WHAT THIS POLICY COVERS
- How and what data we collect
- How long data will be used for
- Why we collect personal data
- What our lawful data for collection personal data is
- Who we share our data with
- International transfers
- Data security
- Your rights
- Marketing and Profiling
INTRODUCTION and IDENTIFYING the CONTROLLER of your personal data
The controller of your personal data is Beavertown Brewery Ltd.
- Mail: Beavertown Brewery Ltd, Unit 17 & 18 Lockwood Industrial Estate, Mill Mead Road, London, N17 9PQ, marked for the attention of “The e-commerce Team”
- Email: firstname.lastname@example.org
SUMMARY and KEY POINTS you should be aware of
Personal data is any information about an individual from which that person can be identified. We may receive your personal data directly from you, or it may be publicly available.
We use data for various purposes, including to communicate and manage our relationship with you, protect our business, ensure we comply with laws and to run competitions and promotions. Transparency is important to us, so we would particularly like to highlight the following activities we conduct where we have a lawful basis:
- We may use your data to create a profile of you. We may combine the data that you have provided to us with publicly available sources in order to better understand your interests. We want to build a profile of you so that we can send relevant communications and market to you more effectively
- We may use your data to send you online targeted advertisements. Based on our profile of you, we may present you with adverts when you browse online. This involves asking a platform to show our adverts to a particular group of individuals
- We may use your data to conduct analytics. For example, we may track how you respond to the emails we send you. We want to see if the email has bounced and, if not, whether you open our emails and/or click on any content; unsubscribe or mark the email as spam; share the information on social media or forward it to friends. This ensures that we can understand what really interests you and improve our approach to marketing so that you do not receive irrelevant or unwanted emails. It also allows us to use our resources efficiently
You have various rights regarding our use of your data.
HOW and WHAT data do we collect about you?
We also collect information indirectly: (a) from social media platforms (e.g. Facebook, Instagram and LinkedIn) (“Social Media Platforms”) or 2nd party vendors (e.g. supermarkets and similar retailers) where you have purchased our products (together “Relevant Third Parties”). Any information we collect indirectly will be from a publicly available source or you will have consented to it being shared.
We collect different categories of information which we have grouped together as follows:
- Identity Data – name, username, title, place and date of birth and personal characteristics including age and gender
- Contact Data – email address, billing address, delivery address and telephone number
- Financial Data – payment information including debit or credit card number and Paypal details
- Profile Data – preferences, feedback, survey responses and interests including activities noted on Social Media Platforms (for example, your Facebook likes/groups) or collected from other Relevant Third Parties (See Annex 1 for more information on our profiling activities)
- Marketing and Communications Data – preferences in receiving marketing and communications from us and information in terms of engagement with email communications (See Annex 1 for more information on our marketing activities)
- Location Data – GPS-based location information from your use of our website or Social Media Platforms via your smartphone(s), tablet(s) or other devices
- Photo and Video Data - photos and/or video footage of you captured when you attend any events hosted or sponsored by us (your attention will be drawn to any photography or filming that is taking place, and your consent will be obtained where required)
- Inferred Data – which is inferred or derived from the data we collect, for example inferences about your interests based on your Identity Data, Profile Data, Technical and Usage Data or Location Data
We do not knowingly:
- Process any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetics and biometric data). Nor do we process any information about criminal convictions and offences
- Collect personal data relating to children. We have age verification processes on our website to ensure we do not market our products or brands to anyone under the age of 1
How LONG will my personal data be used for?
The purposes of satisfying any legal, tax, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider any legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In relation to our marketing activities specifically, your personal data will be processed until an opt-out / objection is received or consent is withdrawn as applicable.
WHY do we collect your personal data?
We may collect the above categories of personal data about you for the following purposes:
- To administer our business and perform contracts with you
- To communicate with you
- To enable you to partake in a promotion and for prize fulfilment purposes
- To market to you
- To conduct market research
- For analytical purposes
- To maintain and optimise our website
- To protect our business
- To satisfy our legal and regulatory obligations and co-operate with regulators and government bodies
- To defend and exercise our legal rights, including in relation to managing actual and potential claims
What is our LAWFUL BASIS for collecting your personal data?
Under data protection laws, we must have a lawful basis under which we process your personal data. We will only use your personal data for the purposes set out in section 5, unless we reasonably consider that we have another appropriate reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.
