Privacy Policy
Privacy policy
Definitions
“Affiliate” means any company, partnership, individual or other organisation with whom the Company at its sole discretion uses to fulfil its business objects or obligations under these Terms.
“Company” means Squareleg Promotions Ltd (registered in England No. 10282793) whose registered office is situated at 3 The Malthouse, Willow Vale, Frome, Somerset BA11 1BG, and/or any company within the same group of companies defined under the Companies Acts or any trading name that the Company chooses to use including but not exclusively
“Courier” is any courier, delivery service company or business, any agent of a delivery service or business or any other such delivery organisation deployed by the Company or its Affiliates to transport products to customers;
“Intellectual Property” any business name, design, invention, logo, website design or content, app design, marketing material, social media design or content, brochures, product images, product data or any other material or designs produced by the Company or its Affiliates.
“Products” mean any products or services offered by the Company for sale.
“Services” means any website, app, portal, social media feed, brochure, written or verbal communication or other means by which the Company imparts, collects or processes information or orders for its products or services.
“Terms” means these Terms and Conditions to be read in conjunction with other documents and policies including inter alia the Privacy Policy, Cookie Policy, Delivery Notices or any policies notified by any Affiliates.
1. Overview
1.1 The Company respects your privacy and is committed to protecting your personal data.
1.2 The information set out in this Privacy Policy aims to inform you as to how we collect and look after your personal data when:
• you visit the Company’s websites & other online sites;
• you purchase Products from the Company;
• you open a customer account and/or register with the Company;
• you otherwise contact us; or
• Products ordered from the Company are delivered to you.
1.3 The Privacy Policy will also tell you about your privacy rights and legal protection.
1.4 IT IS IMPORTANT THAT YOU READ THE PRIVACY POLICY IN CONJUNCTION WITH THE COMPANY’S TERMS AND CONDITIONS AND ANY OTHER PRIVACY-RELATED POLICIES THAT THE COMPANY MAY PROVIDE ON SPECIFIC OCCASIONS TO BE FULLY AWARE OF HOW AND WHY WE ARE USING YOUR DATA.
1.5 Please note that the Company may update and amend this Privacy Policy from time to time and any changes will be posted on its website.
1.6 The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Company does not control these third-party websites and is not responsible for privacy statements applicable to those websites which you are encouraged to review.
1.7 It is important that your personal data held by the Company is accurate and current. Please inform the Company if your personal data changes during your relationship with the Company.
1.8 By accessing and using the Services, you accept the terms of this Privacy Policy.
2. Collection of Personal Data
2.1 Personal data is information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or data relating to corporate entities.
2.2 Personal data is collected in two principal ways:
2.2.1 When you provide information to the Company directly
When a customer account is created, when you use the Services, when you communicate with the Company (including telephone calls with Customer Services), when you purchase Products, or when clicking on active buttons such as Order or Pay, you may choose to provide the Company with certain information which may include inter alia your contact details or marketing preferences, or.
2.2.2 When the systems collect information or personal data as you use the Services or websites or apps that are connected to the Services
Whenever you use a website, app or other internet services, information is recorded automatically by the IT systems used to operate that website, app or service. The most common type of information collected is in the form of cookies (small text files sent by your computer each time you visit our website) but can also include personal data transferred by the electronic device you use to access the Services and their settings. The manufacturer of your device, or the provider of the operating system, will have details about what information your device shares with the Company or other websites.
2.3 The Company may collect the following data about you:
2.3.1 Identification Data including first name, last name, title and date of birth;
2.3.2 Contact Data including home or business addresses, billing and delivery address(es), place of work, email address(es) and telephone number(s);
2.3.3 Financial Data including customers’ cardholder details (CHD), bank account details (bank name, account name, number, address and sort code).
2.3.4 Transaction Data including details of order history, payment instructions, payment patterns (including details related to subscription payments) made by you;
2.3.5 Technical Data including internet protocol (IP) address, your login data, browser type, browser version, time zone and location, browser plug-in types and versions, operating system and platform, use of cookies or other devices to store and sometimes track information about you (more details on the use of cookies is set out in the Cookie Policy) and other technology on the devices you use to access the Services;
2.3.6 Profile Data including your username and password, purchases and orders, membership or event history, account preferences, feedback and survey responses;
2.3.7 Usage Data including information about how you use the Services;
2.3.8 Marketing and Communications Data including preferences in receiving marketing from the Company, its clients or other third parties and your communication preferences;
2.4 The Company may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated data may be derived from Personal Data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if Aggregated Data is connected or combined with your Personal Data so that it can directly or indirectly identify you, the combined data will be treated as Personal Data which will be used in accordance with this privacy policy.
2.5 The Company does not actively collect any Special Categories of Personal Data such as details about ethnic origin, religion, political affiliations, criminal convictions or offences, genetic or biometric data, and health or sexual orientation. However, the Company may process certain Special Categories of Personal Data when you include such information in your CV which you (or a third party) send to the Company when making contact about employment opportunities with the Company.
