Our consumers are at the heart of what we do. This Privacy and Cookie Notice applies to personal information collected by or on behalf of Boutique Bar Brands. It sets out what we do with your personal information, how we keep it secure and explains the rights that you have in relation to your personal information.
Last revised: [July 2020]
Who we are
Boutique Bar Brands (BBB) is a UK-based importer, distributor and brand agency focussed on brand building and delivering sustainable growth to exceptional drinks brands. The BBB model allows brands to launch and scale quickly and sustainably. Brands benefit by using BBB’s logistical and distribution services whilst also achieving profitability in the shortest timeframe possible via accessing the team’s vast experience, aggregated resources and distribution outlets developed over the years.
Are you of legal purchase age?
You must not provide us with your personal information if you are not of legal age to purchase alcohol in the region within which you live or happen to be in.
We do not intend to collect personal information from any individuals under the legal purchase age, or to market alcoholic beverages to anyone under the legal purchase age.
If we receive notice or believe that someone under the legal purchase age has provided us with personal information we will make every reasonable effort to remove such personal information from our records.
What types of personal information do we collect?
Personal information is information about an identifiable individual, as defined by applicable law. The personal information we collect includes:
(a) information you provide to us; and
(b) information we automatically collect/generate or information we obtain from third parties.
We have set out below more details regarding these types of personal information:
- Information you may provide to us: These types of personal information include:
- Contact details (such as your name, postal addresses, phone numbers and email addresses),
- Demographic information (eg. age or age range and gender),
- Payment information (such as your credit card information and billing address),
- Information provided in online questionnaires (such as customer satisfaction surveys or market research),
- Competition entries/submissions
- Marketing preferences.
- Information we may collect/generate or obtain from third parties: These types of personal information may relate to your device (such as your PC, tablet or other mobile device), your use of our websites and apps (as well as certain third party websites with whom we have partnered), and/or your personal preferences, interests, or geographic location. Examples of these types of information include:
- name and age (or predicted age range),
- information about your device, operating system, browser and IP address,
- unique identifiers associated with your device,
- details of web pages that you have visited,
- which products you have ordered through us (including information about products you purchased),
- how long you spend on certain areas of a website or app together with the date and time of your visit/usage,
- personal information contained within user-generated content (such as blogs and social media postings),
- social media username or ID, and
- social media profile photo and other social media profile information (such as number of followers).
How/when do we collect personal information?
- Information you provide to us: There are various situations in which you may voluntarily provide personal information to us. These include when you:
- Enter a competition or promotion,
- Fill in an online questionnaire (such as a customer satisfaction survey),
- Provide payment details (such as when purchasing products from us),
- Contact us with an enquiry or ask us to provide you with information,
- Attend any of our events,
- Forward an item to a friend,
- Inform us of your marketing preferences
- Communicate with us via social media websites, third party apps or similar.
- Direct communication such as the presentation of a business card to us by yourself or your colleague
- Place an order with us
We will indicate where any personal information we have requested is mandatory or optional. We will also explain the reasons for the information being required.
Purposes and Legal
In this section we have set out the purposes for which we may process personal data and the legal bases of the processing.
Operations – We may process your personal data for [the purposes of operating our website, the processing and fulfilment of orders, providing our services, supplying our goods, generating invoices, bills and other payment-related documentation, and credit control]. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business, the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Publications – We may process account data for the purposes of publishing such data on our website and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is consent OR our legitimate interests, namely the publication of content in the ordinary course of our operations.
Relationships and communications – We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling]. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of our website, services and business.
Direct marketing – We may process contact data, account data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is consent or our legitimate interests, namely [promoting our business and communicating marketing messages and offers to our website visitors and service users.
Research and analysis – We may process usage data and/or transaction data for [the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.
Record keeping – We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
Security – We may process your personal data for the purposes of security, compliance the law and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.
Insurance and risk management – We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Legal claims – We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Legal compliance and vital interests – We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
We take information security extremely seriously.
No data transmission over the Internet or data storage system can be 100% guaranteed.. If you have reason to believe that your interaction with us is no longer secure. Please immediately notify us of the problem by contacting us at the contact details below.
In the unlikely event that we believe that the security of your personal information in our possession or control may have been compromised, we may seek to notify you of that development. If such a notification is appropriate, we will endeavour to do so as promptly as possible under the circumstances, and we may notify you by email.
It should be noted that it is your sole responsibility to control the dissemination and use of your password, access to and use of your account, and to notify us when you wish to cancel your account. We will not be responsible or liable for any loss or damage arising from your failure to comply with this obligation.
You have certain rights in relation to your personal information. These rights include:
- To withdraw your consent to any processing of your personal information (where you had provided consent);
- To object to the processing of your information for certain purposes;
- To access your personal information, and the ability to erase, restrict or in certain cases receive a machine-readable copy of your personal information;
- To ask us to rectify any information about you that you think is inaccurate; and
- To unsubscribe from any of our marketing communications at any time.
If you wish to exercise any of these rights you may contact us (using the contact details provided below). We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions.
How to make a complaint
You have the right to complain to a data protection authority if you think we have processed your personal information in a manner which is unlawful or infringes your rights. However if you have such concerns we suggest that you initially contact us at; email@example.com
Cookies and similar technology
What is a cookie?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your device’s hard disk. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.
Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org.
What types of cookies do we use?
- First party cookies, served directly by us to your device when you visit our website.
This requirement derives from Article 5(3) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), which provides that:
“Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.”
The requirement is implemented in the UK in the Privacy and Electronic Communications (EC Directive) Regulations 2003. In its current (amended) form, Regulation 6 states:
“(1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment – (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information – (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”
In their original form, these Regulations can be found on the legislation.gov.uk website.
- Directive 2002/58/EC (Directive on privacy and electronic communications) – https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN
- Privacy and Electronic Communications (EC Directive) Regulations 2003 (original form) – http://www.legislation.gov.uk/uksi/2003/2426/made
Article 13(2) of the GDPR provides that, where personal data is collected from a data subject, certain information about data subject rights must be provided:
“In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: … (b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; (c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; …”.
Similar provisions are set out in Article 14 in relation to personal data which is not collected from the relevant data subject.
The European Data Protection Board guidance on this issue states:
“This information should be specific to the processing scenario and include a summary of what the right involves and how the data subject can take steps to exercise it and any limitations on the right … . In particular, the right to object to processing must be explicitly brought to the data subject’s attention at the latest at the time of first communication with the data subject and must be presented clearly and separately from any other information.”
- Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/
- Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/
- Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227
Cookie’s, Your Rights Purposes and legal was created by Docular (Click Here).
How to contact us
Email – firstname.lastname@example.org