At Chamberlain Wines we are committed to respecting and protecting our customers' privacy.
This policy applies where we are acting as a data controller with respect to your personal data, in other words, where we determine the purposes and means of the processing of such personal data. It captures personal data entered across all channels. This policy also provides certain information that is legally required and lists some of your rights in relation to your personal data.
Please read this policy carefully to understand our views regarding your personal data and how we will treat it.
This policy relates to personal information that identifies “you” meaning customers or potential customers, suppliers, individuals who browse our website and other individuals outside our organisation with whom we interact.
We take our responsibility to manage your data in a secure and transparent way very seriously. If you are getting marketing emails you don’t want, please email firstname.lastname@example.org let him know.
How to contact us
If you need to contact us in connection with our use or processing of your personal data, or gain access to it, then our contact details are provided above.
Categories of personal data
In this section we outline the categories of personal data which we may collect, use, store, share and transfer. Usually the personal data we process falls into one or more of the following categories:
Order, Account and Billing Data – this includes information relating to your account and transactions (including payment) with us and information which we need to fulfil your order, such as your name, date of birth, bank account or card details, information which we collect for the purposes of the prevention of fraud billing address, delivery address, phone number, email address and purchase history, some of which we may not receive directly as it may be collected by payment processors;
Usage Data – this includes information about your use of our website or app, and reaction to our emails and services, such as your device ID, IP address, geographical location, browser type and version, operating system, length of visit, page views and website pages viewed, as well as information about the timing, frequency and pattern of your use;
Communication Data – this includes information contained in any communication, enquiry or complaint you submit to us regarding goods and/or services and personal data we create about you in relation to the same (such as where we make a written record of a complaint made in our store so that we can take steps to address the complaint) as well as any information in any survey you complete for us;
Marketing Data – this includes your advertising preferences, such as your preferences in receiving marketing materials from us and/or our third parties (such as our media and marketing agencies), your name, email address, billing address, phone number, date of birth, gender, and the user ID of any social platforms you have connected with us on;
Aggregated Data – we also obtain and use aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
How we use your personal data
We collect personal data about you in order to:
perform our contractual obligations to you. This would include:
delivering your orders to you;
making or receiving payments (including speedy checkout);
collecting and recovering money owed;
supplying the purchased goods or services and keeping proper records of those transactions; and
updating you on the progress of your order;
comply with our own legal and industry obligations. This would include processing your date of birth data for the purposes of confirming you are 18 or over and therefore legally able to purchase alcohol;
administer and run our business. This would include processing your Internal Social Data:
for the purposes of publishing on our website or app (or social media channels such as Facebook, Twitter, Instagram etc); and
in our marketing materials to help us tell other customers about our products and services;
use data analytics (including Google Analytics and e-mail services providers), to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences. This would include processing your Usage Data for the purposes of analysing the use of the website, emails and services;
manage our relationship with you including:
to notify you if you have asked us to let you know when an item is back in stock;
if you have opened an account with us, to confirm your registration;
contacting you if you have asked us to contact you by completing a Contact Form via our website;
contacting you if you have asked for a password reminder or reset;
to send you important notices such as communications about changes to our terms and conditions and policies (including this policy);
to send you information you have requested;
to e-mail you when you have placed items in your shopping basket but not proceeded to payment;
to ask you to leave a review or feedback on us; and
to respond to, provide clarification on, resolve issues in relation to, or otherwise communicate with you in relation to, any enquiry you may have.
make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising. This would include, for example, advertising our products and services to you on social media sites such as Facebook, Twitter, Instagram etc. We may also use Marketing Data to exclude you from seeing advertisements from such third party websites;
communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;
protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same); and
finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.
We may process any of your personal data identified in this policy where necessary for the establishment, investigation, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
Accuracy of personal data
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Providing your personal data to others
We do not, and will not, sell any of your personal data to any third party. We want to earn and maintain your trust, and we believe this is absolutely essential in order to do that.
