Privacy Policy

Privacy Policy

Last updated: 19 January 2026

1. Data controller

The data controller for this website and the Responsible Sourcing Scheme for Growing Media is:

Responsible Sourcing Scheme for Growing Media
c/o British Growers Association Ltd.
BGA House
Nottingham Road
Louth
Lincolnshire
LN11 0WB
United Kingdom

Email: info@responsiblesourcing.org.uk
Phone: 01507 602 427

2. Purpose of this policy

This policy explains how we collect, use and safeguard personal data when you interact with the Responsible Sourcing Scheme (“RSS”, “we”, “us”, “our”), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: your name, job title, organisation, postal address, email address, phone number and other details you provide when contacting us or applying for membership.

  • Membership application data: information supplied on our membership forms, including company details, contact persons, product categories and any additional comments you choose to provide.

  • Communication data: the content of messages you send to us via the contact form or by email.

  • Technical and usage data: IP address, browser type and version, pages visited and other usage statistics collected through cookies and analytics tools.

We do not intentionally collect special category (sensitive) personal data or payment card details through this website.

4. How we collect personal data

Personal data is collected when you:

  • Submit a contact form, membership form or other web form;

  • Email or phone us;

  • Sign up for newsletters or updates;

  • Browse our website (through cookies and analytics).

5. Lawful bases for processing

Under the UK GDPR, we process personal data on one or more of the following lawful bases:

  • Legitimate interests – to operate, manage and improve the RSS and its website;

  • Performance of a contract – to assess and administer your membership and maintain our relationship with you;

  • Consent – when you voluntarily provide information or opt in to communications;

  • Legal obligation – where processing is required to comply with applicable law.

6. How we use your personal data

We use personal data to:

  • Respond to enquiries and requests;

  • Process membership applications and manage member records;

  • Administer scheme audits and compliance activities;

  • Send you scheme updates, newsletters and information relevant to your membership (if you have opted in);

  • Improve the performance, security and content of our website;

  • Maintain statutory records and accounts.

We do not sell personal data or use it for unrelated marketing purposes.

7. Cookies and analytics

Our website uses cookies to provide basic functionality and to understand how visitors use the site. You can accept or reject cookies through the cookie banner or manage them in your browser settings. For more information, please see our separate cookie notice or contact us.

8. Data sharing

We do not routinely share personal data with third parties. We may share personal data only where necessary:

  • With service providers who support our website hosting, IT systems or membership administration, under appropriate confidentiality and data‑protection safeguards;

  • With regulators or law‑enforcement authorities if required by law;

  • To comply with legal or regulatory obligations.

We do not transfer your personal data outside the UK/EEA unless adequate safeguards are in place.

9. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Membership records are retained for the duration of your membership and for a reasonable period thereafter to comply with legal or audit requirements.

10. Your rights

Under the UK GDPR you have the right to:

  • Request access to the personal data we hold about you;

  • Request correction of inaccurate or incomplete data;

  • Request erasure of your data (where there is no legal or contractual reason to continue processing);

  • Request restriction of processing;

  • Object to processing based on our legitimate interests;

  • Withdraw consent at any time (where processing is based on consent);

  • Request data portability for data you have provided to us;

  • Lodge a complaint with the UK Information Commissioner’s Office.

To exercise any of these rights, please contact us using the details above.

11. Data security

We take appropriate technical and organisational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

12. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.