This is the Privacy Policy of Hatton & Edwards Fine Wine Merchants Limited, a company registered in England and Wales under company number 08699895 whose registered office address is Unit 2 & 3 Granita Court, 9 Cross Lane, London N8 7GD (“HE” or “Us”).
HE seeks to respect the privacy of your personal data and to protect your personal data. The following information provides a breakdown of how we gather and use that data. It also provides guidance on how you can request for deletion of your personal data from our records.
The amount of information we hold on you and how we use it depends on your relationship with us and on which services you use; not all of the sections below may be relevant to you.
We strive to:
- Keep the amount of information we hold about you to a minimum. • Delete your data when it is no longer needed.
- Apply appropriate security mechanisms to protect your personal data.
For the definition of terms used within this Privacy Policy please refer to the ICO website or look at the General Data Protection Regulation (“GDPR”). The ICO website is a useful place to start.
We aim to answer some of the most frequently asked questions about our Privacy Policy below. However, the law allows you to request to see any information held about you, and to correct any inaccuracies. We are always happy to answer any questions you may have, and if you have any questions about our Privacy/Data Protection policy or the use of your data, please email your questions to [email protected], call 02073778097 or write to Hatton & Edwards, 130-132 Petherton Road, London, N5 2RT.
Can I opt out of receiving communications from HE?
Yes, you may opt out of receiving communications from us at any time by contacting us at: [email protected]. Please be aware this may impact the quality of service you receive from us or prevent us from providing a service to you, however we will of course respect your rights under GDPR. If you do receive unwanted communication from us and are having any trouble opting out or unsubscribing, please email us any time and we will help.
What information does HE collect about me?
We may collect, keep and update data about you including the following: your name, phone number, email address, home address, IP address, social identifiers (for example, gender), occupation, data provided by cookies and other similar technologies, functional data such as registration and system data, as well as additional usage data – for instance, your purchasing or selling history, contact permissions, product preferences, spirits or wines stored with us on a consignment basis or information about your attendance at our premises at events. Along with data volunteered and given directly to us from clients in person or via other communication methods such as phone and email, we also collect data of users when they place orders with us via our website (for example, your payment details), sell their wine and spirits to us, sell their items via us on a consignment basis, participate in surveys or competitions, attend events, register with our site, browse our websites or use any of our other services. Information may also be given to us by third parties. This data may include duration of sessions, data accessed and which pages on our website are accessed, systems accessed, details of networks, logs, details of the sender and recipients of messages sent through our website or over our services, times and locations of access or log on, clickstream & similar usage of system data. The information we hold may also include your payment details (for example, if you are purchasing one of our products) and details of any issues you have experienced. This data may sometimes be traceable to/related to named individuals or companies. Please feel free to browse our websites anonymously should you be concerned about anything related to data usage or retention.
Why does HE need my information?
When you contact us for anything including making an enquiry, purchasing goods or submitting a request for valuation, we will use your name and contact details to respond. We will continue to use this information (along with other information provided by you) to communicate with you whilst we provide you with our services, fulfil our contract with you (for example, sending you the products you have purchased), provide you with updates about our services and other types of updates, informing you about new products or services and for your security. We also retain and use data to answer queries, resolve problems, provide you with our invoices, collect payments and to comply with any data retention requirements under law. Your details may be held by us in order to review, support, improve, develop, administer and facilitate the services we provide. We retain information such as your contact preferences in order to respect your rights under GDPR. We also use data to assist us with product improvement and development, to assist us when providing customer support to you, for security, safety and dispute resolution, and for marketing and communications. This is in order to ensure we can provide the best experience of our products and services to our users and customers. This includes using your data to improve your experiences and sometimes personalise our content. We may use your details to obtain feedback on the services we provide, ask you for suggestions on how we could improve them, detect issues, prevent faults and detect breaches of our security, our contract terms or the law.