We may disclose your personal data with the following categories of companies as an essential part of being able to provide our goods and services to you, as set out in this policy:
to our insurers and professional advisers (such as accountants, bankers, insurers, auditors and lawyers) insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks or obtaining professional advice;
to companies such as Facebook, Twitter, Instagram and other companies which you choose to interact with, including where those companies operate plugins or content on our website;
to companies that do things to get your orders to you, such as warehouses, order packers and delivery companies;
to third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
to HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
to law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
If applicable, to postal printing and mailing companies in order to deliver news and offers to you, as well as email service & marketing tool providers that help us to enable our marketing; and
to our card payment service providers (including PayPal) to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Our lawful basis for processing your personal data
We are required by law to have a lawful basis to process your personal data for the purposes set out in this policy.
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
the processing is necessary in order for us to comply with our legal obligations (such as alcohol legislation);
the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
processing is necessary for the establishment, exercise or defence of legal claims; or
the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
the provision of goods and services;
the recovery of debt;
the provision of administration and / or IT services;
the security of our IT network;
the prevention of fraud;
marketing of goods and services and promotion of our business;
the reorganisation or sale or refinancing of the business or a group restructure;
the study in how to develop and the update of our products and services;
the development of our business strategy;
protecting our business and property.
the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises; or
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 3 of this policy to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
Transfers outside the European Economic Area (EEA)
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom, including the European Economic Area and the United States of America. In connection with such storage, processing and transfers we will seek to ensure that:
the transfer is to a country that the United Kingdom has decided provides an adequate level of protection such as to a country approved by the United Kingdom or to certain organisations with the US pursuant to the Privacy Shield (where valid);
there are appropriate safeguards in place such as ensuring that all our group companies follow the same rules when processing your personal data (called binding corporate rules) or putting in place standard data protection contractual clauses between us and the recipient (often called the model contractual clauses). A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in this policy; or
one of the derogations for specific situations under the law applies, examples could include where you have explicitly consented to the transfer or the transfer is necessary for the performance of a contract or exercise or defence of legal claims.
We will take all reasonable steps to ensure your information is treated securely and in line with this policy. You acknowledge that personal data that you submit for publication through our website, for example product reviews, may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
How long we retain your data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will however retain your personal data whilst you are an active customer (in other words, you purchase products from us) for as long as is needed to give you the best possible service.
Where you have not placed an order (sale, refund or other payment) with us for a long time, we may delete your account.
You have a number of rights in respect to your personal data, some of which we have summarised in this section. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You may exercise any of your rights in relation to your personal data by emailing us on email@example.com or coming to see us.
Right of access – you may have the right to confirm as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
Right to rectification – you may have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
Right to erasure – in certain circumstances you may have the right to request the erasure of your personal data on legitimate grounds as specified in law.
Right to restriction on processing – in some circumstances you may have the right to request the restriction of the processing of your personal data on legitimate grounds as specified in law.
Right to objection to processing – you may have the right to object, on legitimate grounds as specified in law, to our processing of your personal data on grounds relating to your particular situation.
Right to data portability – in certain circumstances, you may have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit that information to another controller to enable it to use the data, to the extent applicable in law.
Right to stop marketing messages – at any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers. You can do this by accessing your account here.
Right to withdraw consent – to the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time.
Right to complain – in the event that you wish to make a complaint to us about how we process your personal data, please contact us at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. You may have a legal right to lodge a complaint with the Information Commissioner’s Authority or other supervisory authority responsible for data protection. Please see https://ico.org.uk/concerns/ for how to do this.
Please see the Cookies section below.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
Links to other websites
Technical and security measures
All information you provide to us is stored on secure servers and we use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We ensure that any third parties with whom your personal information is shared in accordance with this policy are also subject to agreements which impose on them equally stringent procedures and security features to help keep your personal data secure.
Procedures are in place to deal with any suspected personal data breach and to notify you and any applicable regulator when legally required to do so.
In common with most websites, chamberlainwines.co.uk uses "cookies". Cookies are small snippets of text that are stored on your computer. When you request a page from our website, the cookies are sent to our web server, and when we send a page back to you our server may add to or change these cookies. Without cookies, we would not be able to know that you are the same person from page to page.
Our website is driven by a company called Wix, and they set some cookies. However we don’t use tracking tools like Google Analytics, so we only have “essential cookies” that:
remember the goods you wish to buy;
provide security; and
load-balance your page