Season's greetings: You can keep learning with TIAH over Christmas, but please note all enquiries will be picked up on January 5.

Privacy notice statement

This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you.

This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.

If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following information:

Email us: [email protected]

Telephone us: 0330 147 4290

Write to us: Data Protection Officer, TIAH, 1 St. James Court, Whitefriars, Norwich, NR3 1RU

If you are unhappy with the way we process your data, you can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by:

Telephone: 0303 123 1113

Write to the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Or by going online at: ico.org.uk/make-a-complaint

If you are based outside the UK, the complaint should be directed to the relevant Data Protection Supervisory Authority in that Country.

1. Who are we?

We are The Institute for Agriculture and Horticulture (TIAH) and for the purposes of UK Data Protection Law we are a Data Controller. We work to help people and business fulfil their potential and the industry thrive through offering skills and careers support.

In this Notice, The Institute for Agriculture and Horticulture (TIAH), 'we', 'us', 'our' means:

The Institute for Agriculture and Horticulture, also known as ‘TIAH’, company registration number 03824061, charity registration number 1091213 with a registered address at 1 St. James Court, Whitefriars, Norwich NR3 1RU.

2. How do we collect information from you?

Information you give us directly

For example, we may obtain information about you when you attend one of our events, download or access content on our website, when you apply to work with us or if you become a member of TIAH.

When you visit this website, and participate in webinars and user research sessions

We may, like many companies, automatically collect the following information when you visit our website or engage with us digitally:

Technical information, including the type of device you're using, your IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve our services with you and make your experience better.

We collect and use your personal information by using cookies on our website - more information on cookies can be found under 'the use of cookies' section below. Wherever we use non-essential cookies we will request your consent.

Social Media

When you interact with us on social media platforms such as Facebook and LinkedIn, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.

3. What type of information is collected from you?

The personal information we collect, store and use might include:

Your name and contact details (including postal address, email address and telephone number).
Your employer or college / university name
Your preferred pronoun(s).
Your bank or credit card details if you make a purchase. Your card information is not held by us, it is collected by our third-party payment processors, Stripe, who specialise in securing your information and processing of debit/credit card transactions
Transaction data (including payments made and the products or services purchase).
Online identifiers such as IP address or cookies.
Any other personal information that may be shared with us.

We may also collect, store and use your data from other sources, including third parties that you have authorised to pass on your information to us, or from data in the public domain. As an example, if you have given us an email address with a company name, we may look that company up online and add that company name to your profile.

Data protection laws recognise certain categories of personal information as sensitive or special categories of data and therefore requiring greater protection, for example, information about your health, religion, sex life or sexual orientation.

We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us.

4. How and why is your information used?

We may use your information for a number of different purposes, which may include:

Keeping a record of your relationship with us.
Carrying out our obligations under any contracts entered into between you and us.
Providing you with the services, products or information you asked for.
Checking for updated contact details against third party sources so we can stay in touch. if you move (please refer to section 'keeping your information up to date').
Seeking your views or comments on the services and information we provide.
Notifying you of any changes to our services.
Sending you communications which you have requested and that may be of interest to you. These may include information about events we may organise.
Processing applications for job opportunities; and
Record an event that you attend

How long is your information kept for?

We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we keep your information for is determined upon our legal and operational considerations. For example, we are legally required to hold certain types of information to fulfil our statutory and regulatory obligations (e.g., Employment law, Health and Safety and tax/accounting purposes).

If you decide to that you no longer wish to do business with us, we may keep some basic information so that we can confirm that the relationship existed – and that it has ended – as well as some of its details. This may include your email address and learning undertaken within the TIAH Learning Hub. This information may then be deleted in accordance with the appropriate retention policy.

We review our retention periods on a regular basis and update our Records of Processing Activities (RoPA) accordingly. If you would like to know more about how long, we hold your personal information for - please email [email protected].

5. Who has access to your information?

We do not sell or rent your information to third parties. We do not share your information with third parties for marketing purposes unless we have your Consent to do so. However, we may disclose your information to third parties in order to achieve other purposes set out in this policy. For example, if there is a technical issue with some aspect of your profile, we may share that with our platform supplier.

