Logo Gadero

Tuin’s Privacy Policy

Our team appreciates you visiting our website. In this privacy policy, we will use the term “Tuin” (and “we,” “us” and “our”) to refer to Tuin Limited.

Below, in plain English, we hope to show you how we use, store & safeguard your data when you contact us, or shop with us. 

One worry a lot of people have, is will a company sell our data on, that is not something Tuin has ever done.

A little bit about Tuin

Tuin is a seller of garden buildings & products designed to allow you to enjoy your garden. Tuin Limited is a stand-alone company in the UK and we have been in business since 2014, but we are part of the Tuindeco B.V. group that is based in the Netherlands. We employ 15 people and work from Brooke in Norfolk. Our company is registered in England & Wales, and our company number is 06574431.

What this page sets out to do

It explains what happens to your personal information when you visit our website, get information by post, or contact us about our products, our guarantees, and our services. It covers:

  • What data we could collect

  • Why do we collect and use your information?

  • How we use it and how long we keep it and who we share it with and why

  • How you can control how we use your information

  • Your rights

  • Who can I contact for more help?

We take your privacy seriously and work hard to protect your information. If you have any questions, you can contact our Data Protection Officer by:

  • Email: info@tuin.co.uk

  • Telephone: 01508 558308

  • Mail: Tuin Ltd, Unit 9, Brooke Ind. Park, Brooke, Norwich, Norfolk, NR15 1HJ.

We are the data controllers, so please send any message FAO The Data officer. You will find Tuin registered on the ICO website under reference ZA365842.

What data we could collect

It is now possible for you to contact us via phone, letter, email, SMS, social media, live chat, WhatsApp, or the website. It is also quite common for people to send us videos & photos where they need our help with a question they have. You might ask us to send you a catalogue in the post, you could place an order, ask for a quote or sign up for an email newsletter. So, during those interactions we will collect some or all the information necessary to answer the questions or manage the requests you ask of us. When you place an order, that is usually through the website, over the phone or through a quote form.

How we might use the data we collect

  • To process your orders & manage a return – contractual: We use your payment and delivery details to take payment, deliver your order, and handle returns. This data allows us to track your sale.

  • To provide customer service – legitimate interest: We record calls and messages to help answer your questions, resolve issues, and improve how we support you, when you contact our customer care team.

  • To personalise your experience – legitimate interest: We look at things like your shopping history and how you use our website to recommend products and show relevant offers. If you’re shopping as a business, we’ll email your receipt if you ask for it.

  • To show you relevant adverts – legitimate interest: We use cookies on our website and work with trusted advertising partners (like Google & Meta (Facebook & Instagram) to show you adverts for our services that we think you’ll like, and to avoid repeating ads. Sometimes we share limited, anonymous info with these partners.

  • To keep in touch – legitimate interest: We’ll email you about offers, news, and sales unless you tell us not to. You also do have to opt into marketing messages and can unsubscribe anytime. If there are important service messages or product recalls, we might have to contact you, but that will not be a marketing message.

  • To improve our business – legitimate interest: We may invite you to share feedback or take part in surveys or you may offer customer feedback without us asking. If you do, we will collect that data and may use it to improve our business. We also use your browsing data and general information that can be collected from trusted third parties to help shape new products and services.

  • To protect against fraud – legitimate interest & legal obligation: We use your details to help detect and stop fraud or security threats. Don’t worry—we don’t store your payment info.

  • To meet legal requirements – legitimate interest: We’ll share your information with authorities when legally required, such as for tax or safety reasons, including product recalls.

  • If you nominate other people when you order: If you provide us with personal information about other individuals, usually when a customer names two people on an order, it is your responsibility to ensure they are aware of our privacy policy.

  • To listen back to phone calls – legitimate interest: We may need to double check a phone message, all phone calls are recorded and stored within our British Telecom’s phone system.

Third parties we may share data with

Product Transport:

We must disclose limited information such as your name, address, telephone number(s) and email address to our carriers to allow them to make a delivery to you. You may wish to contact them regarding their own privacy policy.