2.6 The Services are not intended for Children and the Company does not knowingly collect data relating to children.
3. Legal Basis For Use of Personal Data
3.1 There are four relevant lawful bases for which the Company may collect and process your Personal Data.
3.1.1 Legitimate Interest
Legitimate Interest means the commercial interest of the business in providing the Services to enable the Company to give customers the best products and services and the best and most secure experience. The Company will consider and balance any potential impact on you (both positive and negative) and your rights before processing personal data for its Legitimate Interests.
3.1.2 Contractual Obligations
The Company will collect and process Personal Data to comply with its contractual obligations. This Personal Data may include, inter alia, address and contact details which will be passed to couriers to deliver your purchase.
3.1.3 Legal and Regulatory Compliance
The law may require the collection and processing of Personal Data in order to comply with legal or regulatory obligations such as age verification for the sale of alcohol. The Company may disclose the personal information that you provide to a credit reference or fraud prevention agency which may keep a record of that information. This is done only to confirm your identity. A credit card check is not performed, and your credit rating will be unaffected.
3.1.4 Consent
“Consent” means your agreement to process your personal data. Consent to process your personal data must be given freely and without ambiguity. You have the right to withdraw consent to receive marketing information at any time by contacting the Company through your online account or using the Contact Us options set out in this Privacy Policy.
3.2 The Company may use your personal data:
3.2.1 based on the Company’s contractual obligation to send you Products that you have purchased; to manage any accounts you have registered with the Company so that (i) it can provide you with Products and Services; (ii) you can place orders; and (iii) it can fulfil those orders and communicate with you about them.
3.2.2 based on the Company’s legitimate interests to improve the range of Products, offers and associated products offered to its customers and to help identify new products in the future to present customers with personalised offers via its services and by placing banner advertisements on third-party websites; to personalise the offers you receive from the Company; to permit you to post links to the Services or Products on social media; to carry out research to better understand your views on the Products and Services and to allow you to continue enjoying customer service from the Company.
3.2.3 based on the Company’s legal compliance with the law (for example, to ensure that the Company only sells products containing alcohol to those aged 18 or over); to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same) to verify your identity and your age;
3.3 To provide you with its products and services, the Company might be required to share some of your personal data with certain third parties. The Company will only send to third parties the personal data that is necessary for the purposes it is required for.
3.4 The Company will only share your data as follows:
3.4.1 With core service providers to enable the Company’s business to function:
The Company relies on certain external companies to provide the Company with services that enable its business to run properly. The core service providers include the courier companies used to deliver Products to you; banks and clearing houses to process your payments; companies used to carry out fraud protection and age verification checks; IT services providers; companies to help with its marketing; and partners through which the Company may provide concessions or partnerships.
3.4.2 With social media and online advertising companies for marketing purposes:
The Company may share information it holds about you with social media companies (such as Facebook) to enable them to display its advertisements to you. The Company will do so only if it has permission to send you marketing electronically. If you have opted out of email marketing, the Company will share your email address solely to ensure you do not receive advertisements on social media.
You can opt out of the Company’s marketing communications at any time through your online account or by contacting the Company using the Contact Us options set out in this Privacy Policy.
The Company may also use information held about you to identify similar customers (known as “lookalikes”) on social media websites such as Facebook. It may share this information (which may include name, email address, telephone number, address, age and purchase history with us) directly with social media companies. A part of this process would be to exclude you from receiving those advertisements intended for new customers.
The Company would process this information based on its legitimate interests; if you would like to opt out of this, please email the Company using the Contact Us address set out in this Privacy Policy
The Company will request that any data used in this process be deleted as soon as it has served its purpose.
From time to time the Company may share reviews you have made on its Services platforms with online advertisers such as Google so that they might appear in search results for the Company and its products.
3.4.3 With other partners when the Company has your consent to do so:
The Company works with a number of other third-party companies to provide value to its business and you. These companies may include marketing partners who help manage communications with you and social media partners (for instance you can publish a link on Facebook or Twitter to any Products that you have enjoyed).
The Company will only partner with other companies that meet its own high standards and whom the Company thinks are a good fit for its business and its customers. Each of these third parties is required by the terms of the contract agreed with them to use your personal data only as the Company instructs it and to ensure that your personal data is secure.
The Company may also on occasions share your data with trusted retail partners either directly or through alliances operated by third parties. These alliances work by each trusted retailer sharing information on what their customers buy or by links from their Services into those of the Company. This information is analysed to help retailers understand consumer’s wider buying patterns. As a result, the retailers can tailor their communications, sending suitable offers that should be of interest, based on what they like to buy.
If you would rather not receive marketing offers from third-party companies you can withdraw your permission whenever you wish through your online account or by contacting the Company using the Contact Us options set out in this Privacy Policy.
3.4.4 With regulators and law enforcement agencies when required to do so by law:
The Company is required to cooperate with regulators (such as the Information Commissioner’s Office or HMRC) and law enforcement agencies (such as the police or the Serious Fraud Office) in every country where it operates. Although it does not happen often, regulators and law enforcement agencies can require the Company to share information with them as part of an investigation; this may include your personal data. The Company would have to disclose your personal data where the Company believe that disclosure is reasonably necessary to comply with the regulator or crime enforcement agency’s demand.
