The Data Controller connected with this Privacy Notice is Private Reserves Limited
In this instance your data is being processed for the specific purpose of receiving, storing and delivering your reserves.
2. Lawful Basis
The collection of your data for this purpose is under the Lawful Basis of Contract, because we require the information we collect in order to fulfil our obligations under the terms and conditions which govern the provision of our service.
3. Information Collected
The personal data we will collect and process about you in connection with this purpose is:
3.2. Address (both for correspondence and delivery, if they are different)
3.3. Telephone number(s)
3.4. Email Address
In addition, we may collect other non-personal data regarding your wine preferences etc.
4. Website Data Collection
4.1. The Private Reserves website uses Google Analytics to analyse the traffic on our website. However, this is anonymised, so no personal data is collected.
Under the Lawful Basis referenced in paragraph 2, your data will be retained for the remainder of the financial year, plus a further six years in accordance with HMRC requirements for financial record keeping. The retention period will commence from the date of the completion of your last order with us.
At the end of this retention period your data will be destroyed using an approved method unless prevented by Court order.
7. Data Sharing
Whilst we control your personal data, we will need to share this data with the following parties, for the following purposes, in order to provide you with the services you are seeking from us:
7.1. Providers of services related to the support of our IT systems, website, order fulfilment software and data storage services.
7.2. An online payment provider for the purpose of collecting payment.
7.3. Logistics providers, for the sole purpose of moving, delivering and storing our client’s reserves.
7.4. On occasion we may also share client’s personal data with Bonded Warehouses or Shipping Companies / Freight Forwarders. In these circumstances we will be acting under the specific instructions of the relevant client.
7.5 Goedhuis & Co for providing data analytics and wine services such as broking and Reserves Watch.
All of these data sharing activities are governed by commercial terms, which include data sharing clauses. These various data processors act under Private Reserves’ control and are only permitted to use the personal data for the sole purpose for which it is shared with them.
The names of specific companies involved, and precise locations are not provided here for security reasons. However, if data subjects require more detail, they are requested to contact Private Reserves using the contact details provided in paragraph 9.2.
8. Transfer of Data Outside of the European Economic Area
Some of the data is shared and processed outside of the European Economic Area by companies based in the USA. In such circumstances we can confirm that these companies are members of the EU-US Privacy Shield Framework, which governs how US companies must treat the data of EU citizens and enable these data subjects to exercise their rights, as well as the companies being subject to action by European Supervisory Authorities.
9. Rights of the Data Subject
9.1. Under the General Data Protection Regulation, you, the Data Subject have certain rights regarding the control and processing of your personal data. Details regarding your rights can be found on the Information Commissioner’s Office (ICO) website.
9.2. Should you wish to contact Private Reserves in order to exercise any of these rights, please email the Data Controller’s representative using the following email address: firstname.lastname@example.org. Alternatively, please call 01604 743 916 and ask to speak with the Company’s representative with responsibility for Data Protection matters.
10.1. Recognising the importance of personal data to our consumers, we endeavour to put in place appropriate organisational and technical measures to protect that data.
10.2. Personal data we hold on electronic media is encrypted and stored in a secure data centre located in the UK.
10.3. Personal data we hold on non-electronic media is held in files, which are secured in lockable cabinets and we have access controls to our premises.
10.4. Data Subjects should be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government advice. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
10.5. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
11. Additional Services
As a consumer of our services we may occasionally contact you to make you aware of offers or complimentary services, such as brokerage, which we feel could be of assistance to you. Such communications will be sent to you under the Privacy and Electronic Communications Regulations and you will be given the option to opt out of similar communications on each occasion.
12. Data Protection Concerns
Should you have any concerns regarding the way an organisation is processing your personal data, the ICO recommends that in the first instance you contact the organisation concerned. If the organisation does not address those concerns in an appropriate manner, you then have the option to escalate the issue to the ICO. If you wish to contact us because you have concerns about our use of your personal data, please contact us using the details provided in paragraph 9.2.
This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 14th June 2018.