Our Privacy Notice has been updated.
We have made some changes to our Privacy Notice to give you clear information about how we process your personal data.
We have rearranged the sections to make the Notice easier to read and included more information on our legal obligations and on our processes.
Version 2.0, revised 19th August 2019
The Wine Society is committed to delivering the best experience for our members. As such, we take our responsibilities in looking after your personal information very seriously. This Privacy Notice explains how we (The International Exhibition Co-operative Wine Society Limited (‘The Wine Society’)) will use your personal information. We collect, use and are responsible for personal information about you. When we do so, we are subject to the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, which applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of data protection legislation.
2. Personal data we collect
We collect data you provide to us. This includes information you give when joining or registering yourself as a member, placing an order or communicating with us. For example:
- Your personal details, including your name, postal and billing addresses, email addresses, phone numbers, date of birth and title.
- Photographic ID in order to verify your age. This is a legal requirement because of the products we sell. We only use it for this purpose and do not store copies of this information.
- The password you set for your account, which we store in an encrypted format.
- Your payment information including card number and expiry date.
- Your direct debit information including account name, account number and sort code.
If you purchase membership of The Wine Society as a gift for someone, your details will be recorded (as will the recipient’s)
When you shop with us, browse or interact with our websites or attend one of our events, we may collect:
- Payment information in order to fulfil the orders you make. We are a PCI DSS compliant business, so your payment card information is stored securely by us.
- Information about your purchases and preferences (for example, what you have bought, the quantities, when and where you bought it and how you paid for it).
- Information about your online browsing behaviour and contributions on our websites, and information about when you click on one of our adverts or promoted content on third party websites, such as Google.
- Information about the devices you are using to access our online services (including the make, model and operating system, IP address, browser type and any mobile device identifiers).
- Your username when becoming a member of The Wine Society’s Community.
When you contact us or we contact you - or you take part in promotions, competitions, surveys or questionnaires about The Wine Society - we may collect:
- Personal data you provide about yourself anytime you contact us about your membership (for example, your name, Community username, order details and contact details) or other personal details, including by phone, email or post or when you speak with us through live chat or social media.
- Details of the mailings, emails and other digital communications we send to you.
- Your feedback and contributions to customer surveys and questionnaires (unless anonymised).
We may also use personal data from other sources, such as specialist companies that supply information and public registers in order to make sure we are trading legally and that you are getting the best service from us. For example, this other personal data helps us to:
- Ensure you are old enough to be sent marketing material relating to alcoholic products.
- Validate that you are old enough to purchase alcoholic products from us.
- Review and improve the accuracy of the data we hold.
- Improve and measure the effectiveness of our marketing communications, including online advertising.
We may also conduct research and analysis on the information that we hold, which can generate personal data. For example, by analysing our members’ and prospective members’ interests, we may be able to build a profile which helps us to decide which of our communications are of interest to members and prospective members.
We may use personal data to communicate with people to promote The Wine Society. The marketing data may include your name, email address, postal and billing address, phone number, date of birth, gender, title and the user ID of any connected social platforms. The legal basis is our legitimate interests, to ensure that we provide relevant and better services and enhancing our customer base.
3. How we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so, for example to comply with our legal and regulatory obligations, for the performance of a contract with you or to take steps at your request before entering into a contract, for our legitimate interests or those of a third party or where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights or interests. It is also to ensure that we provide relevant and better services and improve our customer base.
When you register as a member of The Wine Society by completing our application, you will be agreeing to the use of your personal information by us to administer your membership. This information will be used to:
- Provide and fulfil your orders, and refunds where necessary.
- Allow you to transfer wines to and access your Members' Reserves.
- Access tastings tickets and any other services you may purchase from us.
- Inform you about the performance of The Wine Society.
- Help to improve and develop our product offerings, member services, member experience, and the way we communicate with you.
When joining as a member of The Wine Society you become a shareholder in the co-operative and will receive important information relating to the business (e.g. notices of general meetings) and our products. If you do not want to receive this information, you can let us know by emailing firstname.lastname@example.org or calling Member Services on 01438 741177. We will use your personal information as appropriate, to process your application, set up and administer your account, to fulfil your orders, contact you as necessary with The Wine Society information and fulfil our legal and regulatory compliance responsibilities. Information about you is stored securely by us and will only be accessible to people that need to see it to carry out their job responsibilities.
Promotional communications and marketing
We may use your personal information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services. We may use a hashed (or anonymised) version of your email addresses to ensure that messages we post on third party sites (social media, for example) are targeted to a relevant audience.
