The Grape Variety Limited, Company Number 11135616, ICO notification number A1091293
Registered office address: 12 Chipstead Station Parade, Chipstead, Coulsdon, Surrey, CR5 3TE.
The Grape Variety respects your privacy and seeks to protect your personal data. The following information describes how we gather and use data. The amount of information The Grape Variety holds on you and how it uses it depends on your relationship with The Grape Variety and on what service you use, so some of the sections below may not be relevant to you.
- We keep to a minimum the amount of information we hold about you.
- We use your data to respond to your enquiries about our services (the lawful basis for this is “legitimate interest”) and to provide our services to you (the lawful basis for this is “contract”).
- We delete your data when it is no longer needed.
- We apply appropriate security mechanisms to protect your personal data.
What information does The Grape Variety collect about me?
We may collect some (or all) of the following: your name, phone number, email address, IP address, social identifiers (for example, age, gender, socio-economic status), data provided by cookies and other similar technologies, functional data such as registration and system data, as well as additional usage data – for instance, your purchasing history, contact permissions, product preferences, wine stored with us or information about your attendance at one of our events.
Why does The Grape Variety need my information?
We use your data to help us provide the best experience of our products and services, which includes using data to improve (and, where possible, personalise) your experiences. We use your data to communicate with you, for example, informing you about new products or services, security and other types of updates. We also use data to fulfil contracts, to send you the goods you have bought, invoices and to collect payments.
What do you use my information for?
We use data for the following purposes:
- To improve your experience of our products and services
- Product improvement and development
- Customer support
- Security, safety and dispute resolution
- Communications and marketing
- Fulfilling contracts and collecting payment
Can I opt out of receiving communications from The Grape Variety?
Yes, you may opt out of receiving communications from us at any time by logging into your account and unsubscribing or by contacting us at [email protected] We will respect your rights under GDPR in this regard, however, this may impact the quality of service you receive from us, or prevent us from providing a service to you.
How do I delete my personal data from The Grape Variety and what are the consequences?
You can email [email protected] or contact our Customer Service team to request that your data be deleted. However, please note, by deleting your personal data you may impact the service we can provide to you. We will not delete data which is needed to fulfil a contract until that contract is completed, or unless we agree to terminate the contract. We will inform you if deleting your data will impact our ability to perform a contract in case this affects your decision.
How long does The Grape Variety keep my information?
We retain personal data for as long as necessary to provide services and products to you, to fulfil the transactions you have requested, or for other essential purposes (for example, complying with our legal obligations, resolving disputes and fulfilling our agreements). We will store your personal data for a minimum of six years after your last transaction with us, unless we have a legitimate or contractual reason or a legal obligation to retain it thereafter, for example you might hold stock in our cellars.
How is information stored?
We are committed to protecting the security of your personal data. We store data in a number of places depending on our requirements to access and use it. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on cloud based or computer systems that have limited access and are in controlled facilities. When there is a need to transmit data over the internet, it is protected by encryption and or passwords. Where possible, we avoid storing paper records of personal data.
Is The Grape Variety using cookies to gather information?
If you have any questions about the use of your personal information, please email us at [email protected] with the words “personal details” in the subject line.
What personal data do we hold and why?
When you contact us to make an enquiry, we will use your name and contact information to respond. We will then use this information to communicate with you during the provision of our services to you. We collect and update information about users of our services. We may obtain this information via direct contact with you, from third parties such as other users who refer you to us or automatically via your use of our services.
This information may include your contact details, registration and payment details, support problems, details around participation in events, prize draws or surveys and certain relevant details of your product preferences and contact permissions.
For each visitor to our website, our web server automatically recognises the user’s domain name. We also collect the email addresses of those who communicate with us via email and anonymously aggregate information on which pages users access or visit. Information volunteered by users, such as survey information and/or site registrations, is also collected. We will only use information collected in a survey on an anonymous basis unless we have your permission to do otherwise.
If you are a registered user of our services, we will gather further relevant information, such as generic types of data accessed, time of access, volume of use of services and traffic data from use of our website. Traffic data includes logs, details of networks, data and systems accessed, details of the sender and recipients of messages sent over our services, times and location of log on or access, duration of sessions, clickstream and similar usage or system data. Traffic data may sometimes be traceable to and or related to not just companies but named individuals. Before you register with The Grape Variety for access to services or transactional areas of our website, you can browse our website anonymously and we will not collect your data.
On request, we can provide you with access to all information, including proprietary information, that we maintain about you (but not other users unless required to do so by law) including unique identifier information (for example, your customer number or password) and contact information (for example, your name, address and phone number). You can request this information by emailing us at [email protected] or writing to us. We will correct inaccuracies on provision of the correct details or, where relevant, you can do this by changing your registered details online. Please note, we will never send personal information on request unless we have proof that the recipient is the owner of the data.
How do we use your information?
The Grape Variety collects and uses your information to administer, support, improve and obtain feedback on our services and to detect and prevent faults, breaches of our network security, the law or our contract terms. If you are registered to use a service, we may use the information you provide to us to carry out the service; we may also contact you to obtain feedback on that service and any improvements we could make to it.
The information we collect is used for internal review and to improve the content of our website and services. It is also used to notify users about updates to our services. This information is not shared with other organisations for commercial purposes.
If you do not want to receive emails from us in the future, please let us know by sending an email to [email protected] or by logging into your account and changing your contact permission preferences.
Who do we share your information with?
We work with third parties in the provision of some of our services, for example research agencies to help us improve our customer service, or marketing service providers who help us contact our customers and logistics partners who help deliver products.
