PlantNetwork Privacy Policy

Policy last updated: 10 January 2024


This privacy policy explains how and why PlantNetwork collects, uses, and shares your personal data. We are committed to protecting your privacy and will only collect and use your data in ways that are lawful, necessary, and transparent. We appreciate that people using our services place their trust in us to manage their information safely and with respect.

If you want to find out about our Cookie policy please see here.

Who we are

We are PlantNetwork, a charity registered in England & Wales (reg. no. 1081747). We are registered with Companies House (Reg. No 03777793). Our registered office is c/o Critchleys, Beaver House, 23-38 Hythe Bridge St, Oxford OX1 2EP, UK.

You can can contact us at

Who do we collect data from?

  • Our members
  • People who use our website
  • People who work with us such as speakers, sponsors, donors, providers of services like catering, or transport.
  • Job applicants and volunteers.

What personal data do we collect?

We collect a variety of personal data from you, including:

  • Contact information, such as your name, organisation name, email address, job title, employer and phone number;
  • Information about your use of our website, such as the pages you visit and the links you click.
  • We may also create information about you that becomes your personal data, such as your membership and payment history, events you have attended, past employers (if you held a membership through them).
  • We take photographs and make video and audio recordings at our events for the purpose of promotion and fundraising.

    We don’t collect payment data.

Why do we need that data?

We use your data to provide the best service that we possibly can to our members and the other people we work with or alongside. We do this in accordance with applicable laws and regulations as well as your reasonable expectations. We update our policy regularly to make sure that it fulfils its purpose in serving us and protecting everyone who gives us their data.

We only use your data if we have a legal basis for doing so. You can find out more about this and how to protect your data online here: Information Commissioner’s Office.

How do we collect your personal data?

We collect your personal data in a variety of ways, including:

  • When you provide it to us directly, such as when you create an account on our website, apply for a role, or sign up for our newsletter or an event;
  • When you use our website, such as when you browse our pages or interact with our content;
  • From third parties, such as when you interact with our digital channels including website members area and social media, or book an event.
  • From cookies and other tracking technologies.

How do we use your personal data?

We use your personal data for a variety of purposes, including:

  • To provide you with the services you have requested, such as the newsletter or events;
  • To improve our website and services;
  • To notify you of important information about PlantNetwork, such as our Annual General Meeting;
  • To carry out surveys to improve what we offer to our members.
  • To manage our membership;
  • To organise events;
  • To comply with our legal obligations.

How long do we keep your personal data?

We will only use and store your information for as long as it is required, for the purposes it was collected. How long it will be stored depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

Who do we share your personal data with?

We may share your personal data with third parties, such as:

  • Our service providers, for example the companies that process payments on our behalf, catering companies and similar;
  • Analytics providers, who help us to track and measure the use of our website;
  • Government agencies, if we are required to do so by law. We do not sell your data.

How do we protect your personal data?

We take the security of your personal data very seriously. We use a variety of security measures to protect your data, including:

  • Secure data storage;
  • Secure data transmission;
  • Access controls;
  • Regular security audits.

What do we do if there is a data breach?

If we think that there is a risk of a personal data breach, we follow the procedures laid down by the Information Commissioner’s Office (ICO):

  • We would first collate information about the source of the breach, and the practical options for containment and mitigation.
  • Next we would assess the risk of harm to those affected, whether that’s our members, volunteers, staff or others.
  • We would then take action to protect those affected by the breach.
  • Finally, we would prepare a report to submit to the ICO within 72 hours of discovery.

Your rights

You have a number of rights in relation to your personal data, including:

  • The right to withdraw your consent to the processing of your personal data;
  • The right to request a copy of your personal data;
  • The right to request information about how your personal data is processed;
  • The right to request correction of your personal data;
  • The right to request deletion of your personal data;
  • The right to request restriction of the processing of your personal data in certain circumstances;

Access to your personal data

You can find out if PlantNetwork holds any personal information about you by making a Subject Access Request to:

The Data Protection Officer, PlantNetwork, c/o Critchleys, Beaver House, 23-38 Hythe Bridge St, Oxford OX1 2EP, UK.

If PlantNetwork does hold information about we may ask you to provide the following details:

  • the personal information you want to access;
  • where it is likely to be held;
  • the date range of the information you wish to access.

We will need you to confirm your identity.

If we hold personal information about you, we will give you a copy of the information in an understandable format, and with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.

How to contact us

If you have any questions about this privacy policy or your rights, please contact us at:

Changes to this privacy policy

We may update this privacy policy from time to time.