Privacy Policy

The Golders Green Allotment and Horticultural Association (“GGAA”, “we”, “us”) is the data controller responsible for your personal data. We collect and process personal data so that we can manage allotment tenancies on the Golders Green site, communicate with members, and run the association on behalf of plotholders.

We are registered with the Information Commissioner’s Office (ICO) under registration number ZC139776. This policy explains what we hold about you, why we hold it, and what you can do about it.

Depending on your relationship with us, we may hold:

• Identity and contact details — name, postal address, email address, phone number, and (where supplied) date of birth.
• Tenancy details — plot number, section, plot size, tenancy start date, agreement type and signed status.
• Inspection records — committee scoring of cultivation quality, warning notes, and probationary status.
• Payment records — rent and water charges paid, outstanding balances, and payment method (we do not store full bank or card details).
• Application form responses — answers given by prospective plotholders during the waiting-list application process.
• Site access details — fob numbers and, where supplied, vehicle registration plates of cars regularly parked on site.

We collect personal data only for purposes connected to running the allotment site:

• Managing tenancy agreements and the waiting list.
• Communicating with members about the site, AGMs, and operational matters.
• Processing applications and assessing suitability fairly.
• Recording plot inspections and managing probationary tenancies.
• Collecting rent and water charges, and chasing arrears where necessary.
• Site security (e.g. fob access logging) and emergency contact.

We rely on the following lawful bases under UK GDPR:

• Contractual necessity — to perform the tenancy agreement between GGAA and a plotholder.
• Legitimate interests — to manage the association, communicate with members, run inspections, and protect the site and its plotholders.
• Consent — for the application form, where you choose to give us your data so we can consider you for a future plot. You can withdraw consent at any time by emailing the DPO.
• Legal obligation — where we are required by law (for example to respond to a court order or a request from the police).

Member, plot, application and inspection data are stored in Supabase, a cloud-hosted Postgres database with encryption at rest and in transit. Access is restricted to committee members holding an “admin” or “reviewer” role on the management portal, authenticated via password and (where applicable) member login codes. Every change made through the portal is recorded in an internal audit log.

Some legacy paper records and spreadsheets may also be held by committee officers in the course of running the association; these are kept securely and only for as long as needed.

We do not sell, rent, or share personal data with third parties for marketing purposes. We will only share your data:

• With the London Borough of Barnet, our landlord, where required by the lease (for example to evidence occupancy).
• With our hosting provider (Supabase, operated by Supabase Inc.) as a data processor under standard contractual terms.
• Where we are legally required to disclose information.

This website uses essential cookies only — specifically, cookies that keep you signed in to the members’ or admin portal during a session. We do not use tracking, analytics, or advertising cookies of any kind.

We hold personal data only for as long as we have a reason to:

• Member records — for the duration of the tenancy plus 2 years, after which they are deleted or anonymised.
• Application form responses — for up to 3 years from submission, unless the applicant takes up a plot (in which case they become a member record).
• Inspection records — for 5 years, to support fair handling of warnings and probationary decisions.
• Audit logs — for as long as the relevant member or plot record is retained.

Under UK GDPR you have the right to:

• Access — ask for a copy of the personal data we hold about you.
• Rectification — ask us to correct anything that is inaccurate or incomplete.
• Erasure — ask us to delete your data (subject to any legal or contractual reasons we may need to keep it).
• Object — object to processing based on legitimate interests.
• Restrict processing — ask us to limit how we use your data while a query is being resolved.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent — where we relied on consent, you can withdraw it at any time.

To exercise any of these rights, please email the Data Protection Officer using the contact details below. We will respond within one calendar month.

Data Protection Officer: dpo@ggaa.org.uk

Golders Green Allotment Association
London NW2 1JJ

If you are not satisfied with how we have handled your data, you have the right to complain to the Information Commissioner’s Office at ico.org.uk.