If you provide us with your consent to processing either in connection with your use of our website, through a Social Media Platform or a Relevant Third Party, you can withdraw it at any time and we will stop the processing activities that were based on consent as a lawful basis. Please note we may still process the data if we have another lawful basis for processing (in most instances, this will be for a more limited purpose e.g. back-up storage or to record a withdrawal).
Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract and you do not provide that data when requested, we may not be able to continue our Engagement with you or perform the contract we have or are trying to enter into with you (for example, to provide you with products or allow you to participate in competitions). We will notify you of this at the time.
WHO do we SHARE your personal data with?
We may share your personal data with external third parties which include:
- Communications platform providers (i.e. vendors we use to send and manage email and SMS communications);
- Marketing and advertising companies and media agencies for marketing and research purposes, and to provide promotion services, data on-boarding services, research and marketing strategy services;
- Third party providers of Social Media Platforms (including Facebook, Instagram and LinkedIn);
- Prize fulfilment agencies;
- IT and system administration service providers (including data storage providers and data management platform providers);
- Service providers such as solicitors, accountants. insurance companies and insurance claims managers, debt recovery agencies, payment processing companies and logistics companies;
- Regulators, local authorities and government bodies, including the Police and HMRC, to comply with any legal or regulatory requirements or formal/informal investigations;
- Courts, parties to litigation and professional advisers where we reasonably deem it necessary in connection with the establishment, exercise or defence of legal claims; and
- A purchaser or parties interested in purchasing any part of our business (and professional advisors supporting on the transaction).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where the third parties act as processors on our behalf, we only permit them to process your personal data for specified purposes and in line with our instructions.
Third parties we share data with may be based outside the UK or the EEA. Whenever we transfer your personal data out of the UK or the EEA, we take steps to ensure that the same level of protection is afforded to it by ensuring one of the following safeguards is put in place:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Information Commissioner's Office; and
- Where we use certain service providers, we may use specific contracts approved by the European Commission and/or the UK Information Commissioner's Office, which give personal data the same protection it has in Europe (or the United Kingdom).
How SECURE is my data?
We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know - they are subject to a duty of confidentiality. Unfortunately, no transmission of information over the internet can be completely secure, and the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect account information and passwords. Please take care to protect this information.
What are my RIGHTS?
Under data protection laws, you have various rights which are set out below. The rights available to you depend on our reason for processing your personal data. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond). Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.
- Right of access. You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
- Right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
- Right to erasure. You have the right to ask us to erase your personal data in certain circumstances. You can read more about this right here.
- Right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
- Right to object to processing. You have the right to object to processing of your personal data where we are relying on a legitimate interest or conducting direct marketing. You can read more about this right here.
- Right to withdraw consent. Where we are relying on consent to process your personal data, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent. You can read more about this right here.
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details at the start of this policy.
MARKETING and PROFILING in more detail
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
- We will only send direct electronic marketing (e.g. via emails or SMS or direct social media messages) where
- we have your consent
- you have solicited certain information (for example to receive one-off correspondence in relation to a competition/promotion you have entered or a festival that we are sponsoring)
- you have purchased goods from us and you did not opt-out of receiving any marketing where this opportunity was provided to you
You can ask us to stop sending you direct marketing messages at any time by contacting us at email@example.com. Where you opt-out of receiving these marketing messages, we will no longer conduct any direct electronic marketing unless you opt-in again at a later point. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information provided to us in connection with an Engagement on the basis of contract necessity.
