Privacy For Our Clients

Bordeaux Index recognises the importance of respecting and protecting your personal data (information) and yet in order to be able to continue to provide you with the level of service you have come to expect from us we need to collect, process and share a certain amount of information about you. In this document, we explain what information we're likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the ICO in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.

Bordeaux Index Limited is the data controller of your information. This means that we exercise some judgment in determining how and why to process the information you share with us. We may share your information with the other members of our group of companies (including our Hong Kong, Singapore and US companies). If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us here. This policy applies to all your information however captured, including through our website or via our office.

We incorporate marketing preferences in your online account, which affect how we will process your information. By using the marketing preferences functionality, you can specify whether you would like to receive direct marketing communications and limit the use of your information. You can access your marketing preferences through your online account.

Here we summarise the information we collect, why and how we use it and who we share it with. We will keep your data secure and won't sell your personal data to third parties – ever. We only use your personal data to help us provide you with a great service, and tailor the information we share with you to help make it relevant, useful and timely. We will only share your personal data with organisations involved in fulfilling our role as your wine merchant, such as delivery or storage companies.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

All your information falls into one or more of the following categories:

We may process any of your information identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court or not.

We may also process any of your information where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Please do not supply us with any other person's personal information (including personal information of children), unless we prompt you to do so. If you do share your friends’ details with us, please ensure you have their prior authorisation.

For the most part, we have ensured that the information you share with us is stored and hosted in the European Economic Area (EEA). Sometimes, we may need to share your personal data outside the EEA for example, where your data could be processed by our staff working in the United States of America, Singapore or Hong Kong. These transfers are subject to special rules under European and UK data protection law because non-EEA countries don’t have the same data protection laws. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;
  • we will use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. If you’d like a copy of these contractual provisions, or would like further information on the specific mechanism used by us when transferring your personal data out of the UK, please contact us here.

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After this period, it will be deleted or in some cases anonymised.

For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. Whilst you are an active customer (which means you have purchased from us) we will hold on to your information for as long as needed to give you the best possible customer service; financial information we will hold for 7 years. We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as is necessary to protect us from a legal claim.

Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will delete your personal information. However, please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.

For any wine that you have requested us to keep in our bonded warehouse, whilst it remains under bond we, by law, need to retain the purchase history, including all personal details associated with that purchase in order to prove the bonded value to HMRC.

In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. At any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers. You can do this by accessing your online account.

Right to complain

In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance here if you're in the UK or here if you're within the EEA and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to complain to a supervisory authority which in the UK is the Information Commissioner's Office. You can contact them on https://ico.org.uk/

At Bordeaux Index, most of the information we hold is stored on our own secure servers located in the UK or in the cloud. The key solutions we use are well- known, global businesses that are compliant with personal data laws and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by personal data laws and obligations of confidentiality.

Despite this, nothing can be 100% secure and we will notify you and the ICO of a suspected data security breach where we are legally required to do so.

This privacy notice was published on 01 January 2019 and last reviewed in July 2023.

We may change this privacy notice from time to time. Where these changes are substantial or have an impact to your rights, we will let you know. You should check this page occasionally to ensure that you are happy with any changes to this policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We have appointed Data Protection Representative Limited (trading as DataRep) to act as our representative in the European Economic Area to comply with Article 27 of the GDPR. If you are based outside the UK and would prefer to contact our representative in connection with your data privacy rights, please contact DataRep using the details shown here.

Bordeaux Index does not hold your card details in our systems. Card details are held securely at a 3rd party provider in compliance with PCI standards for processing card details. The process for saving cards for subscription use e.g. storage payments provides a unique token that we do store in Bordeaux Index and is then used in later payment transactions in the 3rd party payment providers system.