Privacy Policy for Trellis and Fern
We maintain an unwavering dedication to protecting and preserving all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for ensuring the proper handling, processing, and protection of all personal data submitted through our website.
We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation paths, timing and duration of visits, click patterns, device information, and interaction metrics. This information is collected through automated logging systems, cookies, and analytics tools and may include browsing patterns on gardening articles, time spent on design inspiration pages, and interaction with sustainability resources. The source of this data is our analytics software and server logs. We process this information for several important purposes, including improving website performance, enhancing user experience, analyzing content effectiveness, and optimizing service delivery, which enables us to provide better content recommendations, improve site navigation, and personalize user experiences. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
We may process account data (“account data”), which comprehensively includes name, email address, telephone number, billing address, account preferences, communication settings, and subscription details. This information is collected through registration forms, account updates, and direct user input and may include newsletter preferences, garden planning tool settings, and content saving options. The source of this data is user-provided information during account creation and management. We process this information for managing user accounts, processing transactions, providing personalized services, and maintaining communication channels, which enables us to deliver customized content, process orders efficiently, and maintain secure user profiles. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process profile data (“profile data”), which comprehensively includes gardening interests, design preferences, sustainability goals, project history, and saved content. This information is collected through user interactions, preference settings, and content engagement and may include favorite plant types, garden design style preferences, and project planning details. The source of this data is your direct input and interaction with our platform. We process this information for personalizing user experience, providing relevant content recommendations, facilitating community connections, and improving service offerings, which enables us to deliver targeted inspiration, connect users with relevant resources, and enhance platform functionality. The legal basis for this processing is our legitimate interests in providing personalized services and maintaining an engaging user experience.
You have the following rights regarding your personal data:
Right to Access
You have the right to access your personal data, which means you can request and receive a comprehensive copy of all personal information we hold about you. This includes the ability to receive confirmation of data processing, obtain copies of your data, and verify the lawfulness of processing. To exercise this right, you can submit a formal request through our dedicated privacy portal or contact our data protection team directly. We will respond within 30 days and may require proof of identity, account verification, and specific data scope clarification to verify your identity.
Right to Rectification
You have the right to rectification, which means you can request corrections or updates to any inaccurate or incomplete personal data we hold about you. This includes the ability to update account information, correct profile details, and modify preferences. To exercise this right, you can use our account settings interface or submit a formal correction request through our support channels. We will process your request within 15 days and may require current account credentials, proof of correct information, and specific identification documents to verify your identity.
[Character limit reached – Continued in next part]Data Processing and Security Measures
At Trellis and Fern, we take the security and proper handling of your personal data seriously. The following details explain how we process and protect your information.
Data Processing
We process Service Data which includes account profiles, gardening preferences, plant collections, and user-generated content. This processing involves automated collection, storage, and analysis, enabling us to provide personalized gardening recommendations and community features. For example, in the context of gardening, this includes tracking plant care schedules and growth progress. The legal basis for this processing is legitimate interests and contract fulfillment, specifically to deliver our core gardening services and community features.
We process Technical Data which includes device information, IP addresses, browser type, and site interaction patterns. This processing involves automated logging, analysis, and performance optimization, enabling us to ensure optimal site functionality and security. For example, in the context of gardening, this includes adapting plant care recommendations based on your local climate data. The legal basis for this processing is legitimate interests, specifically to maintain and improve our digital services.
We process Communication Data which includes emails, messages, comments, and support inquiries. This processing involves storage, analysis, and response management, enabling us to provide customer support and community engagement. For example, in the context of gardening, this includes handling plant care questions and community discussions. The legal basis for this processing is consent and legitimate interests, specifically to maintain communication channels with our users.
We process Transaction Data which includes purchase history, payment details, and shipping information. This processing involves secure payment processing and order fulfillment, enabling us to process garden supply purchases and subscriptions. For example, in the context of gardening, this includes tracking seasonal plant orders and gardening tool purchases. The legal basis for this processing is contract fulfillment and legal obligations, specifically to complete transactions and maintain required records.
We process Preference Data which includes saved items, browsing history, and customization settings. This processing involves preference tracking and personalization, enabling us to provide tailored content and recommendations. For example, in the context of gardening, this includes remembering preferred plant types and garden designs. The legal basis for this processing is legitimate interests and consent, specifically to enhance user experience.
Security Measures
Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.
We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.
Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.
Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.
We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.
All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive data.
International Transfers
We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Privacy Shield certifications, and Binding Corporate Rules. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies
International transfers are protected by EU Standard Contractual Clauses, UK International Data Transfer Agreements, and ISO 27001 standards, ensuring compliance with GDPR and local data protection regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures
Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees
Data Retention
We maintain specific retention periods for different data categories:
Account Information: Retained for the duration of active account plus 24 months after closure to facilitate account reactivation and maintain service continuity
Usage Data: Retained for 12 months to analyze usage patterns and improve services
Transaction Records: Retained for 7 years to comply with tax and financial regulations
Communication History: Retained for 36 months to maintain service quality and handle ongoing inquiries
Technical Logs: Retained for 6 months to ensure system security and performance
These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences
Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy
At Trellis and Fern, we use various types of cookies to enhance your gardening journey and website experience. Here’s how we implement different cookie technologies:
Essential Cookies
Essential cookies serve fundamental functions for basic website operations and security. These cookies process authentication tokens and session data to enable secure access to your gardening resources and account features. For example, they maintain your login status while browsing plant care guides and remember items in your garden planning tools. We use them specifically for:
– User authentication
– Security measures
– Basic site operations
– Session management
– Technical stability
Functional Cookies
Functional cookies process your preferences to optimize your gardening experience. They handle user interface settings and regional data to deliver personalized content. For instance, these cookies remember your preferred plant hardiness zone and measurement units for growing instructions. They enable:
– Language preferences
– Region-specific content
– User interface customization
– Feature optimization
– Personalized settings
Analytics Cookies
Analytics cookies collect data about how you interact with our gardening resources. They process navigation patterns and feature usage metrics to help us understand which plant guides and garden planning tools are most valuable. These cookies track:
– Page interactions
– Navigation patterns
– Feature usage
– Session duration
– User preferences
Performance Cookies
Performance cookies monitor technical aspects of your site experience. They process loading times and system metrics to ensure smooth access to our garden planning features and plant databases. They assess website operation by:
– Monitoring site speed
– Identifying technical issues
– Optimizing content delivery
– Analyzing user experience
– Tracking system performance
Cookie Management
You maintain control over your cookie preferences through:
– Browser settings
– Cookie consent tools
– Privacy preferences
– Account settings
For EU residents, we ensure GDPR compliance through:
– Explicit consent mechanisms
– Data minimization
– Purpose limitation
– Storage limitations
– Processing transparency
California residents receive additional rights under CCPA:
– Right to know about personal information collected
– Right to delete personal data
– Right to opt-out of data sales
– Right to non-discrimination
– Right to access collected information
For users under 13, we maintain COPPA compliance through:
– Age verification requirements
– Parental consent procedures
– Limited data collection
– Special protection measures
– Parental access rights
Policy updates involve:
– Regular review procedures
– User notifications
– Consent renewal when required
– Clear change documentation
– Continuous compliance monitoring
For privacy-related inquiries:
– Primary Contact: [email protected]
– Response Time: Within 48 hours
– Verification Required: For data-related requests
– Available Support: Privacy concerns, data requests, rights exercise
This policy was created specifically for trellisandfern.com and covers all associated services within the gardening industry.