1.1 The Philglas & Swiggot website (the “Website“) our Wine Club and our customer loyalty programme (the “Loyalty Programme“) are operated by Philglas & Swiggot Ltd (“Philglas & Swiggot“, “our“, “we” and “us”) of 21 Northcote Road, London, SW11 1NG, United Kingdom. At Philglas & Swiggot we respect your right to privacy and this Privacy Statement (the “Statement“) sets out the basis on which we use, process, store or disclose any personal data detailed below (“Personal Data“) that we collect from you or that you provide to us through the Website and/or our Loyalty Programme. The information provided by you will be held by us as a controller.
2. Overview Of This Statement
2.1 We collect and process your Personal Data when you use the Website (including to purchase our products), when you sign up to and use our Wine Club, Loyalty Programme and when you engage us. Our processing operations are mainly necessary to enter into and perform our contract with you, necessary for the purposes of our legitimate interests, or based on you having given us consent. We store your Personal Data on servers located within the European Economic Area (the “EEA”). We share your Personal Data within Philglas & Swiggot Ltd and the O’Briens Group (as defined in Section 5 below) and with third parties. We may also share your Personal Data with law enforcement agencies or other bodies if we are required by law to do so.
3. The Personal Data We Process
3.1 We will collect and process the following Personal Data when you use the Website:
- your device type, operating system, browser, IP address and other information derived from cookies used on the Website. Please see our Cookies Policy for further information; and
- details of your visits to the Website such as traffic data, location data and the resources, advertisements and Linked Websites that you access through the Website.
3.2 You can choose to provide us with the following Personal Data:
- If you make a purchase using the Website, we will process your email address, your name, telephone number, company name (if you choose to provide it), your address (both for shipping and billing), your order information and, if applicable, any loyalty points you accrue.
- Please note that we do not process or store any card or payment information on our own servers as we engage with third parties for this. For more on card and payment information, please see Security, Storing and Transfers of Your Personal Data in Section 6.
Customer Account Registration Information
- If you choose to register a Customer Account with us you will have to provide us with information including your email address, a password of your choosing, your name, your phone number and your address. You may also choose to provide us with the name of your company.
- Where you choose to register a Customer Account with us, we will process your transactional information and purchase history.
- When you register for a Customer Account online we automatically sign you up to our Loyalty Programme, but if you are already a member of the Loyalty Programme then you can provide the details of your Loyalty Card when you set up your Customer Account.
Loyalty Programme Information
- If you choose to join our Loyalty Programme, we will process your name, email address, telephone number, company name (if you choose to provide it), address, order information, loyalty points you spend and accrue and transactional information
- If you choose to subscribe to our marketing material, we will process your email address and phone number in order to send this to you, but also information about how you interact with the emails and SMS messages you receive from us, such as whether or not you open the communication, the links you click on, whether you purchase anything or whether you opt out of the communications.
- You may choose to give us information such as your name, e-mail address, address, telephone number and other details when contacting us by submitting enquiries through the Website contact form, on the Website or by e-mailing email@example.com.
- If you choose to provide us with this information, we will keep a record of this correspondence for as long as is necessary to deal with this query (for further information please see our section on How Long We Keep Your Personal Data For in Section 8).
4. How And Why We Use Your Personal Data
4.1 The following table details the legal basis for (the “Legal Basis“) and the reasons why (“Purposes“) we process your Personal Data:
|Legal Basis||Purpose(s)||Personal Data Processed|
It is necessary to process these Personal Data to enter into and perform our contract with you in relation to:
If you do not wish to provide us with your Personal Data for these purposes, we will not be able to enter into or perform our contract(s) with you and you will need to leave the Website instead.
|Access to the Website|
Fulfilling your Orders and Requests
· to process your payments, through our third party payment providers; and
It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.
When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not process your Personal Data for activities where our interests are overridden by the impact on you.
|Improving Website Functionality and Efficiency|
Responding to Queries
We process your Personal Data for these purposes where we have your consent to do so.
