This Policy describes:
We are committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the European General Data Protection Regulation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 repealing Directive 95/46/EC, also known as the “GDPR” (these laws are referred to collectively in this Policy as the “data protection laws”).
This Policy is issued on behalf of the Nyetimber Group of Companies, so when we mention “NYETIMBER”, “we”, “us” or “our” in this Policy, we are referring to the relevant company in the Nyetimber Group responsible for processing your data. Nyetimber Limited (reg. no. 05509845), with registered address at Nyetimber Vineyard, Gay Street, West Chiltington, West Sussex, RH20 2HH is the controller and responsible for this website.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
We are registered as a Data Controller under the Data Protection Act 2018 with the Information Commissioner’s Office under registration number Z9428118.
This Policy applies to anybody who browses our webpage(s) or who provides personal data via our webstore portal at www.nyetimber.com (our “Website”). It also applies to those who request communication via our Website, orders products via our Website, those who post material on our Website, and to personal data processed in pursuit of our own marketing and business development efforts. We may also ask you for personal data when you report a problem on our Website.
This policy does not apply to the personal data of our Job Applicants, Employees, Agents and Contractors. The fair, lawful and secure processing of these types of data is governed by other company policies outside the scope of this Policy.
This Website is not intended for children and we do not knowingly collect data relating to children.
We reserve the right to amend this Policy from time to time. This version of the Policy was last updated on 1 April 2019. We will publicise any updates to this Policy by way of our Website.
We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal data held by us to the prospective seller or buyer of such business or assets.
By submitting personal data to Nyetimber you acknowledge and accept the practices described in this Policy.
We will endeavour to bring this Policy to your attention every time we ask for your personal information and we will seek your specific consent whenever this is required.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity concerned has been removed.
We may collect (and subsequently use, store and transfer) the following personal data about you:
You are not obliged to provide your personal data to us, but if you fail to provide personal data required to allow us to fulfil our contract with you, for example a delivery order for our products, we may not be able to carry out the contract and may have to cancel the relevant order or service in these circumstances.
We will only use your personal data when the law allows us to. The following schedule summarises the types of data processing activities we will undertake in relation to personal data subject to this policy:
|Information we Process||Purposes for Processing||Legal Basis for Processing|
|Any personal data you provide to us on or after registration, such as names, contact details, occupation, purchase history, etc.||(1) To facilitate the delivery of the services offered on this Website by:· establishing and maintaining contact between us and you;·to provide you with information regarding products or services reflecting your preferences and which we feel may interest you;·to process and deliver your orders, including managing payments, fees and charges;·providing training and receiving feedback;·any other requests you may have as a user of this Website.
(2) To deliver promotional materials when:· specifically requested;·consent is given by way of your marketing preferences;·authorised in the context of a specific request.
(3) To allow you to participate in competitions, prize draws, surveys or special features of our Service, if you choose to do so;
(4) To notify you about changes to our services and policies;
(5) To publish reviews and testimonials;
(6) To promote security and good practice on the Website, to investigate suspicious activity, and to ensure the Website is being used for legitimate purposes.
|(1) The performance of our contractual obligations to our Customers.
(2) The performance of our contractual obligations to users of this Website.
(3) Your consent (private individuals) or our legitimate interests, specifically the pursuit of our own marketing and business development efforts.
|Information you generate when you visit our Website or our apps||To:(1) Ensure that content from our Website is presented in the most effective manner for you and your device;(2) to administer and protect our business and the Website, including troubleshooting, data analysis, testing, system maintenance, reporting and hosting od data;(2) provide and/or enhance functionality on our Website;(3) analyse the performance of our Website;(4) to use data analysis to improve our products and customer experience, marketing, customer relationships;(5) deliver relevant marketing from time to time from us and our partners.||Our legitimate interests, namely monitoring and improving our Website and level of service to customers, and your consent whenever required.|
You will only receive marketing communications from us if you have signed up for our newsletter or requested to receive marketing communications from us in the past.
We will ask for your express opt-in consent before we share your personal data with any third party for marketing purposes.
