Privacy & Cookies Policy
Introduction
Thirst LC Ltd. t/a Caubet Wines (“We” “Us” “Caubet Wines”) takes protection of your data seriously and we make sure that we adhere to all of the current data protection regulations so you can rest assured that your information is protected.
Who we are?
In compliance with the requirements of the General Data Protection Regulation (GDPR) Caubet Wines is registered in Ireland, company number: 591637 with a registered group address at 5 Dunville Grove, Athlumney, Navan, Co. Meath, Ireland.
If you would like to contact us about our data protection processes or any aspect of this statement, you can do so by email to
info@caubetwines.com
or by post to
Data Protection, Caubet Wines, 5 Dunville Grove, Athlumney, Navan, Co. Meath, Ireland.
1. What information do we collect?
For the purposes of better serving our customers, Caubet wines collects the following information when you provide us with it, in the course of placing an order, making an enquiry or a complaint, sharing a testimonial or visiting our website or social media channels.
1.1. Name & Contact details including:
1.1.1. Name and Title
1.1.2. Address
1.1.3. Phone number
1.1.4. Email
1.2. Payment card details
1.3. Transaction data including:
1.3.1. Details about payments from and to you
1.3.2. Details of your orders
1.4. Technical data including:
1.4.1. Internet Protocol Address
1.4.2. Your timezone, language and location settings
1.4.3. Your operating system and device type
1.4.4. Your browser
1.5. Third Party sources
1.5.1. Social Media identifiers (Facebook, Twitter, Instagram, YouTube, Linkedin)
1.5.2. Identity and contact data from publicly available sources
2. How is your data collected?
We use different methods to collect data from and about you including through:
2.1. Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
2.1.1. purchase product
2.1.2. request marketing materials to be sent to you
2.1.3. enter a competition, promotion
2.1.4. give us feedback
2.1.5. attend an event and engage with us
2.2. Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies, (for more information see our Cookie Policy) this Technical Data may include:
2.2.1. Details of your usage patterns, the content that you view and interact with including information on the services and applications you are using in-device to personalise services to your specific needs. For example, when you use our websites, we may collect information about your visit, such as your browser software, which pages you view and which items you ‘clicked’ on.
2.2.2. Server logs, which hold technical information about your use of our website, such as your IP address, device ID(s), domain, device and application settings, errors and hardware activity. We may use your IP address to determine your location/country of origin.
2.2.3. Device Information such as your device ID(s), including information about where your device is physically located. For example, when you are using a geo-location service or application and you have given consent to your location being shared.
2.3. Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
2.3.1. Financial and Technical Data from parties such as:
2.3.1.1. analytics providers based outside the EU;
2.3.1.2. search information providers based outside the EU.
2.3.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services based outside and inside the EU.
2.3.3. Identity and Contact Data from publicly availably sources such as Companies House based inside the EU.
2.3.4. Identity and Contact Data from social media if you (i) interact with any of our social network pages or applications; or (ii) contact us via one of our social networks, we may receive information relating to your social network accounts. For instance: If you click on a ‘like’, ‘share’ ‘comment’ or ‘tweet’ or similar button in one of our social media feeds, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you.
3. How do we use personal information?
Caubet Wines uses the personal information you share with us for the following purposes:
|
Purpose/Activity
|
Type of data
|
Lawful basis for processing including basis of legitimate interest
|
|
To register you as a new customer
|
(a) Identity (b) Contact
|
Performance of a contract with you
|
|
To process your order including: (a) Manage payments, fees and charges; and (b) Collect and recover money owed to us; and (c) Provide you with a product or service you have requested or ensuring that you benefit from any relevant special offer or promotion (and to fulfil our obligations under any other agreement we may have with you) |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications
|
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
|
|
To provide you with checkout assistance when you use our applications and services (including any online/telephone payments). |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications
|
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to ensure that the products/services are delivered to you and to maintain our e-commerce stores error free)
|
|
To manage our relationship with you which will include: (c) Sending you customer communications (d) Sending order/fulfillment/refund notifications
|
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications
|
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation
|
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
(a) Identity (b) Contact (c) Technical
|
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud) (b) Necessary to comply with a legal obligation
|
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop such products/services, to grow our business and to inform our marketing strategy)
|
|
To make suggestions and recommendations to you about goods or services that may be of interest to you, including carrying out surveys to better understand your preferences.
|
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile
|
Necessary for our legitimate interests (to develop our products and services)
|
|
To prevent fraud and for investigation purposes, for example, using device information such as device ID(s) to check that a payment is not made fraudulently. |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Financial
|
Necessary to comply with a legal obligation
|
|
To create and manage customer database(s). We may do this for your and/or our convenience, to provide you with better, personalised services, content, marketing and adverts. |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Technical (f) Enquiry (g) Profile (h) Usage (i) Marketing and Communications |
Necessary for our legitimate interests (to ensure that we have optimal data management practices in place) |
1.1. General We may also use information we collect for the following general purposes:
1.1.1. Marketing communications
1.1.1.1. We may use your Identity, Contact, Technical, Usage and Profile Data to provide you with product and service updates, newsletters and other communications about existing and/or new products and services by post, email, telephone, in-device messaging and/or text message (SMS).
