Our Privacy Notice has been updated.
We have made some changes to our Privacy Notice to give you clear information about how we process your personal data.
Version 3.1, revised 1 September 2020
At The Wine Society, we respect your privacy and are committed to protecting your personal data. In this notice, we explain how we collect and use your personal information when you visit our website, become a member, subscribe as non-member to our mailing lists or otherwise contact us.
Please note that links from our website may take you to external websites which are not operated by us or covered by this notice. We recommend that you check their privacy policies before submitting any personal information to other sites.
We are The International Exhibition Co-operative Wine Society Limited ("The Wine Society"), a mutual society based at Gunnels Wood Road, Stevenage, Hertfordshire SG1 2BT (registered number IP01824R).
For the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), we are the 'controller' of the personal data that we collect and hold about you, which means that we make decisions as to how and why we use your data within our society.
If you have any questions about your privacy, your rights or our use of your personal data, please contact us.
Personal information we collect from you
You are not required (by law or by any contract with us) to provide personal information to us via our website. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request, such as when you join us as a member.
Membership of The Wine Society
In order to join us and become a member of The Wine Society, you will need to provide us with personal information, such as:
- Your identity and contact details, including your full name, date of birth, telephone number, email and postal address
- Photo ID such as your passport, driving licence or residence card (where required) (we have a legal requirement to confirm that you are over 18)
- Payment information such as your credit/debit card details, bank or other payment account details and/or direct debit information.
If you receive a gift membership or gift wines from a friend, colleague or family member then we may collect some of this information from them, instead of directly from you. We will also record the details of the person giving the gift.
As a member you will have access to our great range of wines and events and promotions, as well as our other services such as wine storage at our members' reserves. Throughout your membership we will collect other personal information from you, such as:
- Details of your orders and purchases (including wines, event tickets and other services such as wine storage)
- Further payment information that you provide to us to take payments and fulfil your orders
- Information about your shopping habits with us, your preferences and your attendance at any of our tastings and events
- Any other information that you provide to us in order to help us enhance your experience as a member (for example, you may provide us with details of your property to help with deliveries).
Other information that we collect and hold about you (as set out in this notice) may be combined with the information above to help us gain a better overall understanding of how you interact with us throughout your membership.
Our news, competitions and surveys
Anyone can sign up for news and information from The Wine Society to stay up to date with The Wine Society's news and events– you don't have to be a member. If, as a non-member, you subscribe to our news or other mailing lists, you will need to provide us with your name and contact details (such as your email address) as well as any preferences regarding the information we send you and how we contact you.
If you enter any of the competitions that we hold, including via our website, Community forum and our social media pages, you will need to provide us, should we not already hold it, with information about your identity (such as your full name and relevant online profiles like your Community forum username or social media accounts), your contact details (including your postal address for any deliveries) and the details of your entry.
If you choose to complete any of the surveys or questionnaires that we run, we may record your name and contact details as well as the answers or feedback that you provide. In some cases we will anonymise this information so that we only keep aggregated data and statistics.
Data we collect through our website, social media and marketing
We may collect other personal information about you whenever you visit our website or interact with us on social media or when we send you promotional emails. This information may include:
- Your credentials for accessing your member account on our website (email address, share number and password) and your Community forum account (username and password). We store passwords in an encrypted format for your security.
- Any information you add to your profile on our website or Community forum, as well as any posts or contributions that you submit or other content that you may upload
- Information about the devices and software you use to access our online services, such as the make, model, operating system and any unique identifiers of your device, and the type and version of your browser, to ensure that your on-line experience with us is as good as we can provide.
- Your IP address (which may reveal your location) and other identifiers relating to your device or browsing session
- Your browsing behaviour on our website, such as the content and pages you view, links and adverts that you click and the sites or pages that referred you to our site (including where you interact with our adverts on other sites)
- Information about your interaction with us on social media, such as views and impressions of our social media accounts, pages and content and any posts or content that you tag us in or post on our pages.
- Information about your interaction with our promotional emails, such as the date and time that you open them, which links or content you click and any products that you view or purchase after following the links on our emails, which we collect using tracking pixels and unique URL links in these emails.
Where you are a member and you have logged in to your account on our website or your Community forum profile, we may combine this information with the other information that you provide to us in relation to your membership.
Applying for a job with us
If you apply for a role at The Wine Society, we may collect information about your identity and your contact details, as well as your CV and information, your previous work experience and qualifications, from you or from third party recruitment agencies. We will keep our own interview records and we may also collect information about you from psychometric and other tests that we ask you to complete as part of the recruitment process.
