Printing GDPR ( Our Data Protection Policy )

GDPR

You may be aware of General Data Protection Regulation (GDPR), which came into force on 25 May 2018.

This introduces a mass of requirements for small businesses like ours. Including obtaining the consent in writing from people whose personal data we hold in the course of our business. If you agree to be put on our e-mailing list, we will hold data on you for the following purposes: -

1. To send you the odd e-mail each year, for the purposes of inviting you to tastings, putting out the occasional offer, and even updating you about our business and any relevant news.

2. In addition, under the same legislation, please may we ask you to confirm that we may retain your postal address and telephone number(s) on our computer, so that we can contact you by post and telephone? Our intention is to use e-mail where we possibly can, but it might be useful for us to communicate with you by telephone or post on occasions.

3. We may also have your name and address on our accounts database so that we can send you invoices, and collect payment.

We will only contact you for the purposes set out above. When we take card numbers from customers for payment, we destroy the numbers as soon as payment has been taken. We do not keep customers’ card numbers. We will only use the details we hold for “core business purposes” as defined by the Information Commissioner’s Office (ICO). * If you are interested in ploughing through the definition, please see below.

We will not share, sell or trade our list of customers. Nor will we e-mail you on behalf of any other organisation after 25 May 2018, when GDPR comes into effect.

So, to make it clear (which the legislation requires me to do), please could you confirm that you give your consent to the three items set out above?

If you do not consent, we will not put you on our e-mailing list.

If you wish your details to be deleted from our records, you can do so at any time simply by contacting us by e-mail. If you contact us by any other method, please give us your e-mail address so that we can confirm to you that your details have been deleted – irksome, I know, but we have to keep records to show that we have indeed deleted your details.

* CORE BUSINESS PURPOSES as defined by the ICO

These are:

 staff administration

 advertising, marketing and public relations

 accounts and records.

Typically this would apply to a small business that processes personal information only for these purposes to support its primary activity. More details are shown next.

 Staff administration

This is processing for the purposes of appointments or removals, pay, discipline, superannuation, work management or other personnel matters concerning your staff.

 The individuals you hold information about will be restricted to any person whose personal information has to be processed for staff administration.

The term ‘staff’ includes all past, existing or prospective members of staff who are employees, office holders, temporary and casual workers, and also agents and volunteers. The personal information held about them includes all personnel and work management matters – for example their qualifications, work experience, pay and performance.

 Advertising, marketing and public relations

This is processing for the purposes of advertising or marketing your business activity, goods or services and promoting public relations only in connection with that business of activity, or those goods and services. You must meet all the following criteria:

 The individuals you hold information about are restricted to any person whose personal information you need to process for your own advertising marketing or public relations – for example past, existing or present customers or suppliers.

 Your information is restricted to information that is necessary for your advertising, marketing and public relations – for example, names, addresses and other identifiers.

 You advertise and market your own goods and services.

 If you obtain personal information from a third party, it is for the purpose of marketing your own goods and services.

 Accounts and records

This is processing for the purposes of keeping accounts relating to any business or other activity you carry out; deciding whether to accept anyone as a customer or supplier; keeping records of purchases, sales or other transactions to ensure the relevant payments, deliveries or services take place; or making financial or management forecasts to help you carry out your business or activity.

 The individuals you hold information about are restricted to anyone whose personal information needs to be processed for your accounts and records – for example past, existing or present customers or suppliers.

 The information you hold is restricted to personal information that is necessary for your accounts and records – for example, name, address and credit card details.