1.1.1.2. You will only receive marketing communications from us (i) if you have requested information from us; or (ii) purchased goods or services from us; or (iii) if you provided us with your details when you entered a competition or registered for a promotion and, in each case, if you have opted in for receiving such marketing.
1.1.1.3. We will get your express opt-in consent before we share your personal data with any third party company for marketing purposes.
1.1.2. Opting out of marketing communications
1.1.2.1. You can ask us or third parties to stop sending you marketing messages at any time by clicking the "unsubscribe" button at the bottom of the emails or by contacting us or such third parties at any time.
1.1.2.2. Where you opt out of receiving these marketing messages, such opt out will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
Please note that we may occasionally send you important information (including via email) about our products and services that you are using or have used including changes to applicable terms and conditions and/or other communications or notifications as may be required to fulfil our legal and contractual obligations. These important product and/or service communications are not affected by your opt-out of any marketing communications.
2. When do we share personal data? We may share your personal data with third parties in the following cases:
2.1. Service Providers
2.1.1. our payment services providers for services relating to our website and services to which you have subscribed which may be handled by our payment services providers, such as, without limitation, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/en-ie/privacy
2.1.2. our authorised data processors and service providers for the purposes of providing certain data processing services for us (acting as our authorised data processors). Examples of authorised data processors could include webplatform providers, email and survey engines and data analytics providers who process information on our behalf for the purposes outlined above. For example, we may use the services of third parties to personalise content, send emails, provide marketing assistance, process credit card payments, provide fraud checking services and provide customer services.
2.1.3. Our professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
2.1.4. To government bodies such as the Competition and Consumer Protection Commission (CCPC) and law enforcement agencies to prevent fraud, to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies.
3. Where do we store and process personal data?
3.1. All data submitted through the website (forms and membership data) is held on servers provided by Squarespace, located in the United States. You can find out more about how they comply with GDPR here.
4. How do we secure personal data?
While we cannot guarantee that unauthorised access will never occur, we can assure you that we take great care in maintaining the security of your personal data to prevent unauthorised access to it, through the use of appropriate technology and internal procedures.
We limit access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)
5. Cookies
5.1. Our websites use industry-wide technologies, such as “cookies”, to collect information about the use of our websites and email communications. For instance, these technologies may tell us which visitors clicked on key elements (such as links or graphics) on a website or email and recognise your browser the next time you visit our websites.
5.2. Cookies allow us to customise your experience to better match your interests and preferences, or to simply facilitate your signing in to use the services. Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored. However, if you block or erase cookies, we may not be able to restore any preferences or customisation settings you have previously specified, and our ability to personalise your online experience would be limited. Please refer to your browser instructions to learn more about these functions.
5.3. More information about our use of cookies can be found in our Cookies Policy.
6. How long do we keep your personal data for?
We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods. (see Contact Us below).
7. Access to your information and your rights
7.1. In this paragraph, we have provided a summary of the rights that you have under current data protection law. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
7.2. Your principal rights under data protection law are:
(a) the right to be informed;
(b) the right to access;
(c) the right to rectification;
(d) the right to erasure;
(e) the right to restrict processing;
(f) the right to object to processing;
(g) the right to data portability;
(h) the right to complain to a supervisory authority; and
(i) the right to withdraw consent.
7.3. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first electronic copy will be provided free of charge, but additional copies in specific formats may be subject to a reasonable fee.
7.4. You have the right to rectify any inaccurate personal data we hold about you and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
7.5. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
7.6. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
7.7. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
7.8. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7.9. You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.10. To the extent that the legal basis for our processing of your personal data is:
7.10.1. consent; or
7.10.2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
7.11. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.12. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
7.13. All such requests should be sent to info@visitsoutwestscotland.com
10. Our details
10.1. This website is owned and operated by Thirst LC Ltd. t/a Caubet Wines
10.2. Our principal place of business is in Navan, Co. Meath, Ireland.
10.3. You can contact us:
(a) by post, to 5 Dunville Grove, Athlumney, Navan, Co. Meath, Ireland.
(b) by email, to info@caubetwines.ie