New label GOC

Our privacy policy


For more than three centuries, we’ve been building trusted relationships with our customers, producers and partners. The way we look after your personal data is at the heart of this.

This privacy policy is designed to clearly and simply explain how, when and why we collect personal information. It also covers what your rights are and how you can get in touch.



The type of personal information we collect

We keep the amount of data we collect to a minimum, only collecting enough to perform the functions described above. The information we collect is limited to the following:

  • Personal Identifiers and contact information, such as title, name, addresses, phone number and email address.
  • Transactional data, such as your order history, the wines you have stored with us, or your attendance at any our events, courses, or webinars.
  • Marketing and communications data, such as your preferences around when how you want to hear from us and what you want to hear from us about, as well as details of when you open marketing emails, and which links you access.
  • Feedback information, such as how you rated our products or customer service, or your responses to surveys/market research.
  • Dietary information.
  • Social identifiers, such as age, gender, socio-economic status.
  • Functional data such as registration and system data, as well as additional usage data
  • Payment information and bank details

Before you register with Berry Bros. & Rudd for access to services or transactional areas of our website, you can browse our website anonymously and we will not collect your data. Once you are registered and logged into your account, we may collect the following:

  • Technical information, including online identifiers, such as IP Address, browser type and version, time zone and location and operating system.
  • Information about your visit, such as times and location of log on or access, duration of sessions, clickstream and similar usage or system data.

    • How we collect your personal data

      Most of the personal information we process is provided to us directly by you, either via our website, or through correspondence via email, phone, or post. We will collect your personal data when you:

      • Make an enquiry or purchase our products and services.
      • Visit our website or register for an online account.
      • Sign up for a ballot or prize draw, either using an online form or via social media.
      • Attend an event, experience or private dinner, join one of our online experiences, or login to our guest WiFi.
      • Register to receive our newsletter or blog updates.
      • Provide feedback on our products or services or complete a survey/market research questionnaire.
      • If you speak to someone in our contact centre, we may record the telephone call.
      • If you visit one of our shops, events spaces or offices, your image may be recorded on CCTV, which is in operation for the safety of our staff and customers.

        • We also collect data via automated means, such as when you visit our website or use our app. We use cookies on our website to provide the best possible experience. You can find out more about how we use cookies in our Cookies Policy.

          Finally, we also receive personal information indirectly, from the following sources in the following scenarios:

          • When processing gift requests from customers where you are the recipient.
          • When you are referred to us via a referral scheme.
          • From 3rd parties who we have partnered with to deliver a product or service (you will always be informed if this is the case).
          • Personal identifiers or contact information from publicly available sources or data brokers.

            • What we use your personal data for

              We use your personal data not only to provide you with products and services, but to ensure that you receive the best possible experience and to improve and develop what we offer. More specifically, we use the information that you have given us in order to:

              • Fulfil contracts, orders and collect payment.
              • Resolve customer queries and complaints, monitor quality, and provide training to our staff.
              • Send you marketing communications, primarily via email but from time to time also by phone or post. If you wish to stop receiving some, or all, of our marketing communications, you can unsubscribe by going to the Your Preferences section in your online account and changing your ‘Mailing Preferences’, follow the instructions included in the footer of our emails or contact privacy@bbr.com.
              • Send you service-related emails relating to wine you have stored with us or how your account may be used or managed.
              • Improve your experience of our products and services and for product development.
              • Detect and prevent faults, breaches of our network security, the law or our contract terms.
              • Contact you to obtain feedback or perform market research.

                • We work with a small number of trusted 3rd party suppliers, such as logistics partners who help deliver our wine to you, or a digital agency who help maintain our website. We only enter into partnership with suppliers who sign data protection agreements limiting their use of personal data to fulfil their role, and we only ever share the minimum amount of data that they need.

                  We occasionally enter into event-based marketing agreements with other leading wine and spirits organisations where we are joint controllers. This means that both organisations are jointly responsible for your personal data and we are required to share it with them if you register for qualifying events. We will always let you know about this before you share any data with us and provide instruction on how you can request a copy of the agreement for your information.

                  We do not share your personal data with anyone else unless required to by law, and we never sell your personal data.

                  Upon request, and when relevant to a service you use, we can provide details of which third parties we work with.

                  The UK General Data Protection Regulation (UK-GDPR) requires that we always have a lawful basis before processing your personal information.

                  Therefore, we will only process your data if we have a contractual or legal obligation, a legitimate interest or where we have your consent. You can remove your consent at any time by contacting privacy@bbr.com.


                  How we store your personal information

                  The safety of your personal information is paramount, and therefore we take every reasonable precaution when it comes to how we store it.

                  We store the personal data you provide on cloud based or computer systems that have restricted user access and are in controlled facilities. When there is a need to transmit data over the internet, it is protected by encryption and or passwords. Where possible, we avoid storing paper records of personal data.