You may ask us to stop sending you marketing messages by clicking on the “unsubscribe” link in our marketing messages. You may also opt out of marketing at any time by sending an email to firstname.lastname@example.org.
Any opt out requests will not apply in respect of personal data provided to us for the purposes of fulfilling an order.
You understand and acknowledge that we use third party service suppliers to facilitate business transacted via this Website. These suppliers have given contractual undertakings that they will safeguard personal data disclosed to them in the course of providing such services in accordance with our instructions, and have agreed to be held liable in the event of any breach of data protection law for which they are responsible.
In addition to these suppliers, there are other third parties with whom we may need to share your personal information for the reasons set out below:
|Third Party||Purposes for Processing||Legal Basis for Processing|
|Companies within our corporate group (including affiliates and ultimate beneficial owners), or who acquire a controlling interest in our business or its assets||To facilitate the provision and promotion of our business and to monitor our business development.||The performance or negotiation of the contractual relationship between us and our customers, and our legitimate interests, specifically the pursuit of our own marketing and business development efforts, and your consent whenever required by law.|
|Suppliers, such as payment merchants, software/IT systems and PR agencies||To facilitate the provision, promotion and sale of our products via this Website.||The performance or negotiation of the contractual relationship between us and our legitimate interests, specifically the pursuit of our own marketing and business development efforts.|
|Professional advisors, such as accountants and solicitors||Only when necessary, and limited to what is necessary.||Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations to users of this Website or in relation to enforcing or defending legal claims.|
|Competent authorities, such as regulatory authorities, the Police and HMRC||Only when compelled to and/or when under an obligation to do so.||Compliance with legal obligations, such as for the purposes of fraud reporting or other criminal activity, or in order to apply or enforce our [HYPERLINK TO TERMS AND CONDITIONS].|
We are committed to guaranteeing the statutory rights of individuals. If you send us a request regarding your rights under data protection law, we will respond within 30 calendar days of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further 60 days.
The persons to whom this Policy applies are under no statutory or contractual obligation to provide personal data to Nyetimber. However, should you decide to submit personal data to us, you will have the following rights, as a data subject, under data protection law as summarised below:
|the right to be informed||the right to access||the right to rectification|
|the right to erasure||the right to restrict processing||the right to object to profiling|
|the right to data portability||the right to complain to the Information Commissioner’s Office||the right to withdraw consent (e.g. to direct marketing)|
Please note these rights may not always apply, for example if fulfilling your request would require us to reveal personal data relating to another user, or if you ask us to delete information which we are required by law to keep or have a compelling legitimate interest in keeping. If this is the case, then we will let you know at the same time as we respond to your request.
Nyetimber does not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.
Detailed information on the content and the means to exercise your rights is provided by the United Kingdom’s Information Commissioner’s Office, available here.
In respect of personal data within the scope of this Policy, we will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. It is your responsibility to inform Nyetimber of any material changes to your personal data to ensure it is accurate. Outdated personal data will be periodically deleted in accordance with our internal data retention policies.
We have taken appropriate technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
It is your responsibility to keep the password provided to you on registration secure and confidential at all times. We will not be held liable for any breach of data protection law arising from your improper use of the Website, or due to your password details being disclosed to any third party. In the event you have reason to believe your interactions with us are not secure, or the integrity of your login has been compromised, please contact us immediately.
Neither we nor any of our data processors transfer personal data to countries outside of the European Economic Area.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies are very easy to delete and block.
Most, if not all, browsers allow you to refuse to accept cookies by adjusting your settings. For example: (1) in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector; (2) in Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.
You can also delete cookies already stored on your computer: (1) in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835); (2) in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you “clear private data” (this setting can be changed by clicking “Tools”, “Options” and “Settings” in the “Private Data” box) and then clicking “Clear private data” in the “Tools” menu.
Doing this may have a negative impact on the usability of many websites. In the case of our Website, disabling cookies means its functionality will be impaired.
In relation to any queries about this Policy or any other data protection matters, please email our DPO at email@example.com.