Our suppliers and business contacts
We hold personal information about our suppliers and other business contacts, including names, contact details and payment details and information about your engagement with The Wine Society.
Personal information we collect from other sources
We may collect personal information about you from other sources, including from third party organisations and publicly available registers.
Member insights and purchased marketing lists
We may collect additional information about our members from third party organisations such as Experian, to help us better understand our members through profiling and to enable us to personalise our services, advertisements and promotional materials.
We may also purchase information about consumers (including non-members) from third party organisations such as Experian, to help us target relevant audiences with our advertisements and promotions.
This information may include names and contact details, demographic information (such as age group, location/region and social status), credit details, information about behaviours and preferences and, where appropriate, records of any consents obtained by third parties that we may seek to rely on.
Verifying your identity and age
We may collect additional information from third party sources such as GBG (ID3 Global) and Experian, and from publicly available resources such as the electoral roll, in order to verify your identity and age (such as when you become a member or wish to purchase any alcoholic products, and so that we can ensure that you are old enough to be sent promotional materials relating to alcoholic products).
Information from other sources
We may also collect information about you from other sources. For example:
- Publicly available information from sources such as Companies House
- Publicly available information from the electoral roll
- Information you have shared publicly, including on social media
- Information from other third-party databases, such as credit reference agencies.
How we use your personal information
We use personal information about you for a number of different purposes, which are explained in more detail below. In most cases, we will need to use your information for these purposes in order to fulfil our obligations under a contract with you, to comply with our legal obligations, or in pursuit of our (or third parties') legitimate interests where these are not overridden by your rights and interests.
We need to use your personal information in order to manage and administer your membership generally. We use your information in this context to:
- Administer your membership, including verifying your age and identity, issuing your share and maintaining your details on our record of members
- Answer your queries and correspond with you about matters relating to your membership
- Take and fulfil your orders, including processing payments and refunds and arranging deliveries
- Allow you to transfer wines to and access your Members' Reserves
- Enable you to purchase tickets for, and take part in, our tastings and other events
- Provide you with information about your membership and shareholding (such as notice of general meetings and other important events)
- Provide you with information and news about The Wine Society, our performance and our services and products
- Improve and develop the products and services that we offer, and the ways in which we communicate with you, to provide the best member experience that we can.
It is necessary for us to use your information in these ways in order to perform our obligations under our contracts with you, to comply with our legal obligations (such as to verify your age and identity and to maintain a record of our members) and to pursue our legitimate interests in monitoring, developing and improving our business and the services and experience that we offer.
Promotional messages and marketing
We may use your personal information to send you news and updates from The Wine Society and information about our products and services including offers, promotions and new products. Depending on how you interact with us, we may contact you by email, text message, telephone, post or other methods, including on social media.
We may use data obtained from third parties (such as Experian) for postal marketing and online display advertising, and we use profiling to help us identify relevant audiences (see further below).
We have a legitimate interest in using direct marketing to reach out to existing and prospective members to help promote and grow our business and membership, and we need to use your personal information to do this.
If we're contacting you by post or you are an existing member or customer, we may not require your consent, but you can always tell us to stop using your information for marketing purposes if you wish. Where we rely on your consent to send you marketing communications, you can withdraw your consent at any time by contacting us, using the unsubscribe links provided in emails we send to you or confirming your choice on our preference on-line centre for members (when available).
We use information about your interactions with our promotional emails, such as when you open them, which links or content you click on, and any products that you view or purchase after following the links in our emails, to help us to monitor and improve the effectiveness of our marketing campaigns. We have a legitimate interest in doing this, as it enables us to enhance the service that we provide by better understanding the information you would like to receive from us.
Profiling is the use of personal information to evaluate certain aspects relating to a person, such as their preferences, interests or behaviour.
We use the personal information that we hold to carry out profiling on our members and other individuals for our internal business purposes and marketing and advertising campaigns. The information that we use in this context may include:
- Membership, order and purchase records
- Feedback from surveys and questionnaires
- Information about lifestyle, interests, preferences and behaviour
- Demographic information such as age, location and financial or social status
- Information about website usage and interaction with our advertising campaigns
- Information obtained from third parties (such as Experian).
By analysing this information, we can group together people who may have similar characteristics or behaviours, which helps us to develop and improve our internal processes so that we can provide the best experience for our members.
This also allows us to tailor the information that we send to you and personalise your experience with The Wine Society by identifying the news, products and services that we think may be of most interest to you and avoiding sending you unwanted content.