Our web server automatically recognises the domain name of each user to our website. We also collect the email addresses of those who communicate with us via email and anonymously aggregate information on which pages visitors to our website access or click on. We will gather further relevant information if you are a registered user of our services. This may include how often you use our website, traffic data from the use of our website, time of access and types of data accessed. Traffic data includes logs, details of networks, data and systems accessed, details of the recipients of messages sent over our services and the sender, location of log on or access, duration of sessions, times of log on or access, clickstream and similar usage or system data. Traffic data may sometimes be traceable to and or related to not just companies but named individuals.
Another example of where we may also receive your personal data is when we are processing gift requests to you from our clients or customers. Under our contract with our customer we process that data and it will be used in any secondary processing such as updates, actions or associated events where we have a legitimate business interest to do so.
Contacting you via newsletter, email offers, alerts and notices
We may send you newsletters, offers, updates on our goods and services, information about events (such as wine tastings) or other similar information from time to time. If you have supplied us with your postal address, email address or telephone number you may occasionally receive Whatsapps, mailings, emails, text messages, phone calls or other communications from us containing information on events, our products or services. We ensure that we only send you marketing information if we believe you have a legitimate interest. For example, we will send marketing information to those who have registered on our site, requested to be on our mailing list and those who have placed orders or enquiries with us.
If you wish to opt out receiving any information from us, you can either unsubscribe by following the instructions in the communication (such as at the bottom of the email) or contacting [email protected]. For more information, please refer to the “How do I delete my personal data from HE?” section below.
Who do we share your information with?
We do not sell your personal data to anyone else.
We work with third parties in the provision of some of our services, for example marketing service providers, logistics partners (e.g. who help deliver our products), warehouse and storage partners, email and storage solution providers, and we may use research agencies to help us improve our services. Data required by these parties, e.g. for the fulfillment of services such as deliveries (name of consignee, delivery address, telephone etc), will be securely transferred to the relevant third party where necessary. We will strive to only provide your data to companies who operate in line with the legal requirements regarding data handling, protection & storage, and we monitor this where possible. When we contract with third parties we enter into agreements that encourage GDPR compliance.
Another scenario where we may provide your data to a third party is where we are asked to provide information as a result of police action or a court order, to recover monies due or where we are required to do so by law.
As a company based in the United Kingdom, our lead supervisory authority on data protection is the ICO and GDPR is the standard for our data protection where data is processed in all territories.
We can provide details of which third parties we work with that are relevant to the service(s) you use upon request. If you have any specific security questions, concerns or requirements please contact us and we will be happy to discuss them.
How do I delete my personal data from HE and what are the consequences?
Please note that if we delete your personal data it may impact the service we can provide to you. However, you can write to us, email us on [email protected] or call us on 02073778097 to request that your data is deleted. If you wish to stop hearing from us email us and we will remove you from our mailing lists, even though we will retain some historical purchasing records as legally required. We will not delete data that is required to fulfil a contract until that contract is completed, unless we agree to terminate the contract. We will strive to inform you if deleting your data will impact our ability to perform a contract in case this affects your decision. If you opt out of receiving communications from us, you can always opt back in at a later date.
How do we store your information?
We are committed to the protection and security of your personal data and, where possible, we avoid storing paper records of personal data. We store data in multiple places depending on a range of factors including how frequently we access and use it and our requirements. We use a range of security procedures and technologies to help protect your personal data from unauthorised use, to protect it from unauthorised access or disclosure. For example, we store the data you provide on our computers and computer systems used by us, including cloud systems, that are controlled and have limited access. If you provide bank details over email, we will always phone you to confirm the details that have been provided. When there is a need to transmit data over the internet, all data is protected by passwords and/or encryption.
Does HE use Cookies?
We use cookies on our website to improve the quality of your experience. You can find out more about how we use cookies in our Cookie Policy.
How long do we store your data for?
We will store your personal information for a minimum of six years after your last interaction or transaction with us, we retain personal data for as long as is necessary to provide our services and products to you, fulfil our contract or transaction with you and other essential purposes. These might be that we have a legal obligation, legitimate reason or contractual reason to retain it thereafter. For example, if you store spirits bottles with us. We may also store your information for a longer period if it is relevant to resolving a dispute. We may also keep records of transactions for longer periods, but we will ensure that your personal data is deleted after six years and the data is anonymised.