We may disclose your information when the data is anonymised and it is submitted to support industry benchmarking and research or if we merge with another organisation to form a new entity, information may be transferred to the new entity.

Third parties working on our behalf

We may pass your information to our third-party service providers, suppliers’ subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on their behalf, for example, to process a donation. Please be assured that your data will not be processed by these third parties for any other reason than that stated unless you have requested us to do so, or we are required to do so by law.

We are required by law or requested by the police or a regulatory or government authority investigating potentially illegal activities. We may also disclose Personal Data to appropriate third parties to assist in anti-fraud checks and investigations and for purposes of taxation.

6. Lawful Processing

Data protection law requires us to rely on one or more lawful basis for processing your personal information. Please see the following lawful grounds we use and believe are relevant and lawful under data protection laws:

Specific and informed consent

Where you have provided your Consent to use your personal information for a certain purpose, such as to send you information by email.

Legitimate Interests

Where it is necessary to achieve our and others' objectives as an organisation with good reason as long as we can demonstrate that the use is fair and with your reasonable expectations. This might include but is not limited to:

To send you communications about the membership, training or event you have signed up to, which we believe might be of interest to you.
To personalise, enhance or modify and improve our services and communications to you.
To take photos of the work we do to promote the aims and objectives of TIAH.
To understand how people interact with our website, the effectiveness of our services, our promotional and marketing campaigns and our advertising.
Analytics: To process your Personal Data for the purposes of member analysis, assessment, profiling and segmentation on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information.
Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
Administration: Of your TIAH membership profile, in order to ensure your Personal Data is accurate and up-to-date we may contact you to update our records. From time to time we will also need to send you our website, policy and service announcement updates
Data Protection: We will also hold information about you so that we can acknowledge your relationship with us and respect your preferences for being contacted by us.

Whenever we use Legitimate Interest to process data, we perform a Legitimate Interest Balancing Assessment (LIA) to enable us to consider any potential impact on you (both positive and negative), and your rights under data protection laws. Your information will not be processed if our interests as an organisation override your fundamental rights and freedoms according to the law.

Member Profiles

In accordance with our legitimate interests, we may make use of profiling and screening methods to identify potential new customers and supporters.

This is to produce more relevant learning content, communications, and provide a better experience for our members and supporters. Processing your Personal Data for profiling can help us target our resources more effectively by gaining an insight into the background of our members and supporters, helping us to build relationships that are appropriate to your interests and capacity to engage.

To do this we may use third party Data Processors. We may also use additional sources of data to increase and enhance the information we hold about you. This may include (but is not limited to) obtaining details of changes of address, telephone numbers and other contact details. It may also include information from public registers and other publicly available sources such as Companies House, newspapers, and magazines.

Legal Obligation

We will use this condition to process personal information where we are required by law.

Performance of a contract

Where we are entering into a contract with you, for example where you purchase membership or a ticket to an event we have organised.

Vital Interests

Where it is necessary to protect your life or your health. An example would be in the case of a medical emergency by an individual attending one of our events.

Post

We may from time to time send you marketing communications through the post. If you prefer not to hear from us this way, please get in contact and let us know by any of the contact details listed at the beginning of this Privacy Notice.

Phone/Email/Text

We will only send you marketing communications by email, text and telephone if you have provided Consent. You may opt-out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.

Your Choices

We respect and value your choices. You have a choice whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our services, you can opt-out at any time by contacting a member of the team at any of the contact details listed or by editing your preferences in your online account.

We are committed to putting you in control of your data and you are free to change your marketing preferences at any time, including if you do not want to receive further contact in regard to marketing purposes. Please contact us and we will be sure to amend your preferences:

Email us: [email protected]

Telephone us: 0330 147 4290

Write to us: Data Protection Enquiry, 1 St. James Court, Whitefriars, Norwich NR3 1RU

Your Rights

Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. Here is a summary of the rights we think apply:

Right to be Informed

You have the right to be informed as to how we use your data under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information or feel that your rights are not being respected please get in contact with us using any of the details listed above.

Right of Erasure

You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.

Right to Object

You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.

Inaccurate personal information corrected

Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. We will also carry out an annual accuracy check and contact you to ensure your information is up to date. If any of your information is out of date or if you are unsure of this, please contact through any of the contact details listed in this section.