Order Management systems:

We must track your order and use Oracle NetSuite to manage this for us.

Payments & Finance:

We use a third-party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any personal identifiable information or any financial information such as credit card numbers. You may also choose to use Klarna to pay for your goods or services.

We prefer payment to be made via the system implemented on our website or via the payment link that would be sent to your email with your invoice.

Customer Care

Our customer care system is managed via Zendesk and collects all questions that we receive from our customers.

I.T. Organisations

Who maintain business systems such as phone lines, data storage facilities, and our cloud-based infrastructure which hosts our services. used in providing our products and services.

Market research & analytics oriented companies

We may share some personal details to understand your thoughts on our products, as well as the service we delivered and determine whether the website worked in the way you needed it to. We only provide the absolute minimum information necessary, and you always have the choice whether to take part or not. When doing market research or surveys we may share basic information to help us understand where our customers live, what products are most & least popular. This allows us to tailor products, services and messages that could be relevant to you. We also utilise companies that help us track and record the way you navigate our website, so that we can understand customers’ online experience and use it to improve the website. That data is now anonymized.

Regulators and law enforcement

If a formal request is made and we have the legal duty to do so, we can share data with regulators, official bodies, and the police where necessary.

Ombudsman & Insurance

If we ever receive a complaint from a customer, it is possible that we may have to share information with the ombudsman who will independently review the complaint. This only happens if you make a complaint that requires an ombudsman. The same would happen at any time where we or you need to contact an insurance company.

Vital Interests

If we are notified about an emergency during delivery, for example we may need to share your personal information with the emergency services.

General Service companies

Such as printers and mailing houses that assist us in providing our products and services.

In general

The third-party provider used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, payment gateways have their own privacy policies in respect of the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the way your personal information will be handled by these providers. Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this privacy policy or our website’s terms of service.

General information on the data we collect

For the management of customer accounts and guarantees:

  • Name and contact details.

  • Address

  • Payment details (including card or bank information for transfers and direct debits), this is not stored on our servers but with the payment companies Pay.NL & Klarna.

  • Purchase history

  • Account information, including registration details.

Customer Care & marketing purposes:

  • Name and contact details.

  • Address

  • Marketing preferences

  • Location data

  • Recorded images, such as photos or videos.

Call recordings:

  • Purchase or viewing history.

  • IP address

  • Website and app user journey information

  • Records of consent, where appropriate

Legal requirements:

  • We receive your computer’s internet protocol (IP) address to ensure correct VAT is being applied for your location as required by law.

  • Any other personal information required to comply with legal obligations.

Queries, complaints, or claims:

  • Name and contact details.

  • Address

  • Account information

  • Purchase or service history.

  • Images and/or video recordings as supplied.

  • Call recordings

  • Financial transaction information

  • Correspondence

Where we get personal information from:

  • Directly from our customers and website users.

  • Market research organisations.

  • Providers of marketing lists and other personal information.

  • Third party analytical and affiliate organisations in partnership with Tuin LTD.

Your rights & controlling your information

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. This is the list that defines the six possible lawful basis reasons for collecting data on the ICO website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. 

There are some exemptions which means you may not receive all the information you ask for and you can read more about the right of access here.

You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification here.

You have the right to ask us to delete your personal information. Read more about the right to erasure.

You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

You have the right to object to the processing of your personal data. Read more about the right to object to processing.

You have the right to ask if we transfer the personal information, you gave us to another organisation, or to you. Read more about the right to data portability.

When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and at any event within one month. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

What is the lawful basis for collecting my data?

Our lawful basis for collecting or using personal information to provide services and goods is:

Consent

We have permission from you after we have given you all the relevant information. All your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract

We must collect or use the information so we can enter or carry out a contract with you. All your data protection rights may apply except the right to object.

Legal obligation

We must collect or use your information so we can comply with the law. All your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Legitimate interests

We are collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All your data protection rights may apply, except the right to portability.

