Hall Brothers Wine Ltd Website Privacy Notice

We are committed to protecting the privacy of those with whom we interact, and we recognise the need to respect and protect information that is collected or disclosed to us (called “Personal Data”, explained below).

This Privacy Notice is intended to tell you how we use your Personal Data. If you still can’t find the information you need, you can contact us by reference to the details set out in section 1 below.
Please click on the links below for further information on our privacy practices:

  1. Who we are?
  2. What is Personal Data, and which Personal Data do we collect about you?
  3. How is your Personal Data collected?
  4. How do we use your information?
  5. To whom do we disclose your information?
  6. What do we do to keep your Personal Data secure?
  7. Data Retention – How long will we store/keep your Personal Data
  8. Accessing your Personal Data and other rights you have
  9. Cookies
  10. Your Choices (e.g. marketing related emails or otherwise)
  11. Changes to this Privacy Notice

 

  1. Who are we?

We are Hall Brothers Wine (“we”, “us”). We are a quality and affordable wine shop (our “services“), and we operate the website www.hallbrotherswine.com, (the “website“).

We are a registered fee payer with the Information Commissioner’s Office. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the following details:

Hall Brothers Wine Ltd
Northgate House
Northgate
New Basford
Nottingham
NG7 7BQ
info@hallbrotherswine.com

This privacy notice applies to you if you are customer, supplier, visitor to our website or applicant for a job with us. For the purposes of this privacy notice:

  • Customer – means an individual who purchases our services.
  • Suppliers – business contacts in our supplier organisations.
  • Website Visitors –anyone who visits our website.
  • Applicants – an individual who is applying for a job with us.

 

  1. What is Personal Data, and which Personal Data do we collect about you?

For the purposes of this privacy notice “Personal Data” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Data, we treat the combined information as Personal Data.

We may collect use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Identity and Contact Data includes first name, last name and title, address, email address, telephone number (and may include information from identity documents such as passports and driving licences).
  • Financial Data includes bank account details and payment information.
  • Technical Data includes internet protocol (IP) addresses, usage session dates and duration, page views, how you use our website the type of browser used while visiting our website and the numbers of users who visit our website.
  • Services Data includes information about how you use our services, details of which services you have received from us, our correspondence and communications with you and information about any complaints or enquiries you make to us.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We may also collect, use and share aggregated, anonymous or pseudonymised data, such as statistical or demographic data for any purpose. This data could be derived from your Personal Data but is not considered personal data in law as it does not directly or indirectly reveal your identity. However, if we combine any of this data with your Personal Data so that it can directly or indirectly identity you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

  1. How is your Personal Data collected?

We use different methods to collect data from and about you.

A. Customers

  • Personal Data that you provide directly. You may give us your Identity and Contact Data, Customer Data, Financial Data, and Marketing and Communications Data, when you enquire about or purchase any of our services, or when you correspond with us by email, phone or otherwise.
  • Third parties. We may receive personal data about you from third parties with whom we run competitions with, such as competitions you enter in magazines. We will only ever receive your personal data from third parties where you have given your specific opt-in consent to those third parties to disclose your data to us.

B. Applicants

  • Personal Data that you provide directly. You may give us your Identity and Contact Data when applying for a job with us.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as your employer’s website or third party databases.

C. Suppliers

We collect your Identity and Contact Data, Financial Data and Services Data when we correspond with you about our services, and from publicly available sources such as Companies House.

D. Website Visitors

When you interact with our website and complete a ‘Get in Touch’ form, we may collect your Identity and Contact Details. We may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies, and our analytics providers. Please see section 10 below.

  1. How do we use your information?

We will only use your Personal Data when the law allows us to do so. Most commonly, we will use your Personal Data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The legitimate interests we rely on are set out next to each purpose below.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your Personal Data. If we rely on your consent to process Personal Data, you may withdraw your consent at any time (see section 8 below).