                  We have developed and implemented strict policies and processes governing information technology and data user behaviour. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage and back up, transmission standards and environment integrity. We use reasonable endeavours to install and have appropriate security measures in place in our systems and facilities to protect against the loss, misuse, or alteration of information that we have collected from you.

                  We will store your personal information for a minimum of six years plus the current financial year after your last transaction with us. This is because HMRC requires wine and spirit businesses such as ours to keep all business records concerning excise goods for this time period.

                  We will keep records of transactions for longer periods, but we will ensure that the data is anonymised.

                  We retain call recordings for no longer than 18 months.


                  International Data Transfers

                  In some cases, we (or our 3rd party data processors) may need to store, transfer, or process your personal data outside of the UK or the European Economic Area (EEA). Where this happens, we ensure adequate safeguards are in place so that your data is protected in line with both the UK and EU GDPR. This will usually mean one of the following:

                  • The country that the data is being transferred to has been deemed as having an adequate level of protection by the European Commission.
                  • We will put in place a contract with the recipient of your personal information that contains model clauses approved by the European Commission.

                    • Your rights regarding your personal information

                      We firmly believe that you should be in control of how your personal data is stored and used, and we will always happily honour all reasonable and proportionate requests from our customers. But it is important for you to know that data protection law provides you with the following legal rights:

                      • Your right of access - You have the right to ask us for copies of your personal information.
                      • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
                      • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
                      • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
                      • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
                      • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

                        • If you wish to make a request, then please contact us at privacy@bbr.com or call us on 0800 280 2440.

                          We will respond to any request as soon as possible but certainly within 30 days.


                          How you can contact us

                          We would be happy to discuss any questions that you might have about this privacy policy or how we process your personal information.

                          We have a team of subject matter experts working hard to look after your data. Principle amongst them is Steve Holmes, Head of IT Security.

                          You can get in touch with us by one of the following means:

                          • By Email: Via privacy@bbr.com or submitting a form via the Contact Us on our website.
                          • By Phone: Call us on 0800 280 2440.
                          • By Post: Write to us at the following address: Privacy Team, Berry Bros. & Rudd, Hamilton Close, Houndmills, Basingstoke, Hampshire, RG21 6YB

                            • Our registered company details are as follows:

                              Berry Bros. & Rudd Limited, Company Number 05490962, ICO notification number Z9611515; BB&R Limited (trading as Berry Bros. & Rudd), Company Number 05492886, ICO notification number Z9367033

                              Registered office address: 3 St James’s Street, London, SW1A 1EG


                              How you can make a complaint

                              The best way to contact us if you have any concerns about how we use your data is by sending an email to privacy@bbr.com.

                              Whilst we would appreciate the chance to resolve your issues or concerns ourselves, it is important that you know you have the right to lodge a formal complaint with a supervisory authority at any time – in the UK this is the ‘Information Commissioner’s Office’, or ICO.

                              You can find out more about the ICO on their website: https://www.ico.org.uk

                              If you want to contact the ICO, you can call their helpline on 0303 123 1113 or write to them on the following address:

                              Information Commissioner’s Office
                              Wycliffe House
                              Water Lane
                              Wilmslow
                              Cheshire
                              SK9 5AF


                              International Data Protection Regulations

                              For EU Citizens

                              Berry Bros. & Rudd continues to be compliant with EU GDPR and EU citizens have the same rights as stated above. If you wish to contact us about exercising these rights, please email privacy@bbr.com.

                              If you wish to make a complaint however, you may prefer to contact a supervisory authority within the EU. Berry Bros. & Rudd has a presence in the EU member states of both Ireland and France.

                              Therefore, we recommend that you either contact The Data Protection Commission (DPC), the supervisory authority in Ireland, or the CNIL, the supervisory authority in France.


                              For California Residents

                              The California Consumer Privacy Act of 2018 (CCPA) gives California residents certain rights regarding the personal information that businesses collect about them. These rights are:

                              • The right to know about the personal information a business collects about them and how it is used and shared.
                              • The right to delete personal information collected from them (with some exceptions).
                              • The right to opt-out of the sale of their personal information.
                              • The right to non-discrimination for exercising their CCPA rights.

                              If you wish to contact us in order to exercise any of these rights, then please email us on privacy@bbr.com, referring to the CCPA. We will respond to your request within 45 days.

                              We never sell your personal data.


                              Changes to this Privacy Policy

                              This privacy policy is regularly reviewed and updated at least once every 12 months. Any changes to the policy will be posted on this page.

                              If you are a BB&R customer, we will notify you of any changes which result in a significantly different or new use of your data and give you the option to agree to the new use.

                              The policy was last updated on 24/05/2021

                               

                              Back to top - Back to homepage