If you wish to stop hearing from us prior to that time then please refer to the “How do I delete my personal data from HE” section above, although please note that we will retain some historical purchasing records as we are legally required to do so. If you are a sole trader or partnership, information we retain on financial transactions between us might include some personal data. We are required to keep this information for the current financial year plus an additional six years by law.
Why do we need to store your data?
HMRC requires UK wine and spirits businesses such as ours to keep all business records concerning excise goods for a minimum of six years. This is a legal obligation and HMRC will carry out inspections from time to time of our business and the records we are required to keep for those purposes including, amongst other things, sales, purchases and stock.
Does HE record telephone calls?
HE may record incoming and outgoing telephone calls in order to monitor the quality of our service, resolve customer queries, resolve disputes and provide training to our staff. We may retain telephone call recordings for up to two years.
Monitoring or Interception of email
We may monitor or intercept emails sent to individuals (such as employees) within our company. We do this for the detection of crime, reasons of security (of your data, the security of our staff, our security and others) or to ensure that you receive a prompt service whilst a staff member is absent. We may filter out emails that contain potentially offensive content, spam or unwanted content. We may remove content from, reject or delay emails which have the potential to disrupt our systems, pose security risks or may contain viruses. During this process, occasionally we may accidentally filter out emails which are harmless, although we endeavour to minimise this happening.
Your rights regarding our use of your personal data
On request, we can provide you with access to all information, including proprietary and contact information, that we hold about you (but, unless we are required to do so by law, we cannot provide you with information about other customers or users of our services). You can review, update, edit or ask us to delete any information we hold about you by emailing us directly at [email protected] or writing to us at our postal address: Hatton & Edwards, 130-132 Petherton Road, London, N5 2RT. Unless we are required to provide any information by law, we will never send personal information on request unless we have proof that the recipient is the data owner.
If you would like to change how we use your data, e.g. how we communicate with you, please discuss this with us (e.g. by telephoning or emailing us) and we will alter your contact permissions or preferences. Additionally, if you provide us with updated or corrected details we will correct any inaccuracies in the data we hold about you. Unsubscribing from any of our promotional emails will not affect our ability to contact you for the fulfilment of a contract with you or provide you with a product or service you have purchased. You always have the right to opt out of receiving marketing emails and other types of promotional or sales communication from us. If you would like to stop receiving newsletters or marketing emails from us, please click on the “Unsubscribe” link at the bottom of our marketing emails.
We will stop sending you emails if you unsubscribe, but please allow 14 days for us to process this request. You may still receive our emails during this processing period.
If you have any other questions about this Privacy Policy, or you have a complaint about how we are handling your personal data, please do not hesitate to email us at [email protected] and we will try to address or resolve any concerns. We will endeavour to send you a response to any communication we receive from you about your personal data, this Privacy Policy or any other data security matter within 14 days.
Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact Us page on the ICO website.
Security
We take security relating to the storage and handling of physical records and electronic data very seriously, taking reasonable measures (including access control, password protection, encryption and alarms) to protect against the loss or misuse of the personal information we hold. We do not store customer payment, debit card or credit card details for any period of time. Payment card details entered on our website are not stored. The card details entered are securely held by SagePay and are encrypted at all times.
We minimise the personal data that is accessible to our colleagues and where appropriate we anonymise that data. HE has developed and implemented strict process and policies governing our information technology and data user behaviour. These include in areas such as access control, alarms, audit, monitoring, data storage and environment integrity. When we introduce new systems and policies that relate to personal data, we strive to ensure that security and data protection is incorporated in the design of those systems.
Changes to this Privacy Policy
If any changes we make to this Privacy Policy include any materially different use of your personal data, we will let you know and give you the option to agree to the new use. When we make any changes to this Privacy Policy, we will amend the “Last updated” date at the top of this Privacy Policy. We recommend that you check this page from time to time to inform yourself of any changes to this Privacy Policy, as well as checking the pages of any of the other policies on our website.