On request, and when relevant to a service you use, we can provide details of which third parties we work with. We will also discuss and agree on any specific security questions or requirements you may have during the provision of our services.
The third parties we work with – including those who provide email and storage solutions used in our day to day work – are monitored on how they meet the requirements of current UK data protection legislation and the requirements of GDPR. When we contract with third parties we enter into agreements that encourage GDPR compliance.
Where this includes storage or processing of information outside of the European Economic Area (EEA), we include checks to ensure that compliance with the appropriate frameworks for exchange of personal data (such as the EU-US Privacy Shield) is in place. As a UK-based company our lead data protection supervisory authority is the ICO and GDPR is the standard for our data protection in all territories where data is processed.
We do not share nor sell your personal data to anyone else.
Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.
How long do we store your data for?
We will store your personal information (name, address, email, etc) for a minimum of six years after your last transaction with us. We will keep records of transactions for longer periods, but we will ensure that the data is anonymised so that personal data is deleted after six years. If you wish to stop hearing from us prior to that time then email us at [email protected] and we will remove you from our mailing lists, even though we will retain some historical purchasing records as legally required. If you are a sole trader or partnership, financial transactions between us might include some personal data. We are required by law to keep this information for the current financial year plus an additional six years.
Why do we need to store your data?
This is a legal obligation, because HMRC requires wine and spirit businesses such as ours to keep all business records concerning excise goods for at least six years. HMRC will occasionally carry out inspections of our business and the records we are required to keep for those purposes include, among other things, stock, purchases, sales and dispatches.
We may also store your information on our databases for reference and to record any preferences you have notified to us, for example in relation to your marketing communications contact permissions. The information may be retained and used by The Grape Variety to answer queries or resolve problems, provide improved and new services, to respect your rights under GDPR, for analysis purposes and for any data retention requirements of the law. This means we may retain information after you cease to use our services or after you have ceased interacting with The Grape Variety.
We store your information securely to prevent unauthorised use. See our Security section below.
Your rights regarding our use of your personal data
You can review, edit or ask us to delete your personal data we hold by contacting us directly at [email protected].
You can alter how we use your information, for example how we communicate with you, by changing your contact permissions via your online account or by contacting Customer Services. You will always have the right to opt out of receiving promotional emails and other types of marketing or sales communication from us. If you opt out, you will also have the ability to opt back in at a later date.
If you specifically wish to stop receiving emails from us, please click on the “Unsubscribe” link included at the bottom of any of our emails. We respect your choice, and we will stop sending you promotional emails once you unsubscribe. It may take up to two weeks to process your request. Alternatively, you can email us at [email protected] or log in to your account and change your contact permissions. Unsubscribing from promotional emails will not affect our ability to email you for the fulfilment of a contract or service provision.
We will respond to any request to access or delete your personal data as soon as possible, but certainly within 30 days.
Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact Us page on the ICO website.
Cookies and software agents
“Cookies” are pieces of software, which may be sent and recorded on your computer. These cookies enable us to collect information about how our websites and services are being used and to manage them more efficiently.
Until you have registered on The Grape Variety’s website, the cookie will only track general usage patterns and technical information about your computer type and will not be used to identify you individually. After registration, cookies will be used to collect information on you to facilitate and improve your website experience. Cookies are also used as a site security method to stop abuse of our subscriber service.
You can turn off the ability to receive cookies by adjusting the browser on your computer but you should note that if you do so, this may materially distort the quality of service and data you receive. Cookies are not used to collect your personal information.
Contacting you via email alerts, notices and newsletters
The Grape Variety only sends marketing information to those it believes it has a legitimate business interest to contact. For example, an existing customer or someone who has registered on our website. This means that, from time to time, we may send you email newsletters or other notifications in relation to products being promoted by us or on our website or new services being offered. If you wish to stop receiving some, or all, of our communications, you can unsubscribe by logging into your account, or follow the instructions included in our emails or contact [email protected].
If you supply us with your postal address you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such updates, you can unsubscribe by logging into your account, or please let us know by or emailing us at [email protected]
If you supply us with your telephone number you may receive periodic calls from us to tell you about our products and services or upcoming events. If you do not wish to receive such calls, please let us know by or emailing us at [email protected]
Interception of email
The Grape Variety may intercept email addressed to individuals within The Grape Variety. The reasons we do this are related to the security of your data, to our security, to the security of our staff and others, for detection and prevention of crime and to identify correct recipients or to make sure mail is dealt with during staff absence. The Grape Variety may reject, delay or remove content from emails which have a nature, content or attachments which may disrupt our systems or because they may pose security issues such as viruses.
We may also filter out emails which contain content which is considered offensive, unwanted or spam. In certain circumstances this may unfortunately result in “innocent” emails being affected. We do our best to reduce such occurrences.
The Grape Variety has developed and implemented strict policies and processes governing information technology and data user behaviour. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage and back up, transmission standards and environment integrity.
We use reasonable endeavours to install and have appropriate security measures in place in our systems and facilities to protect against the loss, misuse or alteration of information that we have collected from you.
Our website is fully PCI DSS compliant. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations like ours that handle branded credit cards from the major card schemes.
We do not store any credit card details on our website. The card details are encrypted and securely held by Cardnet.
We minimise the personal data that is accessible to our colleagues, and where appropriate we anonymise that data for marketing purposes.
We password protect personal data that is stored within the business.
To assure you of our attention to these issues we belong to the ISIS (Internet Shopping is Safe) scheme and the Wine by Mail Order Code of Practice.
When we introduce new systems and policies that relate to personal data, we ensure that data protection and security is included in the design of those systems.
What if this privacy notice changes?