Purposes for which we will use your Personal Data

We may use the Personal Data that we collect for the following purposes. For each purpose, we describe the legal bases we rely on to justify such use of your Personal Data.

Category Purpose/Activity Type of data Legal basis
Customer

To provide you with our services or to provide you with information you have requested about our services and to correspond with you

(a) Identity and Contact Data

(b) Services Data

(c) Financial Data

Necessary to perform our contract with you.

Applicant

To consider you for a role, if you are applying for a job with us

(a) Identity and Contact Data

(b) Career history and education information

(i) Necessary to take steps in order to enter a contract with you

(ii) Necessary for our legitimate interests in attracting talent and market opportunities

Supplier

To carry out our contractual obligations to you, if you are our supplier or subcontractor, including to manage our payments to you, or to your employer

(a) Identity and Contact Data

(b) Services Data

(c) Financial Data

Necessary for our legitimate interests in receiving services from our suppliers to ensure our business is run efficiently

Customer

To provide you with marketing information and special offers and to enable you to participate in competitions related to our services, which you request from us or which we feel may be of interest to you, and for assessment and analysis of our Customer base and to create sales and marketing plans

(a) Identity and Contact Data

(b) Services Data

(c) Marketing and Communications Data

Necessary for our legitimate interests to develop our services and to grow our business and to inform our marketing strategy

Website Visitors

For security purposes and to administer our website – to maintain and enhance the website and to ensure that content from it is presented in the most effective manner for you and your computer, and to enhance the user experience

(a) Technical Data

(b) Identity and Contact Data

(i) Necessary for our legitimate interests in running our business, to ensure the security of our systems, to assist us in the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or company restructuring exercise

(ii) Necessary to provide you with the information you have requested by completing a ‘Get in Touch’ form

(ii) Necessary to comply with a legal obligation

All

Business purposes – for business monitoring, improving our services, record keeping including maintaining our accounts, complying with good practice and for other administrative, operational and security reasons

(a) Identity and Contact Data

(b) Services Data

(c) Marketing and Communications Data

(i) Necessary for our legitimate interests in running our business efficiently and successfully and in order to keep our records updated

(ii) Necessary to comply with a legal obligation

All

To prevent and detect crime, fraud or corruption and to meet our legal, regulatory and ethical responsibilities

(a) Identity and Contact Data

(b) Technical Data

(c) Services Data

Necessary to comply with our legal obligations

Marketing communications

We may use your Personal Data to provide you with email notifications and other communications by email, on the basis that it is in our legitimate interests to use your Personal Data for these purposes in developing our services. For further information on this, see the ‘Your Choices’ section of this Privacy Notice.

Combining Personal Data

We may combine the Personal Data that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Data to allow us to provide better support services and more personalised content (such as marketing).

Change of purpose

Where we need to use your Personal Data for another reason other than for the purpose for which we collected it, we will only use your Personal Data where that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

  1. To whom do we disclose your information?

We will only use your Personal Data for our internal business purposes, some of which are mentioned above. We may disclose your information to the following entities:

  1. Service Providers

We use third party service providers to help us to administer certain activities and services on our behalf. We may share Personal Data about you with such third party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. We use the following categories of third party service providers

  1. Website and IT Support Services (including cloud providers)
  2. Companies who provide us with marketing support
  3. Payment providers
  4. Analytics providers

We may also share your Personal Data with our legal and professional advisors for the purposes of providing us with business support and advice (for example, accounting advice).

  1. Anonymous statistics

We prepare and develop anonymous, aggregate or generic data and statistics for various reasons (such as aggregate usage statistics including “page views” on the website, and analysing how users use our content). As this data is anonymous (i.e. you cannot be identified from it) we do not consider this information to be Personal Data. As such, we may share it with any third party.

  1. Third parties when required by law

We will disclose your Personal Data to comply with applicable law or respond to valid legal process, including from our regulators, law enforcement or other government agencies (in which case such agencies or regulators will be acting as controllers as well); to protect the users of the website (e.g. to prevent spam or attempts to defraud them); to operate and maintain the security of the website (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property.

