GDPR Compliance Statement
Last updated: 9 April 2026
Our Commitment to Data Protection
Knowlora Trek Ltd is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented appropriate policies, procedures, and technical measures to protect personal information.
This statement outlines our approach to GDPR compliance and provides specific information about how we handle personal data in accordance with data protection law.
Data Controller Information
For the purposes of UK GDPR, the data controller is:
Knowlora Trek Ltd
Company Number: 07842156
Registered Address: 42 Woodland Gardens, Sevenoaks, Kent TN13 3RJ
Email: [email protected]
We do not currently have a designated Data Protection Officer given the nature and scale of our processing activities. Data protection matters are overseen by our senior management team.
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The specific lawful basis depends on the purpose of processing:
Contractual Necessity
We process client data to fulfill our service contracts, including arranging consultations, developing garden designs, delivering planting services, and providing ongoing maintenance.
Legitimate Interests
We process data based on legitimate business interests, including:
- Responding to enquiries from prospective clients
- Maintaining records of completed projects for reference and warranty purposes
- Improving our services based on client feedback and usage data
- Protecting our business from fraud or legal claims
We have assessed that these interests do not override your fundamental rights and freedoms.
Consent
In certain circumstances, we obtain explicit consent before processing personal data, such as when using cookies for analytics purposes or when sending marketing communications.
Legal Obligations
We process data to comply with legal requirements, including tax obligations, employment law, and health and safety regulations.
Data Subject Rights
Under UK GDPR, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.
Right of Access
You can request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request, unless the request is manifestly unfounded or excessive.
Right to Rectification
If you believe any information we hold about you is inaccurate or incomplete, you can request correction. We will respond within one month and notify any third parties with whom we have shared the data.
Right to Erasure
In certain circumstances, you can request deletion of your personal data. This right applies when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Erasure is required to comply with a legal obligation
This right may be limited where we have legal obligations to retain data, such as tax records.
Right to Restriction of Processing
You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
Where processing is based on consent or contract and is carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision Making
We do not use automated decision-making or profiling in our business operations.
How to Exercise Your Rights
To exercise any of your data protection rights, please contact us:
- Email: [email protected]
- Post: Knowlora Trek Ltd, 42 Woodland Gardens, Sevenoaks, Kent TN13 3RJ
We will respond to all legitimate requests within one month. In complex cases, we may extend this period by two additional months and will explain the reasons for the delay.
To verify your identity, we may request additional information before processing your request. This protects your data from unauthorised access.
Data Security Measures
We have implemented technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of digital records containing personal data
- Access controls limiting who can view and process personal information
- Secure physical storage for paper records
- Regular security assessments and updates
- Staff training on data protection responsibilities
- Confidentiality agreements with employees and contractors
- Secure disposal procedures for data that is no longer required
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Client project files: Seven years from project completion (to support warranty claims and legal requirements)
- Financial records: Six years (as required by HMRC)
- Enquiries not resulting in engagement: Two years
- Marketing consent records: Until consent is withdrawn, plus sufficient time to demonstrate compliance
When data is no longer required, it is securely deleted or anonymised.
Third-Party Processing
When we engage third-party service providers who process personal data on our behalf (data processors), we ensure:
- Written contracts are in place specifying data protection obligations
- Processors only act on our documented instructions
- Appropriate security measures are implemented
- Confidentiality commitments are in place
- Processors assist us in meeting our GDPR obligations
Examples of processors we may use include soil testing laboratories, specialist plant nurseries, and accounting software providers.
Data Breach Procedures
We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach likely to result in a risk to your rights and freedoms:
- We will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
- We will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- We will document all breaches and our response to them
- We will take steps to mitigate the effects of the breach and prevent recurrence
International Data Transfers
We primarily store and process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
- Transfers to countries with adequacy decisions from the UK government
- Standard contractual clauses approved by the UK authorities
- Other mechanisms permitted under UK GDPR
Children's Data
Our services are not directed at individuals under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected such data, we will delete it promptly.
Updates to Our Practices
We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. This statement may be updated to reflect changes in our processing activities or legal requirements. Significant changes will be communicated to active clients.
Complaints and Supervisory Authority
If you believe we have not handled your personal data appropriately or have concerns about our compliance with data protection law, please contact us first so we can address your concerns.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Contact Us
For questions about our GDPR compliance or to exercise your data protection rights:
Knowlora Trek Ltd
42 Woodland Gardens
Sevenoaks, Kent TN13 3RJ
Email: [email protected]