GDPR and Privacy Policy

Last updated: March 2026

Applies to: www.rhubarbfarm.co.uk

Introduction

Rhubarb Farm (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal information we collect through our website, how we use it, and the choices you have. We follow the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws.

1. Who we are

Rhubarb Farm is the collective term for Rhubarb Farm CIC and Rhubarb Farm CIO. Both organisations work together to provide our services, and both act as joint controllers for the personal data collected through this website.

Address: Rhubarb Farm, Hardwick Street, Langwith, NG20 9DR

Telephone: 01623 741210

Email:

2. What personal data we collect

We only collect the information we need to operate our website, respond to enquiries, and improve our services.

a. Information you provide to us

This may include:

  • Your name, email address, and phone number
  • Messages submitted through our contact form
  • Details provided in any online application or enquiry forms
  • Newsletter subscription information, if you choose to sign up

b. Information collected automatically

When you use our website, we may collect:

  • Your IP address
  • Device type and browser version
  • Pages visited and the time spent on each page
  • How you found our website, such as through a search engine

This helps us understand how our website is used and keep it secure.

c. Cookies

We use cookies to:

  • Make our website function properly
  • Improve site performance and accessibility
  • Understand how visitors use the site

You can manage or disable cookies through your browser. For more detail, please see our Cookie Policy.

3. How we use your personal data

We use your information to:

  • Respond to enquiries sent through the website
  • Process applications or requests submitted through online forms
  • Send newsletters, if you choose to subscribe
  • Monitor website performance and improve user experience
  • Maintain the security and reliability of our website and systems

We do not sell your personal data, and we do not use it for profiling or automated decision-making.

We also want to reassure visitors that we do not collect or process any health, social care, or support-related information through the website. Any confidential or sensitive information connected to support programmes is stored securely within our internal systems, not on this site.

4. Our lawful bases for processing

Under the UK GDPR, we rely on the following lawful bases:

  • Consent – for newsletters and optional form submissions.
  • Legitimate Interests – for handling general enquiries, improving website performance, and maintaining security.
  • Legal Obligation – when we must share information with law-enforcement or regulatory bodies.

5. How long we keep your information

We keep your personal data only as long as necessary for the purpose it was collected.

As a guide:

  • Contact form messages: kept for up to 12 months
  • Newsletter data: kept until you unsubscribe
  • Website analytics data: usually kept for 26 months or less, depending on provider settings

After this, data is securely deleted or anonymised.

6. Sharing your information

We only share information when necessary and with appropriate safeguards in place.

Examples include:

  • Website hosting providers
  • Email service providers
  • Analytics tools

These organisations act as data processors and can only use your information on our instructions.

We will never sell your information to anyone.

7. International data transfers

Some of our service providers may store data outside the UK. When this happens, we ensure that appropriate safeguards are in place, such as:

  • UK adequacy decisions, or
  • Standard Contractual Clauses (SCCs)

These measures ensure your data remains protected to UK GDPR standards.

8. Your rights

You have rights over your personal data, including:

  • The right to access your information
  • The right to correct inaccurate data
  • The right to request deletion
  • The right to withdraw consent
  • The right to object or restrict processing
  • The right to data portability
  • The right to complain to the ICO

To exercise your rights, contact us at .

You can also contact the Information Commissioner’s Office at www.ico.org.uk.

9. Security

We use appropriate technical and organisational measures to protect your personal information. This includes secure hosting, access controls, strong password standards, and regular monitoring of system security.

10. Links to other websites

Our website may contain links to other websites. We are not responsible for their content or privacy practices, so we encourage you to read the privacy policies of any external sites you visit.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. 

Any changes will be posted on this page with an updated “Last updated” date.