PRIVACY FOR OUR CLIENTS
BI recognises the importance of respecting and protecting your personal data (information) and yet in order to be able to continue to provide you with the level of service you have come to expect from us we need to collect, process and share a certain amount of information about you. In this document, we explain what information we’re likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the ICO in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.
BI Wines & Spirits Limited is the data controller of your information. This means that we exercise some judgment in determining how and why to process the information you share with us. We may share your information with the other members of our group of companies (including our Hong Kong, Singapore and US companies). If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us at firstname.lastname@example.org. This policy applies to all your information however captured, including through our website or via our office.
We incorporate marketing preferences in your online account, which affect how we will process your information. By using the marketing preferences functionality, you can specify whether you would like to receive direct marketing communications and limit the use of your information. You can access your marketing preferences through your online account.
What information we collect and how we use it
Here we summarise the information we collect, why and how we use it and who we share it with. We will keep your data secure and won’t sell your personal data to third parties – ever. We only use your personal data to help us provide you with a great service, and tailor the information we share with you to help make it relevant, useful and timely. We will only share your personal data with organisations involved in fulfilling our role as your wine merchant, such as delivery or storage companies.
All your information falls into one or more of the following categories:
|Why||What||From Whom||Lawful Basis||With Whom|
|To store and/or deliver your purchases to you||Your name, billing address, delivery address, phone number and email address||From you||The contract between us||Our bonded warehouse and the logistics services we use|
|To supply your purchased goods and other services and to keep a proper record of those transactions||Your name, billing address, delivery address, telephone number, email address and purchase history||From you and our records or your previous transactions with us||The contract between us||The people at our office HQ and the logistics services we use|
|To process your payments, refunds and to prevent fraud||Your card details, name and billing address,||From you directly||The contract between us to process your payments||Only those people within our company offices who need to process your payments and those other trusted organisations, including your bank and other card payment service providers, who process payments on our behalf|
|Financial management, invoicing, accounting and credit control||Details of invoices issued and payments made or owed||From you or from our records of your transactions||Our legitimate interests||The people at our office HQ including our finance team|
|To make AWRS checks, credit checks and prevent Duty fraud||A copy of relevant passports, utility bills and bank statements||From you directly||Our legitimate interests||Only those people within our company offices who need to process your payments and other trusted organisations, including professional Credit Check facilities|
|To analyse your use of our website, emails and services||Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use||From our analytics packages (including, but not limited to Google Analytics) and email services providers||Our legitimate interests, namely to monitor and improve our website and the services we provide to you||The people at our office HQ, our website developers and those we have engaged to support our marketing and website activities|
|To contact you about your orders, relevant offers, information and messages||Your name, email address, postal address, phone number or marketing preferences |
|From you and from our records of your transactions and interests||The contract between us for your orders; our legitimate interests for direct marketing communications||The people at our office HQ|
|To provide clarification, resolve issues or market relevant goods and/or services to you||Your name, email address, postal address or phone number||From you and from our records of your transactions and interests||The contract between us and to ensure that we respond to your enquiry appropriately||The people at our office HQ|
We may process any of your information identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court or not.
We may also process any of your information where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Please do not supply us with any other person's personal information (including personal information of children), unless we prompt you to do so. If you do share your friends’ details with us, please ensure you have their prior authorisation.
Transferring your personal information outside of the European Economic Area (“EEA”)
For the most part, we have ensured that the information you share with us is stored and hosted in the European Economic Area (EEA). Sometimes, we may need to share your personal data outside the EEA for example, where your data could be processed by our staff working in the United States of America, Singapore or Hong Kong. These transfers are subject to special rules under European and UK data protection law because non-EEA countries don’t have the same data protection laws. If we need to make an international transfer of information, we will use standard data protection contract clauses which have been approved by the European Commission. These are designed to re-create protections equivalent to those we enjoy in the EEA. If you’d like a copy of these clauses, please email email@example.com.
How long we hold on to your information
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After this period, it will be deleted or in some cases anonymised.
For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. Whilst you are an active customer (which means you have purchased from us) we will hold on to your information for as long as needed to give you the best possible customer service; financial information we will hold for 7 years. We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as is necessary to protect us from a legal claim.
Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will delete your personal information. However, please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
For any wine that you have requested us to keep in our bonded warehouse, whilst it remains under bond we, by law, need to retain the purchase history, including all personal details associated with that purchase in order to prove the bonded value to HMRC.
In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
|Access||You have the right to request a copy of the personal data we hold about you, but we will not include anything that compromise another person’s confidentiality or intellectual property. We’ll aim to send this to you within 1 month of your request. If we can’t do this, we’ll let you know within the 1 month|
|Rectification||You have the right to ask us to correct any mistakes in your personal data|
|To be forgotten||You have the right to require us to delete your personal data in certain situations|
|Restriction of processing||You have the right to require us to restrict processing of your personal data in certain circumstances for example, if you don’t think it’s accurate|
|Data portability||You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations|
|To object||The right to object: |
· at any time to your personal data being processed for direct marketing (including profiling) by emailing firstname.lastname@example.org· in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests
|Automated decision-making||You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. At any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers. You can do this by accessing your online account
Right to complain
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at email@example.com and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to complain to a supervisory authority which in the UK is the Information Commissioner’s Office. You can contact them on https://ico.org.uk/.
Securing your information
At BI, most of the information we hold is stored on our own secure servers located in the UK or in the cloud. The key solutions we use are well- known, global businesses that are GDPR compliant and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by the GDPR and obligations of confidentiality.
Despite this, nothing can be 100% secure and we will notify you and the ICO of a suspected data security breach where we are legally required to do so.
This privacy notice was published on 01 January 2019.
We may change this privacy notice from time to time. Where these changes are substantial or have an impact to your rights, we will let you know. You should check this page occasionally to ensure that you are happy with any changes to this policy.