We have a legitimate interest in carrying out profiling in this way so that we can better understand our existing and prospective members, aim to build and improve our relationships with them and improve our service.
Most decisions that we make based on your personal information, such as which communications we choose to send to you, are made by our own analysts here at The Wine Society.
We may engage third parties (including Experian) to carry out profiling and automated decision-making on our behalf, including by combining the information we hold with their own databases, and we may use automated decision-making to help tailor our online advertising services. However, we will not rely on automated decision-making for any decisions that may have a significant impact on you or your experience with us.
We need to use personal information about you in order to display relevant adverts to you online.
We use retargeting to personalise your experience with us on social media (including Facebook and Pinterest) by showing you relevant adverts. When you visit our website or social media pages, a small script tells the advertising service (such as our Facebook ads account) about the content that you've viewed or clicked, so that we can show you similar content whilst you're browsing on the same device.
We also use list-based retargeting services such as Facebook Audiences to find relevant audiences for our adverts, which means that we provide a list of our contacts to the provider (e.g. Facebook) so that they can display relevant adverts to their own users who are on the list. The lists that we use for these purposes may be generated through profiling, as explained above.
We may also use Facebook to target our adverts at 'lookalike' audiences, which are lists generated by Facebook, using profiling and automated decision-making, of individuals that appear to have similar characteristics to our members and contacts.
We have a legitimate interest in using these advertising services as it allows us to improve our members' experience with us online and to increase the effectiveness of our advertising campaigns.
Improving our website and promotions
We use data that we collect via our website (such as usage and performance data, IP addresses, browsing behaviour and device and browser information) to monitor and improve the performance, accessibility and user experience of our website and to measure and improve the effectiveness of our online adverts.
We use Google Analytics to help us collect and analyse information about use of our website, and we may combine this information with other personal information that we hold for these purposes.
How else do we use your personal information?
We may use your personal information in other contexts, for specific purposes. For example:
- We use information about our suppliers and other business contacts to fulfil our contracts and to maintain our professional relationships.
- If you apply for a job at The Wine Society, we will use the information that you provide during the recruitment process to review, assess and progress your application, but not for any other purpose.
- We will use your personal information to respond to any communications that you send us, and to inform you of any important updates (including updates to this notice).
- We may use your information where it is necessary for us to do so in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes.
- We may use your information where it is necessary to protect your interests, or the interests of others, in accordance with our legal obligations. This may include in the event of criminality such as identity theft, piracy or fraud.
We will only use your personal information for the purposes for which we collected it, as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose for the collection of the data.
Who we share your personal information with
Sharing your information within our business
We will share the information that you provide to us with our staff so that we can operate our business and provide our products and services, but access to different types of information is limited to those staff who need to access that information for their roles.
Sharing your information with third parties
We share your personal information with selected third parties to assist us in carrying out various functions of our business. Some of these are below, but this list is not exhaustive and we may change service providers from time to time.
- We share information with GBG Plc to verify your age and identity
- We share information as necessary to perform our obligations under contracts with you, such as with couriers for deliveries, and with our bank and payment service providers to make and receive payments
- We may share information with IT service providers and communications providers for phone, email and other services, and we store physical and cloud backups of our servers and databases with Iron Mountain and iLand.
- We share information with SendGrid, our email delivery service, to automate the deployment of important transactional emails (such as when we email you to confirm your order).
Website and Community
- We share information with our web hosts (Serverchoice) to host the website and related applications and infrastructure
- We may share information with Google and similar service providers for analytics purposes.
Marketing and advertising
- Our marketing database is hosted on Alterian (customer experience software) and we may share information with marketing agencies to help us run our campaigns
- We share information with Experian to assist with profiling and to help us find the right audience for our ads
- We share information with Facebook, Pinterest and other advertising services to help display relevant adverts to you.
Other third parties
- We may share information with our auditors, insurers, brokers, legal advisers and banks
- We would share information where required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
- We would share information where necessary to protect the safety of our employees, our property or the public, or where necessary for the prevention or detection of crime
- We may share information where proportionate as part of, and in the event of, a merger, business or asset sale.
We may otherwise share your personal information to the extent that we reasonably need to for our legitimate interests or to provide our products and services. We always seek to ensure that your personal data is protected and we choose carefully who we share it with.
We will never disclose or sell your personal data to others for their marketing purposes.
Sharing your information outside the EEA
The UK has strict data protection rules under the GDPR and Data Protection Act 2018 and countries within the EEA all subscribe to the same data protection rules under the GDPR. Where personal data is shared outside the UK and/or EEA, it may not be afforded the same protection and you may not have available the same rights.