  1. Other Parties in Connection with Corporate Transactions

We may disclose your Personal Data to a third party in the event that all or substantially all of our business or assets are or are intended to be sold or otherwise assigned to another entity.

  1. What do we do to keep your information secure?

We have put in place appropriate physical and technical measures to safeguard your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. When we use service providers to assist us in processing your Personal Data, we have written contracts in place with such service provider which means that they cannot do anything with your Personal Data unless we have instructed them to do it.

However, please note that although we take appropriate steps to protect your Personal Data, no website or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Data.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

International Transfer of Data

The Personal Data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the United Kingdom.

By using the website and/or providing us with your Personal Data, you acknowledge that we will collect, transfer, store and process your information outside the UK. We will take all steps reasonably necessary to ensure that your Personal Data is kept secure and treated in accordance with this Privacy Notice and the requirements of applicable law wherever the data is located.

Where we transfer your Personal Data outside the UK to third parties, we will ensure that appropriate transfer agreements and mechanisms are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Data. We will only transfer your Personal Data outside the UK in accordance with applicable laws or where you have given us your consent to do so.

  1. Data Retention – How long we will store/keep your Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When your Personal Data is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your Personal Data (see section 8 below).

  1. Accessing your Personal Data and other rights you have

We will collect, store and process your Personal Data in accordance with your rights under any applicable data protection laws. Under certain circumstances, you have the following rights in relation to your Personal Data:

  • Subject Access – you have the right to request details of the Personal Data which we hold about you and copies of such Personal Data.
  • Right to Withdraw Consent – where you have consented to our processing of your Personal Data, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in section 1.
  • Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Data directly to another organisation or to you.
  • Rectification – we want to ensure that the Personal Data about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Data about you.
  • Erasure (‘right to be forgotten’) – you have the right to have your Personal Data ‘erased’ in certain specified situations.
  • Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Data.
  • Object to processing – You have the right to object to specific types of processing of your Personal Data, such as, where we are processing your Personal Data for the purposes of direct marketing.
  • Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decision being taken solely on the basis of automated processing.

Enforcing your rights

If you wish to enforce any of your rights under applicable data protection laws, then please see section 1 above. We will respond to your request without undue delay and by no later than one month from receipt of any such request, unless a longer period is permitted by applicable data protection laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable data protection laws.

Complaints

If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the data protection regulator in the UK which is where we are located. The ICO’s address is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.

  1. Cookies

What are cookies?

We may use cookies on our website. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. Cookies are assigned to and stored in a user’s internet browser on a temporary (for the duration of the online session only) or persistent basis (cookie stays on the computer after the internet browser or device has been closed). Cookies collect and store information about a user’s preferences, product usage and content viewed which allows for us to provide users with an enhanced and customized experience when engaging with the website.

  1. Your Choices (e.g. marketing-related emails or otherwise)

When you request information on or from the website, or otherwise communicate with us, we may use your Personal Data (such as your contact details (e.g. name, address, email address, telephone number) to send you marketing-related correspondence by email related to our products. When we process your Personal Data for marketing purposes, we do so on the basis that we have obtained your opt-in consent to use your Personal Data for these purposes.

We may also use your Personal Data to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.

We do not share your Personal Data for marketing purposes with third parties without obtaining your prior consent.

To opt out of receiving marketing-related correspondence from us, please click “Unsubscribe” from any marketing or promotional email you receive from us.

  1. Changes to this Privacy Notice

It also is important that you check back often for updates to the Privacy Notice, as we may change this Privacy Notice from time to time. The “Date last updated” legend at the bottom of this page states when the notice was last updated, and any changes will become effective upon our posting of the revised Privacy Notice.

We will provide notice to you if these changes are material and, where required by applicable law, we will seek your consent. We will provide this notice by email or by posting notice of the changes on our website.

Date last updated: July 2021