The Bottle Cocktail Shop Ltd (company number 13119257 and registered office address 108 Essex Road, London , United Kingdom, N1 8LX) is committed to respecting and protecting our customers’ privacy.
This policy applies where we are acting as a data controller with respect to your personal data, in other words, where we determine the purposes and means of the processing of such personal data. It captures personal data entered across all channels: through our website, app, in store or via our contact centre. This policy also provides certain information that is legally required and lists some of your rights in relation to your personal data.
Please read this policy carefully to understand our views regarding your personal data and how we will treat it.
This policy relates to personal information that identifies “you” meaning customers or potential customers, suppliers, individuals who browse our website and other individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
This policy is not intended for children and we do not knowingly collect personal data relating to children.
If you need to contact us in connection with our use or processing of your personal data, or gain access to it, then our contact us directly at firstname.lastname@example.org
In this section we outline the categories of personal data which we may collect, use, store, share and transfer. Usually the personal data we process falls into one or more of the following categories:
– this includes information relating to your account and transactions (including payment) with us and information which we need to fulfil your order, such as your name, date of birth, bank account or card details, information which we collect for the purposes of the prevention of fraud billing address, delivery address, phone number, email address and purchase history, some of which we may not receive directly as it may be collected by payment processors;
Internal Social Data – this includes information that you post for publication on our website or app, such as wall posts or product ratings and reviews;
Usage Data – this includes information about your use of our website or app, and reaction to our emails and services, such as your device ID, IP address, geographical location, browser type and version, operating system, length of visit, page views and website pages viewed, as well as information about the timing, frequency and pattern of your use;
Communication Data – this includes information contained in any communication, enquiry or complaint you submit to us regarding goods and/or services and personal data we create about you in relation to the same (such as where we make a written record of a complaint made in our store so that we can take steps to address the complaint) as well as any information in any survey you complete for us;
Marketing Data – this includes your advertising preferences, such as your preferences in receiving marketing materials from us and/or our third parties (such as our media and marketing agencies), your name, email address, billing address, phone number, date of birth, gender, and the user ID of any social platforms you have connected with us on;
Aggregated Data – we also obtain and use aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
We collect personal data about you in order to:
We may process any of your personal data identified in this policy where necessary for the establishment, investigation, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
Please do not supply any other person’s personal data to us, unless we prompt you to do so. If you do share personal data about someone else (such as the recipient of a gift, one of your directors or employees, or someone with whom you have business dealings) with us, you must ensure you have their authorisation, that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this policy.
Where you do share personal data about someone else with us, you must ensure the individual concerned is aware of the various matters detailed in this policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
We obtain your personal data from the following sources:
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
We do not, and will not, sell any of your personal data to any third party. We want to earn and maintain your trust, and we believe this is absolutely essential in order to do that.
We may disclose your personal data with the following categories of companies as an essential part of being able to provide our goods and services to you, as set out in this policy:
We are required by law to have a lawful basis to process your personal data for the purposes set out in this policy.
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 3 of this policy to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom, including the European Economic Area and the United States of America. In connection with such storage, processing and transfers we will seek to ensure that:
We will take all reasonable steps to ensure your information is treated securely and in line with this policy. You acknowledge that personal data that you submit for publication through our website, for example product reviews, may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
As a general rule, we will not keep your personal data for longer than seven years. For more information on how long we keep your personal data, please see our data retention policy, a copy of which can be obtained by contacting us using the contact details in section 3 of this policy.
We will however retain your personal data whilst you are an active customer (in other words, you purchase products from us) for as long as is needed to give you the best possible service.
Where you have not placed an order (sale, refund or other payment) with us for seven years, we will anonymise your personal data provided you have not otherwise interacted with us for two years. For the purposes of this policy, an interaction is defined as an identifiable website or app session, contacting our contact centre or contacting us in store or via telephone or e-mail. We will inform you before we anonymise your data and give you the option for us to retain your details in order to continue to serve you.
In all instances outlined above, the process of anonymising your data may take up to one calendar month.
In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
Any anonymised Internal Social Data which is stored in an unstructured format (such as free text reviews and wall posts) will not be deleted under these data retention rules unless requested by you.
You have a number of rights in respect to your personal data, some of which we have summarised in this section. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You may exercise any of your rights in relation to your personal data by either emailing us on email@example.com
Right of access – you may have the right to confirm as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
Right to rectification – you may have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
Right to erasure – in certain circumstances you may have the right to request the erasure of your personal data on legitimate grounds as specified in law.
Right to restriction on processing – in some circumstances you may have the right to request the restriction of the processing of your personal data on legitimate grounds as specified in law.
Right to objection to processing – you may have the right to object, on legitimate grounds as specified in law, to our processing of your personal data on grounds relating to your particular situation.
Right to data portability – in certain circumstances, you may have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit that information to another controller to enable it to use the data, to the extent applicable in law.
Right to stop marketing messages – at any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers.
Right to withdraw consent – to the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time.
Right to complain – in the event that you wish to make a complaint to us about how we process your personal data, please contact us at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. You may have a legal right to lodge a complaint with the Information Commissioner’s Authority or other supervisory authority responsible for data protection. Please see https://ico.org.uk/concerns/ for how to do this.
Automated decision making
We use automated decision-making tools in our processing of your personal data. This includes (but is not limited to) the application of profiling techniques to your personal data.
The logic we employ in relation to such automated decision-making is designed to analyse your personal data in order to establish characteristics about you, such as what types of wines you like (or might like). For example if you have ordered a full-bodied red wine from us then we may use automated decision making in order to recommend wines you might like based on this.
The logic we use in our automated decision-making tools is designed to ensure that you have the best possible experience when you shop with us. The consequences of us using such automated decision making are as follows:
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
We have a team trained to help with any data protection query. If you have any concerns or questions about how we protect your privacy, please contact the team either on email@example.com
All information you provide to us is stored on secure servers and we use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We ensure that any third parties with whom your personal information is shared in accordance with this policy are also subject to agreements which impose on them equally stringent procedures and security features to help keep your personal data secure.
Procedures are in place to deal with any suspected personal data breach and to notify you and any applicable regulator when legally required to do so.