Should you wish to withdraw your consent to our processing of your Personal Data for these purposes you may do so by contacting firstname.lastname@example.org You will also be given an option to opt-out on each communication you receive. However please note that any processing carried out before you withdraw your consent will remain valid.
|Promotional and Marketing Materials|
|Compliance with a Legal Obligation|
We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject to.
|To Defend, Establish or be a Party to Legal Claims|
We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party.
5. Who We Share Your Personal Data With
5.1 We may disclose your Personal Data to other members of our group which means our subsidiaries, our ultimate holding company and its subsidiaries, if applicable (the “O’Briens Group“).
5.2 We will disclose your personal information to third parties outside Philglas & Swiggot, including in the following circumstances:
|Third Party Service Providers|
|Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies|
6. Security, Storing And Transfers Of Your Personal Data
6.1 We store and process your Personal Data on servers located within the European Economic Area (the “EEA“). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact us at email@example.com
6.2 Information you provide to us through the Website is protected by encryption. Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
6.3 Philglas & Swiggot does not store or process any of your card or payment information. All payment information is processed by third party service providers engaged by us for this purpose, including Global Payments & Stripe who are Level 1 PCI DSS v3.2 certified.
7.1 The Website contains links to other websites (“Linked Websites“). Philglas & Swiggot is not responsible for the privacy statements or practices on the Linked Websites. This Statement governs only information collected on the Website. When accessing Linked Websites, you should read the privacy statement published on the relevant Linked Website. The terms of our Statement do not apply to Linked Websites. Please check these statements before you submit any Personal Data to Linked Websites.
7.2 The Website contains links to other websites and resources provided by third parties for your convenience and information only. We accept no liability in connection with any Linked Website, or any contract entered into on or through a Linked Website. We have no control over the contents of those websites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of Linked Websites.
8. How Long We Keep Your Personal Data For
8.1 We will keep your Personal Data no longer than is necessary for the purposes for which the data was provided.
8.2 Please note that in certain circumstances, we may hold your Personal Data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your data.
9. Your Rights And How To Exercise Them
9.1 The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data:
|Right to be Informed||You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.|
|Right of Access|
(1) the purposes of processing;
(2) the categories of Personal Data concerned;
(3) the recipients of your Personal Data;
(4) the period for which your Personal Data will be stored;
(5) the existence of your right to lodge a complaint with the Office of the Data Protection Commissioner; and
(6) the source of your Personal Data;
|Right to Rectification|
|Right to Erasure||You have the right to ask us to erase your Personal Data where:|
(1) it is no longer necessary to perform the contract;
(2) you withdraw your consent and there is no other legal basis permitting us to process your Personal Data;
(3) you object to the processing and we have no overriding legitimate grounds;
(4) your Personal Data have been unlawfully processed; or
(5) it must be erased to comply with a legal obligation.
|Right to Restriction of Processing|
(1) where you contest the accuracy of your Personal Data;
(2) where the processing is unlawful and you do not want us to delete your Personal Data;
(3) where we no longer need your Personal Data for the purposes of processing but you require the data in relation to a legal claim; or
(4) where you have objected to us processing your Personal Data pending verification as to whether or not our legitimate interests override your interests or in connection with legal proceedings.
|Right to Data Portability|
|Right to Object|
9.2 You can exercise any of these rights by submitting a request to our Information Security Officer at firstname.lastname@example.org
9.3 We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within one month of receiving your request. We may extend this up to 2 months if necessary however we will inform you if this arises.
9.4 You have the right to lodge a complaint with a data protection supervisory authority with regards to us processing your Personal Data.
10. Changes To This Statement
10.1 If we amend this Statement, in whole or part, any changes will be posted on this page and, where appropriate, notified to you by email or when you use the Website. The new Statement may be displayed on-screen and you may be required to read and accept it to continue your use of the Website.
10.2 If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Statement, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
11. Who To Contact With Queries
11.1 Questions, comments and requests regarding this Statement are welcomed and should be addressed to our Information Security Officer at email@example.com.