We collect only the data we need to process your order and provide support. We don't sell your data, share it with advertisers, or use it for any purpose you haven't consented to.
1. WHO WE ARE
Lawn Theory Ltd is a company registered in England and Wales. We sell grass seed, lawn care products, and related accessories directly to consumers via our website at lawntheory.co.uk.
For the purposes of UK data protection law, Lawn Theory Ltd is the data controller for the personal data we collect via this website. Our contact details are set out at the end of this policy.
2. WHAT DATA WE COLLECT
Data you give us directly
- Order information: your name, email address, delivery address, and order details when you purchase from us
- Payment information: we do not store your card details — payments are processed securely by Stripe, who are PCI-DSS compliant. We receive only a confirmation of payment and a transaction reference
- Contact form submissions: your name, email address, and the content of your message when you contact us via our website
- Email sign-up: your email address if you subscribe to our mailing list
- Expert advice queries: any information about your garden, soil conditions, or lawn problems that you share when requesting advice from our team
Data collected automatically
- Usage data: pages visited, time spent on pages, referring website, and browser/device type — collected via standard web server logs and analytics
- IP address: collected automatically as part of normal web server operation
3. HOW WE USE YOUR DATA
We use the data we collect for the following purposes:
- Processing and fulfilling your orders, including sending dispatch and delivery notifications
- Responding to customer service queries and providing expert lawn advice
- Sending order-related communications (confirmation emails, dispatch notifications, and follow-up satisfaction checks)
- Sending our email newsletter, where you have subscribed and consented
- Improving our website and understanding how customers use it
- Complying with our legal obligations (including maintaining records for tax purposes)
We do not use your data for automated profiling or automated decision-making that produces legal or similarly significant effects.
4. LEGAL BASIS FOR PROCESSING
Under UK GDPR, we rely on the following legal bases for processing your personal data:
- Contract performance: processing your order, fulfilling delivery, and providing the services you've purchased
- Legitimate interests: responding to enquiries, improving our website, and preventing fraud
- Consent: sending marketing emails (you can withdraw consent at any time by clicking unsubscribe in any email or contacting us directly)
- Legal obligation: maintaining financial records for HMRC
5. WHO WE SHARE DATA WITH
We share your data only where necessary to provide our service:
- Stripe: our payment processor. Stripe handle payment card data on our behalf and are PCI-DSS Level 1 certified. See Stripe's privacy policy at stripe.com/gb/privacy
- Royal Mail / courier partners: your name and delivery address are shared with our shipping providers to fulfil delivery
- Netlify: our website hosting provider. Form submissions may pass through Netlify's infrastructure
- Email service providers: if you subscribe to our mailing list, your email address is stored with our email platform
We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers or data brokers.
6. HOW LONG WE KEEP DATA
- Order records: 7 years from the date of the transaction, as required by HMRC for tax purposes
- Customer service communications: 2 years from the date of the last interaction
- Email subscriber data: until you unsubscribe or request deletion
- Website analytics: 26 months in aggregated, anonymised form
7. YOUR RIGHTS
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: you can request a copy of the personal data we hold about you
- Right to rectification: you can ask us to correct inaccurate data
- Right to erasure: you can ask us to delete your data where we no longer have a legal basis to hold it
- Right to restrict processing: you can ask us to pause processing while a dispute is resolved
- Right to data portability: you can ask for your data in a structured, machine-readable format
- Right to object: you can object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, contact us at the address below. We will respond within 30 days. If you believe we have handled your data incorrectly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. COOKIES
Our website uses a small number of cookies necessary for the site to function. We do not use advertising cookies or third-party tracking cookies. The cookies we use are:
- Session cookies: temporary cookies that expire when you close your browser, used to maintain your session while browsing
- Analytics cookies: anonymised usage data to help us understand how the site is used. No personally identifiable information is collected via these cookies
You can disable cookies in your browser settings. Disabling all cookies may affect the functionality of some parts of our website.
9. SECURITY
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS. Payment processing is handled by Stripe, who maintain PCI-DSS Level 1 compliance. We do not store payment card data on our own systems.
No method of transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.
10. CHANGES TO THIS POLICY
We may update this privacy policy from time to time. When we make material changes, we will update the "last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website following any changes constitutes your acceptance of the updated policy.
For any questions about this privacy policy or to exercise your data rights, contact us:
Lawn Theory Ltd
Email: hello@lawntheory.co.uk
Website: lawntheory.co.uk/contact
We aim to respond to all data requests within 30 days.