You may also receive indirect marketing from us by way of online advertisements or general marketing communications from us. There are various methods we may use in order to indirectly market to you online, as follows:
- Contextual advertising on particular types of websites - we buy space on these third party websites and our adverts are shown based on other content displayed on the page: it is not targeted to particular individuals
- Advertising to people signed up with an online platform (such as Facebook or Google) based on what the platform knows about them, e.g. we may ask Facebook to show a particular advert to people interested in beer living in Edinburgh or people interested in certain competitions / events (including festivals). This may involve use of ‘custom audiences’ where we send a list of hashed email addresses of our existing customers (including end consumers) to the online platform, and the online platform then matches these email addresses to users and presents our advertising to them. Hashing is a security measure whereby the information is turned into a code
- Identifying relevant groups of people who aren’t existing customers - we use data purchased from third parties (where you have consented to your data being shared) to identify relevant audiences who our adverts might be of interest to
- ‘Look-alike” / ‘Similar’ audiences, where either: (a) we use our “custom audiences” (see point 2 above) to find a group of people with similar characteristics to our existing customer base; or (b) as an expansion of the activities described in point 3, we ask third parties to present general social media adverts to individuals that they believe will like our products based on audience data within their platforms so that we reach the right audiences and ensure our marketing efforts are efficient. For the circumstances in (b), we would direct the third parties to target individuals in certain age categories and locations with certain interests. In each case, we only receive anonymised reporting (e.g. number of impressions) and you won’t receive direct marketing from us (e.g. SMS/e-mails) unless you have consented to that. In these circumstances, the platform and Relevant Third Parties act as a controller. Further information about how the platforms, including Facebook Ireland, process your personal data can be found in their respective privacy policies
We may use your Identity Data, Contact Data, Profile Data, Technical and Usage Data, Marketing and Communications Data and Location Data, together with Inferred Data, to form a view on what we think you may want or what may be of interest to you and to understand your purchasing trends. We may also use data which has been collected from third parties to enrich the data we hold relating to you in order to build a fuller picture of what may be of interest to you. These profiling activities inform how we decide which brands, products, outlets and offers may be relevant to you. By building a profile of you, we can send you tailored communications and make personalised recommendations, inform you of special offers we think you will be interested in, and customise promotions & special offers that are most relevant to you across a variety of channels.
Please note that whilst we carry out the profiling activities described here, we do not carry out any automated decision-making processes which could have a legal or significant impact on you.
WHAT THIS POLICY COVERS
- What a cookie is
- Cookies we use
- What you can do if you do not agree to the cookie use
- Concluding remarks
In order to make full use of the Website, your computer, tablet or mobile phone will need to accept cookies. Accordingly, it is important that you know what cookies our Website uses and for what purposes.
WHAT IS A COOKIE?
Cookies are small text files containing small amounts of information which are downloaded and may be stored on your user device e.g. your computer (or other internet enabled devices, such as a smartphone or tablet). We may use similar techniques, such as pixels, GIFs, web beacons, device fingerprints, etc. For the sake of consistency, all these techniques combined will hereafter be referred to as ‘cookies’.
COOKIES USED ON THE WEBSITE
We use functional cookies to operate the Website (these are set by default). We’d also like to set optional functional, performance and targeting cookies. Full details of all of these cookies can be found in the drop down menus when you click “Preferences” on the cookie banner. By clicking “Accept” on the cookie banner, you give your consent to us placing and/or reading cookies.
- STRICLTLY NECESSARY COOKIES. These cookies are essential and help you navigate the Website and use its features. These cookies also help to support website security and basic functionality. These cookies cannot be disabled.
- FUNCTIONAL COOKIES. These cookies enable the site to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our website. IF you do not allow these cookies then some or all of these services may not function properly.
- PERFORMANCE COOKIES. Analytical cookies help us to understand the behaviour of our visitors and their usage of the Website. For instance, we can use these cookies to gain insight into how our visitors use our Website. This means we can find out what works and what does not. It allows us to continuously improve the Website and to measure how effective our advertising and communication is. Performance cookies also allow the Website to remember choices made and provide enhanced, more personal features. We also use technologies to track email engagement data (i.e. opens and clicks to understand when an email is opened, how many times it is opened, what device or devices are involved and rough physical location, deduced from the internet protocol (IP) address). Based on this information, we will adapt our marketing campaigns and communications to ensure our emails are relevant and of interest to you.
CONTROL YOUR COOKIE SETTINGS
You have the option to consent to our use of the different categories of cookies by clicking ‘Preferences’ in the cookie banner that is presented to you when you visit our Website.
You can manage your cookie settings in your browser at any time. Please be aware that your browser settings may not offer you the same ease of use as the cookie preferences centre on our Website. If you simply disable all cookies in your browsers settings, you may find that certain sections or features of our Website will not work, because your browser may prevent us from setting functionally required cookies. The following links may assist you in managing your cookies settings, or you can use the 'Help' option in your internet browser for more details.
- Internet Explorer/Microsoft Edge: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies / https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
- Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
- Safari: http://support.apple.com/kb/PH5042
- Opera: https://help.opera.com/en/latest/web-preferences/
Please be aware that we do not currently make use of a technical solution that would enable us to respond to your browser’s ‘Do Not Track’ signals.
If you have any further questions and/or comments, please contact firstname.lastname@example.org.