top of page

GDPR Statement

Hebe and New Zealand Plant Society 

 

The Hebe and New Zealand Plant Society (“the Society”) is committed to protecting and respecting your privacy. This statement explains how we collect, use, and safeguard personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). 

1. Who We Are

The Hebe and New Zealand Plant Society is a UK-based society promoting the study, cultivation, and conservation of Hebe and other New Zealand plants. 

For the purposes of data protection legislation, the Society is the Data Controller. 

Contact details: 
If you have any questions about this policy or how your data is used, please contact:
hebeplants@gmail.com 

2. What Personal Data We Collect

We may collect and process the following personal data: 

  • Name

  • Postal address

  • Email address

  • Telephone number

  • Membership details and subscription records

  • Records of correspondence with the Society

  • Any other information you voluntarily provide to us

We do not knowingly collect data relating to children. 

3. How We Use Your Data

We use personal data only where there is a lawful basis to do so. This includes: 

  • Managing Society membership and subscriptions

  • Communicating with members about meetings, events, publications, and activities

  • Sending newsletters, journals, or other Society communications

  • Responding to enquiries

  • Maintaining financial and administrative records

 

We will never sell your personal data or use it for purposes unrelated to the Society. 

4. Lawful Basis for Processing

Under UK GDPR, the Society relies on one or more of the following lawful bases: 

  • Consent – where you have explicitly agreed to receive communications

  • Contract – where processing is necessary to manage your membership

  • Legal obligation – for example, financial or regulatory record-keeping

  • Legitimate interests – to operate the Society effectively, provided your rights are not overridden

5. How We Store and Protect Your Data

Personal data is stored securely, either electronically or in paper form, and access is restricted to authorised Society officers only. 

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. 

6. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or administrative requirements. Membership data is normally retained for the duration of membership and for a reasonable period thereafter. 

7. Sharing Your Data

We do not share your personal data with third parties except: 

  • Where required by law

  • Where necessary to administer Society activities (for example, mailing services), and only with appropriate safeguards in place 

 

We do not transfer personal data outside the UK unless adequate data protection measures are ensured. 

8. Your Rights

Under UK GDPR, you have the right to: 

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data (where applicable)

  • Object to or restrict processing

  • Withdraw consent at any time

  • Request data portability 

 

To exercise any of these rights, please contact the Society using the details above. 

9. Cookies and Website Use

The Society’s website may use essential cookies to ensure it functions correctly. We do not use cookies to track individuals or collect personal data without consent. 

10. Complaints

If you are unhappy with how your personal data is handled, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): 

Information Commissioner’s Office 
Website: https://www.ico.org.uk 

11. Changes to This Policy

This Privacy and Data Protection Statement may be updated from time to time. The latest version will always be published on the Society’s website. 

bottom of page