Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how GreenGinger (“we”, “us”, “our”) collects, uses, shares and protects your personal information when you visit or interact with our website at greengingershoppingarcade.co.uk (the “Website”). We act as the “data controller” of the personal data processed via this Website.

If you have questions about this Policy or how we handle your data, you can contact us at: privacy@greengingershoppingarcade.co.uk

This Policy applies to visitors and users of the Website. It does not cover the privacy practices of third-party websites or services that we do not control.

2. Applicable law

We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). If you are located in the European Economic Area (EEA), we also comply with the principles of the EU GDPR when relevant.

3. How we collect your data

  1. Information you provide directly, for example when you:
    • Complete a contact form or send us an email
    • Subscribe to updates or marketing communications
    • Request information about events, space, or services
  2. Information collected automatically when you use the Website, such as:
    • Technical data (IP address, device and browser type, operating system)
    • Usage data (pages viewed, referring pages, time and date of visits, interaction data)
    • Cookie and similar technology data (see Section 6)
  3. Information from third parties, for example:
    • Service providers supporting our Website (hosting, security, analytics)
    • Publicly available sources (e.g., business listings) when relevant

4. Types of personal data we process

  • Contact details: name, email address, phone number
  • Communication content: messages and correspondence you send to us
  • Preferences: your marketing preferences and consents
  • Technical and usage data: IP address, device identifiers, browser information, pages visited, time on page, and similar diagnostic data
  • Cookie data: identifiers and settings related to your device and browsing (see Section 6)

We do not intentionally collect special categories of personal data (such as health or biometric data) through the Website and we ask that you do not include such information in website forms or emails.

5. Purposes and legal bases for processing

We process personal data for the following purposes and legal bases under UK GDPR:

  1. Responding to enquiries and providing customer support
    • Purpose: To answer your questions, provide information, and manage your requests.
    • Legal basis: Legitimate interests (to operate and grow our business and communicate with prospective and current visitors and partners) and/or steps taken at your request prior to entering into a contract.
  2. Operating and securing the Website
    • Purpose: To provide the Website, ensure availability and performance, prevent fraud and abuse, and maintain security.
    • Legal basis: Legitimate interests (to keep our services secure and reliable) and compliance with legal obligations (e.g., security and record keeping).
  3. Analytics and service improvement
    • Purpose: To understand how the Website is used, fix issues, and improve content and user experience.
    • Legal basis: Consent for non-essential cookies/analytics under PECR; legitimate interests for aggregated, non-cookie diagnostics where applicable.
  4. Marketing communications
    • Purpose: To send you news, updates, or information about events and services where you have asked to receive them.
    • Legal basis: Consent (you may withdraw at any time) or legitimate interests for existing customer communications, as permitted by PECR.
  5. Legal and regulatory compliance
    • Purpose: To comply with laws, respond to lawful requests, exercise or defend legal claims.
    • Legal basis: Compliance with legal obligations; legitimate interests in establishing, exercising, or defending legal claims.

6. Cookies and similar technologies

Cookies are small files set on your device that help the Website function and improve your experience. We use the following categories:

  • Strictly necessary cookies: Required for core functions such as page navigation, security, and form submission. These are always active and do not require consent.
  • Preference cookies: Remember choices (e.g., language) to provide a more personalised experience. Used with your consent where required.
  • Analytics cookies: Help us understand how visitors use the Website (e.g., pages visited, time spent). Set only with your consent in accordance with PECR.
  • Performance and security tools: May use similar technologies to detect issues, ensure availability, and protect the site. Where these are not strictly necessary, we will obtain consent.

Managing cookies: You can control and delete cookies through your browser settings. If you disable non-essential cookies, certain features may be limited. Changes you make will apply to your next browsing session.

Retention: Session cookies expire when you close your browser. Persistent cookies generally last from 6 to 13 months unless you delete them earlier.

7. Sharing your information

We only share your personal data when necessary and in accordance with the law. Categories of recipients include:

  • Website and IT service providers (hosting, maintenance, security, analytics)
  • Professional advisers (legal, accounting) under confidentiality obligations
  • Authorities, regulators, and law enforcement when required by law
  • Successors in the event of a reorganisation, merger, or transfer of our operations

We require recipients to protect your data and to use it only for the purposes we specify.

8. International data transfers

Some service providers may be located outside the UK or EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Addendum, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms. You may request further information about these safeguards by contacting us.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this Policy or to meet legal, accounting, or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 12 months from last contact
  • Marketing subscriber data: until you withdraw consent or unsubscribe
  • Website logs and security records: 12 to 24 months
  • Analytics data (cookie-based): up to 13 months, subject to your consent
  • Legal records and claims: for the duration of the matter and applicable statutory limitation periods

We may retain aggregated or anonymised data that does not identify you, for analysis and reporting.

10. Your rights

Depending on your location and subject to legal conditions, you have the right to:

  • Access your personal data and receive a copy
  • Correct inaccurate or incomplete data
  • Delete your data in certain circumstances
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests or direct marketing
  • Withdraw consent at any time where processing is based on consent
  • Data portability, where applicable

You will not be discriminated against for exercising your rights. We may need to verify your identity before responding.

11. How to exercise your rights

To make a request or ask a question about your rights, contact us at privacy@greengingershoppingarcade.co.uk. Please describe your request clearly and provide enough information to identify you. We will respond without undue delay and within one month, or inform you if we need more time due to complexity or volume of requests. There is no fee to exercise your rights, unless requests are manifestly unfounded or excessive.

12. Data security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/SSL) for the Website
  • Access controls and least-privilege principles for administrative systems
  • Secure configuration, monitoring, and routine patching of systems
  • Data minimisation and retention controls
  • Staff awareness on privacy and security practices

While we take reasonable steps to protect your data, no internet transmission or storage system can be guaranteed to be 100% secure.

13. Children’s privacy

The Website is not intended for children and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

14. Data Protection Officer (DPO) and privacy contact

We have appointed a Data Protection Officer to oversee privacy matters. You can contact our DPO at: dpo@greengingershoppingarcade.co.uk

For general privacy enquiries, you can also contact: privacy@greengingershoppingarcade.co.uk

15. Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Changes take effect when posted on the Website. We encourage you to review this Policy periodically.

Last updated: 8 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 GreenGinger