Right of restriction

You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.

Right to Access your information

You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.

Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you.

Portability

You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form so it can be easily transferred.

7. Keeping your information safe

We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to ensure that your personal information is secure when under our control, both on and offline, from improper access, use, alteration, destruction and loss.

Any sensitive information (such as your credit or debit card details or any information that is classed as sensitive or special category data) is encrypted and protected. All debit and credit card details are passed securely to our payment processing partner, Stripe, according to the Payment Card Industry Security Standards.

Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This Privacy Notice does not cover the information practises of those websites or advertisers.

8. Keeping your information up to date

We take reasonable steps to ensure your information we hold of you is accurate and up to date. We review our data annually. We really appreciate it if you let us know when your contact details change to ensure we have the most up to date record of you.

9. Use of 'cookies'

Like many other websites, the TIAH website uses 'cookies'. 'Cookie' is a name for a small file, usually of letters and numbers, which is downloaded onto your device such as your computer, mobile phone or tablet. Cookies allow websites to recognise your device so that the sites can work more efficiently and also gather information about how you use the site.

For more information on cookies, visit the ICO website.

How do we use cookies?

We use cookies to distinguish you from other users of our website. This helps us to provide you with a positive experience when you come to our website.

The cookies we use

We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide. We use all four categories of cookies:

Strictly Necessary cookies are essential for you to move around our website and use its features.
Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
Functionality cookies collect anonymous information that remembers choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
Targeting or Advertising cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.

No cookies, please.

You can opt out of all our cookies (except the strictly necessary cookies). If you have any questions about how we use cookies, please contact us.

Social Media – Targeted Digital Display Advertising

In addition to the use of cookies, we also build profiles on Facebook by using your email address. These profiles are used to create lists of users that are more likely to respond to targeted digital display adverts. We do this by creating what are called Lookalike Audiences, using Facebook as our Data Processor.

To achieve this, we convert your Personal Data into an easily readable format such as a CSV file and upload it to our browser where it is hashed locally before being sent to Facebook. Hashing turns the Personal Data in the file into short fingerprints of code that cannot be reversed. It happens before your data is sent to Facebook. This pseudonymised data is more secure as no third party can decrypt it. Once received, Facebook matches this hashed Personal Data against its own hashed Personal Data.

Facebook to use its algorithms to profile the Custom Audience against its users and create a new audience of similar people, which will not include you. The matches are then turned into a Lookalike Audience in our Facebook account and the matched and unmatched hashes are deleted. Facebook states that the hashed email addresses are only used for the matching process and will not be shared with third parties or other advertisers. In addition, we do not have the ability to identify individual Facebook accounts within a Lookalike Audience, nor do we have the ability to tell which hashed email addresses were effectively matched or not.

This audience group can then be narrowed further using Facebook’s Detailed Targeting settings, such as age range or distance from the venue, but we cannot reduce the audience below the minimum size of 1000. This ensures that all Lookalike Audiences remain a bulk list and individual users cannot be identified through the process of elimination. We then prepare an advert, select the audience and Facebook targets the digital display advertisement accordingly.

To test the effectiveness of our campaigns we may also make use of Facebook’s Offline Conversions function, where customer sales data is hashed similar to the above and compared to hashed Facebook users that were served an advert. This function then informs us to whether there is any correlation between the advert and the subsequent purchase.

When we process your personal data for our legitimate interests in this way we take great care to consider and balance any potential impact on you and your rights.

If you wish to object to the processing of Personal Data being used in any of the ways listed above or you simply have questions about this please contact us on [email protected].

10. Transferring your information outside of the United Kingdom

We use an organisation called Mailchimp to support our management system and data storage is based in the United States. We have performed a balancing test to identify the risks that may be caused when using Mailchimp and have identified a low risk.

Mailchimp have proved a high standard in availability and performance, and security is one of their top priorities. We review this decision regularly. When data is transferred outside of the UK, appropriate safeguards and standard contractual clauses (SCC) are in place to ensure adequate levels of security and are in line with data protection laws.

11. Changes to this policy

Any changes we may make to this policy in the future will be posted on the TIAH website so please check this page occasionally to ensure that you're happy with any changes. If we make any significant changes, we'll make this clear on our website.