Nyetimber | Privacy
PRIVACY POLICY & COOKIES STATEMENT

Introduction

Nyetimber respects your privacy and is committed to protecting your personal data. This Privacy Policy (“Policy”) explains how we collect and process your personal data when you visit our webstore www.nyetimber.com, your privacy rights, and how the law protects you.

This Policy describes:

  • what information we may collect about you
  • how we will use the information we collect about you
  • when we may use your details to contact you
  • whether we will disclose your details to anyone else
  • your choices regarding the personal information you provide to us
  • the use of cookies on Nyetimber websites and how you can reject cookies

We are committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the European General Data Protection Regulation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 repealing Directive 95/46/EC, also known as the “GDPR” (these laws are referred to collectively in this Policy as the “data protection laws”).

Who We Are

This Policy is issued on behalf of the Nyetimber Group of Companies, so when we mention “NYETIMBER”, “we”, “us” or “our” in this Policy, we are referring to the relevant company in the Nyetimber Group responsible for processing your data. Nyetimber Limited (reg. no. 05509845), with registered address at Nyetimber Vineyard, Gay Street, West Chiltington, West Sussex, RH20 2HH is the controller and responsible for this website.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

We are registered as a Data Controller under the Data Protection Act 2018 with the Information Commissioner’s Office under registration number Z9428118.

Scope

This Policy applies to anybody who browses our webpage(s) or who provides personal data via our webstore portal at www.nyetimber.com (our “Website”). It also applies to those who request communication via our Website, orders products via our Website, those who post material on our Website, and to personal data processed in pursuit of our own marketing and business development efforts. We may also ask you for personal data when you report a problem on our Website.

This policy does not apply to the personal data of our Job Applicants, Employees, Agents and Contractors.  The fair, lawful and secure processing of these types of data is governed by other company policies outside the scope of this Policy.

This Website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Policy supplements other notices and privacy policies and is not intended to override them.

Changes to this Policy

We reserve the right to amend this Policy from time to time. This version of the Policy was last updated on 1 April 2019. We will publicise any updates to this Policy by way of our Website.

We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal data held by us to the prospective seller or buyer of such business or assets.

Acknowledgement

By submitting personal data to Nyetimber you acknowledge and accept the practices described in this Policy.

We will endeavour to bring this Policy to your attention every time we ask for your personal information and we will seek your specific consent whenever this is required.

Personal Data we collect from you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity concerned has been removed.

We may collect (and subsequently use, store and transfer) the following personal data about you:

  • when you sign up for our newsletter, e.g. your name, email address and county;
  • your name and contact details when making an enquiry, or registering as a customer, or otherwise submit data via this Website;
  • when you place an order with us for our products: your name and delivery address, contact details (email address, phone number) and bank and payment details;
  • when you browse this Website: technical data including internet protocol (IP) address, browser type and settings and other information about your device (for more information on Nyetimber’s use of Cookies, see here);
  • your marketing preferences, which may be adjusted or withdrawn at any time;
  • information you provide when you complete surveys or enter competitions or enrol in promotional events;
  • information about your use of our Website and apps;
  • when you make a data subject access request.

You are not obliged to provide your personal data to us, but if you fail to provide personal data required to allow us to fulfil our contract with you, for example a delivery order for our products, we may not be able to carry out the contract and may have to cancel the relevant order or service in these circumstances.

Processing Activities

We will only use your personal data when the law allows us to. The following schedule summarises the types of data processing activities we will undertake in relation to personal data subject to this policy:

Information we Process Purposes for Processing Legal Basis for Processing
Any personal data you provide to us on or after registration, such as names, contact details, occupation, purchase history, etc. (1) To facilitate the delivery of the services offered on this Website by:· establishing and maintaining contact between us and you;·to provide you with information regarding products or services reflecting your preferences and which we feel may interest you;·to process and deliver your orders, including managing payments, fees and charges;·providing training and receiving feedback;·any other requests you may have as a user of this Website.

(2) To deliver promotional materials when:·       specifically requested;·consent is given by way of your marketing preferences;·authorised in the context of a specific request.

(3) To allow you to participate in competitions, prize draws, surveys or special features of our Service, if you choose to do so;

(4) To notify you about changes to our services and policies;

(5) To publish reviews and testimonials;

(6) To promote security and good practice on the Website, to investigate suspicious activity, and to ensure the Website is being used for legitimate purposes.

(1) The performance of our contractual obligations to our Customers.

(2) The performance of our contractual obligations to users of this Website.

(3) Your consent (private individuals) or our legitimate interests, specifically the pursuit of our own marketing and business development efforts.

Information you generate when you visit our Website or our apps To:(1) Ensure that content from our Website is presented in the most effective manner for you and your device;(2) to administer and protect our business and the Website, including troubleshooting, data analysis, testing, system maintenance, reporting and hosting od data;(2)  provide and/or enhance functionality on our Website;(3) analyse the performance of our Website;(4) to use data analysis to improve our products and customer experience, marketing, customer relationships;(5) deliver relevant marketing from time to time from us and our partners. Our legitimate interests, namely monitoring and improving our Website and level of service to customers, and your consent whenever required.

