Privacy Policy
This Privacy Policy describes the principles governing our processing of information about you, including personal data and cookies.
1. General Information
- This policy applies to the Website operating at: mrgreengrass.co.uk
- The Website Operator and Personal Data Administrator is: MR GREEN GRASS LTD, Company number 14684038, 22 Chiltern Avenue, Huddersfield, England, HD3 3PF
- Operator’s email contact address: contact@mrgreengrass.co.uk
- The Operator is the Administrator of your personal data regarding data voluntarily provided on the Website.
- The Website uses personal data for the following purposes:
- Running a newsletter
- Operating a comment system
- Conducting online chat conversations
- Handling inquiries via forms
- Preparing, packaging, and shipping goods
- Fulfilling ordered services
- Presenting offers or information
- The Website collects information about users and their behavior in the following ways:
- Through voluntarily entered data in forms, which are entered into the Operator’s systems.
- By saving cookies („cookies”) on end devices.
2. Selected Data Protection Methods Used by the Operator
- Login and personal data entry areas are protected by transmission encryption (SSL certificate). This ensures that personal data and login details entered on the site are encrypted on the user’s device and can only be read on the target server.
- User passwords are stored in hashed form. The hashing function is one-way, meaning it cannot be reversed, which is the modern standard for storing user passwords.
- The Operator periodically changes administrative passwords.
- To protect data, the Operator regularly performs backups.
- An essential element of data protection is the regular updating of all software used by the Operator to process personal data, particularly regular updates of programming components.
3. Hosting
- The Website is hosted (technically maintained) on the servers of: CyberFolks Ltd
- Hosting company details: CyberFolks S.A., registered in ul. Wierzbięcice 1B, 61-569 Poznań, Poland, NIP: 7792467259, REGON: 367731587, KRS: 0000685595.
- You can learn more about hosting and review the hosting provider’s privacy policy at: https://cyberfolks.pl
- The hosting provider:
- Implements measures to prevent data loss (e.g., disk arrays, regular backups).
- Applies adequate safeguards for processing locations in case of fire (e.g., specialized fire suppression systems).
- Uses measures to protect systems against sudden power failures (e.g., dual power feeds, generators, UPS voltage backup systems).
- Enforces physical access controls to data processing locations (e.g., access control, CCTV monitoring).
- Ensures appropriate environmental conditions for servers (e.g., climate control, specialized air conditioning).
- Adopts organizational measures to ensure high protection and confidentiality (training, internal policies, password policies, etc.).
- Has appointed a Data Protection Officer.
- The hosting provider maintains server-level logs for technical reliability. Logs may include:
- Resources identified by URL (addresses of requested resources: pages, files).
- Timestamp of the request.
- Timestamp of the response.
- Client station name – identification via HTTP protocol.
- Error information during HTTP transactions.
- URL of the previously visited page (referer link) – if the user accessed the Website via a link.
- User browser information.
- IP address information.
- Diagnostic data related to self-service order processes.
- Information related to email handling sent to and by the Operator.
4. Your Rights and Additional Information About Data Use
- To comply with data protection obligations and ensure effective safeguards, the Operator has appointed a Data Protection Officer.
- The Data Protection Officer is: Mark Solarz, contact email: contact@mrgreengrass.co.uk
- In certain situations, the Administrator may transfer your personal data to other recipients if necessary to perform a contract with you or fulfill the Administrator’s obligations. This applies to:
- Hosting company under data processing agreements
- Couriers
- Postal operators
- Payment processors
- Comment system operators
- Online chat solution providers
- Authorized employees and associates who use data to achieve the Website’s purposes
- Marketing service providers acting for the Administrator
- Your personal data processed by the Administrator will not be retained longer than necessary under applicable laws (e.g., accounting regulations). Marketing data will not be processed for more than 3 years.
- You have the right to request from the Administrator:
- Access to your personal data,
- Rectification,
- Erasure,
- Restriction of processing,
- Data portability.
- You have the right to object to processing under Article 21 GDPR regarding data processed for the Administrator’s legitimate interests, including profiling. This right does not apply if there are overriding legitimate grounds for processing.
- You may lodge a complaint with the UK Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- Providing personal data is voluntary but necessary to use the Website.
- Automated decision-making, including profiling, may occur to fulfill contracts or for the Administrator’s direct marketing.
- Personal data may be transferred to third countries under data protection laws, meaning outside the UK/EEA.
5. Information in Forms
- The Website collects voluntarily provided information, including personal data.
- The Website may save connection parameters (timestamp, IP address).
- In some cases, the Website may store information to link form data with the user’s email address. In such cases, the email appears within the URL of the page containing the form.
- Form data is processed for the purpose specified in the form’s context (e.g., service requests, commercial contact, registrations).
6. Administrator’s Logs
- User behavior on the Website may be logged for administrative purposes.
7. Key Marketing Techniques
- The Operator uses traffic analysis via Google Analytics (Google LLC, USA). The Operator does not share personal data but anonymized information. The service uses cookies. To manage preferences collected by Google’s ad network, visit: https://adssettings.google.com/
- The Operator uses remarketing to tailor ads to user behavior. This does not involve sharing personal data but requires cookies.
- The Operator employs Facebook Pixel. Facebook (Meta Platforms Inc., USA) tracks registered users interacting with the Website. This relies on Facebook’s data, not personal data from the Operator. Cookies are used.
- The Operator analyzes user behavior via heatmaps and session recording. Data is anonymized before processing. Passwords and personal data are not recorded.
- The Operator automates actions, such as sending emails post-visit, if the user consents to marketing.
8. Information About Cookies
- The Website uses cookies.
- Cookies are text files stored on your device, typically containing the website name, storage time, and a unique ID.
- The Website Operator places cookies on your device and accesses them.
- Cookies are used for:
- Maintaining user sessions (after login), eliminating the need to re-enter credentials.
- Achieving the purposes outlined in “Key Marketing Techniques.”
- Two cookie types are used: „session” (temporary until logout/browser closure) and „persistent” (stored until deletion or expiration).
- Web browsers typically allow cookies by default. Users can delete or block cookies (see browser help files). Disabling essential cookies may impair Website functionality.
- Cookies may also be used by partners (e.g., Google, Meta, Twitter).
9. Managing Cookies – How to Grant/Withdraw Consent?
- To disable cookies, adjust browser settings. Note: Disabling essential cookies (e.g., for authentication) may hinder Website use.
- Cookie management instructions for browsers:
Mobile devices: