Rosehip respects your privacy and will not sell or make available in any way your personal information except where specific permission has been given. This statement sets out the principles governing our use of your data:
Any details that you provide to us from which we can identify you are protected by the General Data Protection Regulation, coming into full effect on 25th May 2018. This framework is designed to protect your data in a networked world. GDPR requires that information gathering is carried out in a concise, informed and unambiguous way and your consent must be freely given.
Our ‘sign-up forms’, both electronic and physical, are designed to ensure the user understands that they are signing up to communications which will include news from Rosehip, and marketing campaigns. By signing up to the Rosehip Database, individuals are agreeing that we have a lawful basis for collecting and processing personal data. Unless otherwise instructed we will hold this information for ten years, at which point you will be contacted to reconfirm your subscription.
GDPR also stipulates an individual’s ‘right to be forgotten’. To this end if you do not wish to receive any further emails from us please use the “unsubscribe” link found in all email communications. Alternatively send your unsubscribe request to *protected email*. Please allow a few days for the request to process.
For the avoidance of doubt, Rosehip will not pass data to any third parties except to enable you to receive information you have requested to be sent to you by post or email.
Our site may link to other websites and we are not responsible for their data policies or procedures or their content.
If you are concerned about how your data is stored please contact us by emailing *protected email* for further information; if you are not satisfied with our response you have the right to complain to the Information Commissioners Office.
By the definitions of GDPR Rosehip is the ‘controller’ of your data, the organisation MailChimp is the ‘processor’ of your data. Subscribers personal details will be transferred to MailChimp, the applicable activities performed by MailChimp are: data collection through electronic sign up forms, storage of personal data in distribution lists and the transfer of personal data to certain of MailChimp’s sub-processors, who perform critical support for their services. Mailchimp’s servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. The legal ground for transferring personal data set out in the GDPR allows for an ‘adequacy decision’ – a decision by the European Commission that an adequate level of protection exists for personal data in the country, territory or organisation to which it is being transferred. A ‘Privacy Shield’ framework is one such example. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.