Marketing Preferences

You will only receive marketing communications from us if you have signed up for our newsletter or requested to receive marketing communications from us in the past.

We will ask for your express opt-in consent before we share your personal data with any third party for marketing purposes.

You may ask us to stop sending you marketing messages by clicking on the “unsubscribe” link in our marketing messages. You may also opt out of marketing at any time by sending an email to gdpr@nyetimber.com.

Any opt out requests will not apply in respect of personal data provided to us for the purposes of fulfilling an order.

Disclosure to Third Parties

You understand and acknowledge that we use third party service suppliers to facilitate business transacted via this Website. These suppliers have given contractual undertakings that they will safeguard personal data disclosed to them in the course of providing such services in accordance with our instructions, and have agreed to be held liable in the event of any breach of data protection law for which they are responsible.

In addition to these suppliers, there are other third parties with whom we may need to share your personal information for the reasons set out below:

Third Party Purposes for Processing Legal Basis for Processing
Companies within our corporate group (including affiliates and ultimate beneficial owners), or who acquire a controlling interest in our business or its assets To facilitate the provision and promotion of our business and to monitor our business development. The performance or negotiation of the contractual relationship between us and our customers, and our legitimate interests, specifically the pursuit of our own marketing and business development efforts, and your consent whenever required by law.
Suppliers, such as payment merchants, software/IT systems and PR agencies To facilitate the provision, promotion and sale of our products via this Website. The performance or negotiation of the contractual relationship between us and our legitimate interests, specifically the pursuit of our own marketing and business development efforts.
Professional advisors, such as accountants and solicitors Only when necessary, and limited to what is necessary. Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations to users of this Website or in relation to enforcing or defending legal claims.
Competent authorities, such as regulatory authorities, the Police and HMRC Only when compelled to and/or when under an obligation to do so. Compliance with legal obligations, such as for the purposes of fraud reporting or other criminal activity, or in order to apply or enforce our [HYPERLINK TO TERMS AND CONDITIONS].

Your Data Subject Rights

We are committed to guaranteeing the statutory rights of individuals.  If you send us a request regarding your rights under data protection law, we will respond within 30 calendar days of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further 60 days.

The persons to whom this Policy applies are under no statutory or contractual obligation to provide personal data to Nyetimber. However, should you decide to submit personal data to us, you will have the following rights, as a data subject, under data protection law as summarised below:

the right to be informed the right to access the right to rectification
 the right to erasure  the right to restrict processing  the right to object to profiling
 the right to data portability the right to complain to the Information Commissioner’s Office  the right to withdraw consent (e.g. to direct marketing)

Please note these rights may not always apply, for example if fulfilling your request would require us to reveal personal data relating to another user, or if you ask us to delete information which we are required by law to keep or have a compelling legitimate interest in keeping.  If this is the case, then we will let you know at the same time as we respond to your request.

Nyetimber does not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.

Detailed information on the content and the means to exercise your rights is provided by the United Kingdom’s Information Commissioner’s Office, available here.

Retention Period

In respect of personal data within the scope of this Policy, we will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. It is your responsibility to inform Nyetimber of any material changes to your personal data to ensure it is accurate. Outdated personal data will be periodically deleted in accordance with our internal data retention policies.

Security Measures

We have taken appropriate technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake.  Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

It is your responsibility to keep the password provided to you on registration secure and confidential at all times. We will not be held liable for any breach of data protection law arising from your improper use of the Website, or due to your password details being disclosed to any third party. In the event you have reason to believe your interactions with us are not secure, or the integrity of your login has been compromised, please contact us immediately.

International Transfers

Neither we nor any of our data processors transfer personal data to countries outside of the European Economic Area.

Cookies Policy

Our Website uses cookies. By using our Website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies are very easy to delete and block.

We use cookies for the following purposes:

  • authentication – we use cookies to identify you when you visit our Website and as you navigate our Website;
  • status – we use cookies to help us to determine if you are logged into our Website;
  • personalisation – we use cookies to store information about your preferences and to personalise the Website;
  • security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our Website  generally;
  • analysis – we use cookies to help us to analyse the use and performance of our Website;
  • cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.

Our service providers use cookies and those cookies may be stored on your computer when you visit our Website.

Like most modern websites we use Google Analytics to analyse the use of our Website. We also use Social Media buttons to connect our visitors to their social accounts on Facebook, LinkedIn and others. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google’s privacy policy is available at: www.google.com/policies/privacy. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

Most, if not all, browsers allow you to refuse to accept cookies by adjusting your settings. For example: (1) in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector; (2) in Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.

You can also delete cookies already stored on your computer: (1) in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835); (2) in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you “clear private data” (this setting can be changed by clicking “Tools”, “Options” and “Settings” in the “Private Data” box) and then clicking “Clear private data” in the “Tools” menu.

Doing this may have a negative impact on the usability of many websites. In the case of our Website, disabling cookies means its functionality will be impaired.

Contact

In relation to any queries about this Policy or any other data protection matters, please email our DPO at gdpr@nyetimber.com.

May 2019
© Nyetimber Limited. Registered in England No. 05509845.
VAT NUMBER GB 945 7803 88. Registered Office: Nyetimber Vineyard, Gay Street, West Chiltington, West Sussex, RH20 2HH