We have a legitimate interest in processing your personal information for promotional purposes. This means we do not usually need your consent to send promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We may also use personal data to help us decide which of our communications are of interest to members and to prospective members. We evaluate, categorise and profile personal data in order to tailor goods, services and communications (included targeted advertising). This is to help us identify individuals who might be interested or willing to join The Wine Society. This also helps us ensure that our offers and services are marketed in a relevant and personalised way, to avoid sending irrelevant communications to our members and other individuals.
We always use your personal information with the utmost respect and never sell it to other organisations for marketing purposes.
You have the right to opt-out of receiving promotional communications at any time by contacting Member services on 01438 741177 or to unsubscribe from email click on the link at the bottom of the email.
Research and profiling
We may use personal data to undertake research and build profiles which enable us to understand our members, improve our relationship with them, and provide a better experience.
Profiling is gathering information about individuals or groups of individuals and understanding their characteristics or behaviours to learn more about their interests or likely behaviour.
We profile members in terms of financial status and lifestyle. For example, we keep track of the amount, frequency and value of each person’s purchases. This information helps us to ensure communications are relevant and timely and improve the experience our members receive. It also helps us identify individuals or groups of individuals who might be willing to join The Wine Society and we may contact them to see if they wish to do so.
You can opt out of having your personal information profiled in this way by contacting us (see above). We sometimes collect information on preferences and interests so that we know what communications you are mostly likely to be interested in.
Analysis, grouping and segmentation
We analyse our members to identify shared characteristics and preferences. We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. age or location) or lifestyle information (e.g. your interests and your affluence).
By grouping people together on the basis of common characteristics, we can ensure that groups are provided with communications, products, and information which is most important to them. This helps prevent your inbox from filling up, and means we are not wasting resources on contacting people with information which isn’t relevant to them.
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new members, or to identify trends or patterns within our existing members. This information helps inform our actions and improve our marketing, products and services.
Applying for a Job with us
If you are applying for a role at The Wine Society, any personal information that is provided in this process will only be used for the purpose of progressing your application. We will use your contact details to get in touch with you to progress the application and any other information to assess your suitability for the role for which you have applied. We do not share this information with anyone outside of The Wine Society. Your information will be kept for 6 months, unless it has been agreed with you that it can be retained for longer to be considered for any future roles with us. We will store your information securely and ensure only those involved in the recruitment process are able to access it.
4. Who we share your information with
To provide the best service to our members, we work with carefully selected third parties who are responsible for delivering certain functions on our behalf. We routinely share personal information with:
- third parties we use to help deliver our products and services to you, e.g. payment service providers, mailing service providers, warehouses and delivery companies;
- companies that help us with technology services;
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
- third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
- Our insurers, brokers, legal advisers and banks;
- External auditors.
We may share personal data with third party providers of services (for example Experian or similar organisations) or digital advertising or social media companies who work on our behalf, for example social media sites such as Facebook and Instagram. We may use these services for marketing, promotional, research or profiling purposes (see section 3 above). This is so you and others like you (lookalikes) are shown only relevant advertisements relating to us. We will also ensure that you are not provided with unnecessary marketing communications from us. If you choose not to see our advertisements, you can manage your preferences by using your social/digital advertising platform settings.
We will only share personal data that enables our third parties to provide their services. When we share your personal data with these providers, we require them to keep it safe and not keep it for any longer than they need to in order to perform their responsibilities.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. [We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.]
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
5. Where your personal information is held
Information may be held at our offices and those of our third-party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your information with’).
6. How long your personal information will be kept
We hold your information as a member for the duration of your membership. As our members are shareholders, we require a record of your contact information in order to communicate with you about the organisation.
Otherwise, we will not retain personal information for longer than necessary for the purposes set out in this Notice. When it is no longer necessary to retain your personal information, we will delete or anonymise it.
7. Keeping your information secure
We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
8. Your rights
We want to make sure that the personal data we hold about you is up to date and accurate. If any of the details are incorrect you can update them using your online account or by letting us know and we will amend them for you.
Under the terms of the current data protection legislation, you have the following rights:
- The right to be provided with a copy of your personal information (the right of access). Much of this information is already available in the My Account area of our website;
- The right to require us to correct any mistakes in your personal information (the right of rectification);
- The right to require us to delete your personal information in certain circumstances (the right to be forgotten);
- The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit the data to a third party (the right to data portability);
- The right to object (i) at any time to your personal information being processed for direct marketing (including profiling) and (ii) in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests (the right to object);
- The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you (the right not to be subject to automated individual decision making).
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please make a request in writing stating the purpose of your request, your name, share number and a contact address and phone number to:
The Company Secretary
The Wine Society
Gunnels Wood Road,
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulations also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
9. Changes to this Privacy Notice
We may change this Privacy Notice from time to time—when we do, we will inform you via a notice on our website.