We will only share your data with parties outside the UK and/or EEA where there are appropriate safeguards in place to protect your data and ensure that you have the same rights as you would in the UK. This may be on the basis of an "adequacy decision" adopted by the European Commission or the UK Government, or through robust contractual obligations with the receiving party.
How long we keep your personal information
We keep personal information about you for as long as we may need to, for the purposes for which we collected it. Where we are providing you with any service (including our online services), we will continue to hold your data for at least as long as we provide that service to you.
We have different retention periods for different types of data, some of which are set out below, and after these periods we will delete or destroy the information unless we have a good reason not to.
We keep information about members, including your identity and contact details, indefinitely as we are required to maintain a record of all of our members (as shareholders).
We keep information about orders and purchases and other information relevant to your membership for up to 10 years, and our marketing database holds information for up to 5 years.
Data collected through our website, including IP addresses and analytics data, is held for up to 3 years.
If you apply for a job with us and you are unsuccessful, we will keep your information for up to 6 months unless you ask us to keep it for longer (up to 12 months) to be considered for future vacancies.
Keeping your information secure
We take the security of your personal data seriously and put in place appropriate measures to ensure that it is protected from unauthorised access or disclosure.
We implement information security policies and carry out training with staff to reduce the risk of security breaches, and we operate on a 'principle of least privilege' basis so that staff only have access to the information they need. We impose contractual obligations on the selected third parties that we work with to ensure that your data is protected when it is shared.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone, including our staff.
We try to ensure that all information you provide to us via the website is transferred securely. You should always check for the padlock symbol in your browser and "https" in the URL before submitting data through the website.
Most of the information you provide to us is stored on our own servers or with third party secure servers in the UK or EEA.
We have procedures in place to prevent or reduce the risk of, and respond to, data security breaches, and we will notify you and/or the relevant authority (such as the ICO) where appropriate if this happens.
You have a number of rights in respect of your personal data. If you would like any further information or to exercise any of your rights, please contact us. In most cases, we will not charge you any fee if you wish to exercise any of these rights.
The right to be informed
We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this notice to comply with this right, but please contact us if you require further information.
The right to access your personal data
You have the right to ask us to confirm whether or not we hold any of your personal data. If we do, you have the right to access a copy of your data, as well as information about how, and why, we use it. In order to prevent your data being disclosed to someone who is not authorised to access it, we may have to verify your identity before we provide you with a copy of the data that we hold.
The right to correct any inaccurate or incomplete personal data
If the information that we hold about you is inaccurate or incomplete, you have the right to require us to correct that data (or complete it by supplementing it with other information).
The right to be forgotten
You have the right to require us to delete or destroy your personal data in the following circumstances:
- The information is no longer needed for the purposes we collected it for
- Where we rely on your consent, and you withdraw that consent
- You object to us using your information for marketing purposes, or for our legitimate interests, and we have no overriding reason to keep using it
- We have used your information unlawfully
- We are required by law to delete your information.
If these situations apply, you may contact us to request that we erase your data from our systems.
The right to have your data transferred to you or a third party in a common format
Where your personal data is processed by automated means, you may have the right to obtain a copy of your personal data in a structured, commonly used and machine-readable format, and to ask us to transfer this data to another organisation in a safe and secure way.
You have the right to object to direct marketing
You can ask us at any time to stop using your information for direct marketing purposes, even if we do not rely on your consent to do this. You may exercise this right by following the instructions in any of the emails that we send to you, or by contacting us.
The right to object to us using your information for our own legitimate interests
Sometimes, we use your personal information to achieve goals that will help our business – these are our legitimate interests, and they are explained in more detail in this notice.
We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object to our use of your data in these ways. If you do object to this, unless we have a compelling reason to continue we will stop using your personal data for these purposes.
You have the right to restrict how we use your personal data
You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
- You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify or update this
- You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection
- We have used your information unlawfully, but you do not want us to delete it
- We no longer need to use the information, but you need it for a legal claim.
You have rights related to automated-decision making and profiling
You have the right not to be subject to decisions made based on automated decision-making, including profiling, which will have a legal effect upon you or otherwise significantly affect you. We do not currently use any automated decision-making or undertake any profiling of our customers or other individuals.
Changes to our Privacy Notice
Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice.
If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO. If you are based in another European Union member state, you may instead lodge a complaint with the supervisory authority in your country.
If you wish to speak to us regarding your privacy, or our use of your personal data, please contact us using the following details:
The Company Secretary
The Wine Society
Gunnels Wood Road