Every day our business will receive, use and store personal information about our customers, suppliers and colleagues. It is important that this information is handled lawfully and appropriately in line with the requirements of the [Data Protection Act 2018] and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.
This policy, and any other documents referred to in it, sets out the basis on which we will process any personal data we collect or process.
If you have any questions about how we look after your personal data, you can contact us:
In writing to:
The Data Protection Manager James Nicholson Wine
7-9 Killyleagh Street
By email to this address: email@example.com
By telephone on +44 (0)2844 830091
In accordance with the Data Protection Requirements, we will only process personal data where it is required for a lawful purpose. The lawful purposes include (amongst others): whether the individual has given their consent, the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, or for the legitimate interest of the business. When sensitive personal data is being processed, additional conditions must be met.
Data we will collect
In the course of our business, we may collect the following information about you:
- Your name and contact details
- This can include your postal, billing and delivery addresses (which could include the addresses of any family or friends you choose to send wine to); your telephone number(s), including, if you provide it, your mobile number; and your email address
- Purchases and orders made by you
- Your payment card details (which we encrypt) when you purchase our products or services
- When you set up an account with us, your password (which we encrypt) and your marketing preferences
- Your wine preferences, favourites, ratings and reviews *Your on-line browsing history on our website
- Your correspondence with us
- Data we receive from other sources (including, for example, location data, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
How we will use the information
We use the information to:
Communicate, handle orders and deliver products and services to you; Provide you with information on products, services and promotional offers; Display content such as wish lists and customer reviews; Process payments and administer your accounts with us.
We also use this information to improve our website, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf.
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
Sharing of Data
We may share;
- Your (or your recipient’s) name, address and if applicable, contact telephone number with our carriers
- Your name and address to our third-party mailing house.
- Your email address to our third-party email marketing company.
- We may also share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We will never sell your information on to a third party.
Transferring Personal Data Outside of the EEA
- We may transfer any personal data we hold to a country outside the European Economic Area (‘EEA’) or to an international organisation, provided that one of the following conditions applies:
- The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms.
- The data subject has given his consent.
- The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
- The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
- The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
- Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
You have a number of rights under data protection laws;
The right to be informed
The right of access
You can access the personal data we hold on you by contacting us on +44 (0)2844 830091 or email firstname.lastname@example.org. To process your request, we may ask for proof of identity so that we can be sure we are releasing your personal data to the right person.
The right to rectification
If you think that the information we hold about you is inaccurate or incomplete, please ask us to correct it by contacting us on +44 (0)2844 830091 or by updating your accounts details in your online account.
The right to erasure
You can ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims. When you ask us to delete your personal data, we assume that you do not want to hear from us again. If would still like to order our products but do not want to receive any marketing communications from us, you can update your marketing preferences by contacting us on +44(0)2844 830091 or email@example.com or through the marketing preferences in your online account.
The right to transfer your personal data (known as data portability)
You have the right to move, copy or transfer your personal data from one organisation to another. We hold little information that would be much use to another wine merchant but if you do wish to transfer your personal data we would be happy to help.
The right to object
If you would like us to stop processing your personal data for marketing purposes simply let us know by contacting us +44(0)2844 830091 or firstname.lastname@example.org or through the marketing preferences in your online account.
Please note that as catalogues are printed in advance, it may take up to 4 weeks for the process to be completed and for emails it may take up to 2 weeks.
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
We use a number of cookies on our website:
These cookies enable you to navigate our site and gain full access to its features and secure areas. Without these cookies essential services cannot be provided.
These cookies remember information about how you and other customers use our website. This gives us vital information such as which pages are visited most often and if customers are receiving error messages from certain pages. These cookies allow us to analyse and improve the performance of our website. They don't collect any information that identifies the customer and all information collected is aggregated and therefore anonymous.
These cookies remember choices you made on previous visits to our site such as your username, language or region. The information collected by these cookies are anonymous.
We do not use targeting or advertising cookies.
We may update this policy from time to time to take account of any changes in business activity or to reflect any changes in law or best practice in relation to data protection.
We will notify you if we do so.
This policy was last updated on 10 May 2018.
Download a copy of this policy here