Erik Laan Fine Wines Ltd t/a The Vineking
About this document
This Privacy Notice is aimed to help you understand how we at Erik Laan Fine Wines Ltd t/a The Vineking (“ the Vineking”) collects, uses and protects your personal information. The Vineking is committed to protecting your privacy which may need to be updated from time to time.
The Vineking is committed to protecting your privacy. We reserve the right to update these policies from time to time.
In order to provide our shopping experience, we may need to collect certain information from you and this notice explains when and why we collect personal information about you when you interact with us either in store, online or over the telephone. For clarity throughout this notice, “we” and “us” mean “The Vineking.” When you are using the Vineking website or shopping in one of our stores, Erik Laan Fine Wines Ltd T/a The Vineking is classed as the data controller under the General Data Protection Regulation (“GDPR”).
If you have any queries about this Privacy Notice or how we process your personal information, please contact: firstname.lastname@example.org or by post to: The Data Protection Officer, Erik Laan Fine Wines Ltd, 15 Gatwick Metro Centre, Balcombe Road, Horley, England, RH6 9GA.
What information we collect about you
We collect and process information that you provide by:
o Registering an account and filling in forms on our website www.thevineking.com. This includes information provided at the time of registering on the site, subscribing to our service, completing a website contact form, posting material or requesting further services.
o Collect details of your visits to our site, such as identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address, traffic data, location data, weblogs and other communication data and the resources that you access.
o Collect details when you read emails you have previously opted for, such as identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address, traffic data, location data, weblogs and other communication data and the resources that you access through the email.
o Information when you purchase products in any of our shops or over the phone, including the redemption of The Vineking Gift Vouchers either in a shop or online.
o Information when you comment about or review our products or events.
o Information when you engage with us on social media.
o If you have given permission to a third party to share information they hold about you with us.
o When you visit a store which may have CCTV systems that may record your image.
What we use your information for and the legal basis for processing
The GDPR on data protection sets out a number of reasons why we may collect and process your personal data.
We may store and use your personal information for the purposes of:
- Giving you the best possible shopping experience enabling us to offer a tailored service
- Ensuring that content from our site is presented in the most effective manner for you and for your computer (legitimate interest) which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
- We may use your purchase history or shopping preferences to offer you more personalised offers or products;
- Providing you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
Data privacy laws allow this as part of our contractual obligations and legitimate business interest in understanding our customers, providing a high level of service and being able to deliver our products to them. Our "legitimate interests" include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements. We will hold your data in our systems only for as long as necessary for each relevant activity, or for long as is set out in any contract we have with you.
When you place an order with us on our website, your card details are collected by our 3rd party payment processors, Sage Pay who use secure online capture and processing method. This aims to protect you from fraud as part of our contractual and legitimate business interests.
How long your information is kept
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards.
We treat our records in two main ways.
Sales data - after a period of 7 years your transaction data is deleted or anonymised. if you placed an order with us, we keep your details for  years and after that it is anonymised. It may be used for business planning purposes.
Marketing data - If we don't see an interaction with you in our store or online for a period of  years, we will automatically remove you from our marketing database. We regard an interaction as:
- Reading a marketing email sent by us
Buying our goods or services instore or online.
Protection of your personal data
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us. Here are some ways we secure your data.
- We use encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.
- We do not store your card details ourselves, but instead utilise SagePay, who are a PCI compliant payment processing provider for all orders placed online and over the phone.
- All personal data is stored and encrypted in either:
- Microsoft's Data Centres
- Brightpearl’s data centres
- Mailchimps data centres
- We monitor and check our data security systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
How you can stop receiving our services
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
- If you have an account, log in into your account on our website at www.thevineking.com and visit the ‘My Account’ area and change your preferences
- You have the right to access and rectify mistakes in the data we hold about you at any time.
- Contact our Customer Care team at email@example.com
- Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. We estimate no longer than 2 weeks for email and 8 weeks for postal communications.
Requesting access and making changes to your personal data
These requests will be handled on a case by case basis and we estimate will be processed in no longer than 8 weeks depending on our legitimate business interests, legal and contractual obligations. If we refuse your request we will explain to you the reason for our refusal. In order to keep your information confidential, we will ask you to verify your identity before proceeding with any requests. If there is a third party acting on your behalf, we will check that they have your permission to act.
Legitimate Business Interests
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Who we share your data with
In order to provide you with our services, we will share your information with the following:
- third party service providers who support the operation of our systems and help us deliver the services to you (as is necessary for our legitimate interests or as you have consented);
Under GDPR you have the following rights:
- to require us to erase your personal information;
- to require us to restrict or object to our data processing activities;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
- to require us to correct the personal information we hold about you if it is incorrect.
- Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk. Or by calling 0303 123 1113. If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.