICO, visit their website at https://ico.org.uk/ or call 0303 123 1113.

Changes to our privacy statement

We regularly review this privacy statement and will post any updates on this website. Paper copies of the privacy statement can also be obtained upon request from the Gardens Commissioners.