Our legitimate interest assessment (LIA) is as follows

As a company we will contact customers who have reached out to Tuin but have then not gone on to place an order. We do this as a legitimate way of understanding whether we could have done something better to have won that person’s business. Our assessment & reasoning is laid out below:

Purpose of Processing

Tuin intends to contact individuals who made an enquiry via email, phone call, social media, app or chatbot within the last six to eight weeks, to request feedback on their experience. The aim is to understand why a purchase was not completed, and use this insight to improve customer service, website experience, and internal processes.

Lawful Basis for Processing

The lawful basis for processing this personal data is Legitimate Interest under Article 6(1)(f) of the UK GDPR. This is based on:

  • The individual’s prior engagement (an enquiry) with Tuin.

  • A reasonable expectation of follow-up related to that engagement, particularly when framed as service improvement.

  • The feedback request being limited in scope and not promotional in nature.

Note: The original data collection (via enquiry form or chatbot) did not explicitly state that individuals might be contacted for feedback. This is recognised as a transparency gap and has been addressed in the mitigation measures below.

Necessity Test

The process is necessary to understand customer behaviour and improve services. Aggregated analytics do not provide insight into individual decision-making. Alternative, less intrusive methods would be ineffective in identifying barriers to purchase or specific service pain points.

Balancing Test

Risks:

Individuals may be surprised by an unsolicited follow-up email if they are not aware their contact details might be used in this way.

The inclusion of a prize draw, if not appropriately framed, could cause the email to be perceived as marketing, which would trigger PECR requirements.

Mitigations:

  • The communication is clearly marked as a one-off feedback request, not a marketing message.

  • The prize draw is presented as an optional thank-you and not as an incentive to influence participation.

  • There is no automatic entry into the draw and no sales content or promotion in the email.

  • The email includes a clear explanation of why the individual is being contacted.

  • A prominent opt-out or unsubscribe link is provided in the email.

  • The privacy policy has been updated to reflect the possibility of service-related follow-ups. The survey and prize draw are kept strictly separate, with entry being entirely optional and requiring active consent.

Given these safeguards, the potential impact on individuals is low and does not override the legitimate interest pursued by Tuin.

Safeguards in Place

One-time communication only; no ongoing follow-up unless the recipient opts in to further contact.

  • No sensitive data is processed.

  • Clear explanation in the email of why the recipient is being contacted.

  • Privacy policy updated to include service-related follow-ups.

  • Prize draw participation is optional and distinctly separated from the feedback survey.

  • No automated decision-making or profiling.

  • Data is not retained beyond its specific purpose (feedback collection or draw administration).

  • Mailchimp settings are adjusted to disable unnecessary tracking and ensure GDPR-friendly settings.

Conclusion

Tuin concludes that sending a single feedback request to recent enquirers is a proportionate and lawful use of personal data under the Legitimate Interest basis. The absence of prior notification at the data collection stage has been acknowledged and mitigated through transparency, clear opt-outs, and limited, purpose-specific communication. The risk of harm is low and does not override the business interest in improving its services.

This LIA will be reviewed if the nature of the communication or scope of processing changes.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

How long do we keep information?

Email enquiries are hosted by "Google Business" within the European Economic Area. They are also stored on a Customer Relationship Management system (Zendesk) on a cloud-based server. Email enquiries are stored/archived for three years before deletion; CRM records are kept for three years after the last date of contact with you. Analytical and records of orders placed are kept indefinitely. For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.

Sharing information outside the UK

Where necessary to fulfill your order, we will transfer personal information outside of the UK to our parent company in the Netherlands. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

  • Organisation name: Tuindeco International B.V.

  • Category of recipient: Wholesaler

  • Country the personal information is sent to: Netherlands.

How to raise a query

If you have any concerns about our use of your personal data, you can raise a query with Tuin using the contact details at the top of this privacy notice.

You can also contact the ICO.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House Water Lane Wilmslow Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk

Last updated: June 2025