3.4.5 When the Company thinks it is reasonably necessary to protect you or the Company:
Occasionally businesses are subject to attempted criminal activities; this can affect both the Company and you. The Company will take all reasonable steps to protect you and its business but sometimes the Company may need to share your personal data where the Company thinks it is reasonably necessary to:
• Detect, monitor, investigate or prevent any suspected illegal activities, fraud or security issues;
• Enforce its terms and conditions and protect both your and its rights and property;
• Investigate and defend any third-party claims or allegations.
3.4.6 As part of a business sale or purchase, merger or reorganisation:
From time to time the Company may look to purchase another business or sell or re-organise parts of its business to ensure that the Company remains in strong shape. Sometimes these types of corporate transactions involve the transfer of your personal data solely to assess the transaction. In the event that the Company sell or buy any business or assets, personal data that the Company hold about you may be one of the transferred assets.
3.4.7 In aggregated format:
On occasions, the Company will use data from which you cannot be personally identified but which does include information that relates to you such as your purchase history. This data is combined with data from other customers to provide general trends on customers’ preferences, ratings and reviews and general buying habits. This data is not personal as it has no identifier, but it is data that may be used.
3.5 From time to time the Company may use service providers outside the UK, in particular for the provision of IT services and as a result, it may transfer your data to suppliers in countries in the European Economic Area, including Switzerland and Gibraltar (“EEA”), as well as Australia, the US and India. The UK Government has confirmed that there are no changes to the way we send your data to the EEA from 1 January 2021. Where personal data is transferred out of the EEA, the Company will endeavour to ensure a similar degree of protection with safeguards such as “standard data protection clauses” provided by the European Commission or other such safeguards recommended by the ICO.
3.6 The Company will not keep your personal data for longer than is necessary for the purposes described in this policy. In particular:
3.6.1 the Company will retain personal data while your account is active;
3.6.2 the Company retains data for 6 years from the date of the last purchase, but it may keep certain categories of personal data after your account is closed to meet any legal or regulatory requirements, or to resolve a legal dispute;
3.6.3 the Company might keep different types of personal data for different lengths of time (for example, certain personal data relating to your purchases to comply with HMRC’s VAT reporting requirements);
3.6.4 the Company may keep recordings of your telephone calls with it, typically for no longer than 3 months from the date of the call.
4. Your Legal Rights
4.1 The Company recognises that you have rights under data protection laws concerning your personal data. These rights are set out below:
4.1.1 Right to access your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data the Company holds about you and to check that we are lawfully processing it.
4.1.2 Right to Rectification. This enables you to have any incomplete or inaccurate data held about you corrected, though the Company may need to verify the accuracy of the new data you provide.
4.1.3 Right to Erasure. This enables you to ask to delete or remove personal data where there is no good reason for the Company continuing to process it. You also have the right to ask to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where the Company may have processed your information unlawfully or where the Company is required to erase your personal data to comply with local law. Note, however, that the Company may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4.1.4 Right to Object. You have the right where the Company relies upon a legitimate interest or those of a third party and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where the Company processes your personal data for direct marketing purposes. In some cases, the Company may demonstrate that it has compelling legitimate grounds to process your information which override your rights and freedoms.
4.1.5 Right to Restriction. This enables you to ask the Company to suspend the processing of your personal data in certain circumstances:
• you want the Company to confirm the accuracy of the data;
• the use of the data is unlawful but you do not want it erased;
• you want the Company to hold the data even if no longer required it as you need it to establish, exercise or defend legal claims; or
• you have objected to the use of your data but the Company needs to verify whether it has overriding legitimate grounds to use it.
4.1.6 Right to Transfer Your Personal Data. The Company will at your request provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for the Company to use or where the Company used the information to perform a contract with you. The Company is not required to adopt processing systems that are compatible with other organisations so be aware that the recipient of the data may not be able to automatically use the personal data provided by the Company’s systems.
4.1.7 The Right to Withdraw Consent. You may withdraw consent to use personal data at any time where the Company is relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, the Company may not be able to provide certain Products or Services to you. The Company will advise you if this is the case at the time you withdraw your consent.
4.1.8 No Fee Usually Required. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, the Company reserves the right to charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, it may refuse to comply with your request in these circumstances.
4.1.9 Right to be Informed. The Company will endeavour to be clear about how it processes your personal data. It does this through this Privacy Policy and its Terms and Conditions which the Company will keep up to date as possible.
4.2 The Company may need to request specific information from you to help confirm your identity, to ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. The Company may also contact you to ask you for further information in relation to your request to speed up our response.
4.3 The Company will try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, the Company will notify you and keep you updated.
4.4 If you wish to exercise any of the rights set out above, please contact the Company using the Contact Us options set out in this Privacy Policy.
4.5 You have the right to make a complaint at any time to the ICO (www.ICO.org.uk), the UK authority which supervises data protection issues. However, the Company would appreciate the opportunity to resolve any issues before you approach the ICO in the first instance.
5. Contact Us
5.1 If you have any questions regarding this Privacy Policy, please contact the Company know by:
• Entering the relevant details on the Contact Us page
• Emailing admin@winecard.co.uk