For more than three centuries, we’ve been building trusted relationships with our customers, producers, and partners. The way we look after your personal data is at the heart of this.
The type of personal information we collect
We keep the amount of data we collect to a minimum, limited to the following categories:
•Personal Identifiers and contact information, such as title, name, addresses, phone numbers and email address.
•Transactional data, such as your order history, the wines you have stored with us, or your attendance at any our events, courses, or webinars.
•Marketing and communications data, such as your preferences around how you want to hear from us and your product and service interests, as well as details of when you open marketing emails, and which links you access.
•Feedback information, such as how you rated our products or customer service, or your responses to surveys and market research.
•Social identifiers, such as age, gender, socio-economic status.
•Functional data such as registration and system data, as well as additional usage data.
•Payment information and bank details.
Before you register with Berry Bros. & Rudd for access to services or transactional areas of our website, you can browse our website anonymously and we will not collect your data. Once you are registered and logged into your account, we may collect the following:
• Technical information, including online identifiers, such as IP Address, browser type and version, time zone and location and operating system.
• Information about your visit, such as times and location of log on or access, duration of sessions, clickstream and similar usage or system data.
How we collect your personal data
Most of the personal information we process is provided to us directly by you, either via our website, or through correspondence via email, phone, or post. We will collect your personal data when you:
•Make an enquiry or purchase our products and services.
•Visit our website or register for an online account.
•Sign up for a ballot or prize draw, either using an online form or via social media.
•Attend an event, experience, or private dinner, join one of our online experiences, or login to our guest WiFi.
•Register to receive our newsletter or blog updates.
•Provide feedback on our products or services or complete a survey or market research questionnaire.
•If you speak to someone in our contact centre, we may record the telephone call.
•If you visit one of our shops, events spaces or offices, your image may be recorded on CCTV, which is in operation for the safety of our staff and customers.
Finally, we also receive personal information indirectly, from the following sources in the following scenarios:
•When processing gift requests from customers where you are the recipient.
•When you are referred to us via a referral scheme.
•From 3rd parties who we have partnered with to deliver a product or service (you will always be informed if this is the case).
•Personal identifiers or contact information from publicly available sources or data brokers.
What we use your personal data for
We use your personal data not only to provide you with products and services, but to ensure that you receive the best possible experience and to improve and develop what we offer. More specifically, we use the information that you have given us in order to:
•Fulfil contracts, orders and collect payment.
•Resolve customer queries and complaints, monitor quality, and provide training to our staff.
•Send you marketing communications, primarily via email but from time to time also by phone or post. If you wish to stop receiving some, or all, of our marketing communications, you can unsubscribe by going to the Your Preferences section in your online account and changing your ‘Mailing Preferences’, follow the instructions included in the footer of our emails or contact email@example.com.
•Send you service-related emails relating to wine you have stored with us or how your account may be used or managed.
•Improve your experience of our products and services and for product development.
•Detect and prevent faults, breaches of our network security, the law, or our contract terms.
•Contact you to obtain feedback or perform market research.
We work with a small number of trusted 3rd party suppliers, such as logistics partners who help deliver our wine to you, or a digital agency who help maintain our website. We only enter into partnership with suppliers who sign data protection agreements limiting their use of personal data to fulfil their role, and we only ever share the minimum amount of data that they need.
We occasionally enter into event-based marketing agreements with other leading wine and spirits organisations where we are joint controllers. This means that both organisations are jointly responsible for your personal data, and we are required to share it with them if you register for qualifying events. We will always let you know about this before you share any data with us and provide instruction on how you can request a copy of the agreement for your information.
We do not share your personal data with anyone else unless required to by law, and we never sell your personal data.
Upon request, and when relevant to a service you use, we can provide details of which third parties we work with.
The UK General Data Protection Regulation (UK-GDPR) requires that we always have a lawful basis before processing your personal information.
Therefore, we will only process your data if we have a contractual or legal obligation, a legitimate interest or where we have your consent. You can opt out of data processing or remove your consent at any time by contacting firstname.lastname@example.org.
How we store your personal information
The safety of your personal information is paramount, and therefore we take every reasonable precaution when it comes to how we store it.
We store the personal data you provide on cloud-based computer systems that have restricted user access and are in controlled facilities. When there is a need to transmit data over the internet, it is protected by encryption and or passwords. Where possible, we avoid storing paper records of personal data.
We have developed and implemented strict policies and processes governing information technology and data user behaviour. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage and back up, transmission standards and environment integrity. We use reasonable endeavours to install and have appropriate security measures in place in our systems and facilities to protect against the loss, misuse, or alteration of information that we have collected from you.
We will store your personal information for a minimum of six years plus the current financial year after your last transaction with us. This is because HMRC requires wine and spirit businesses such as ours to keep all business records concerning excise goods for this time period.
We will keep records of transactions for longer periods, but we will ensure that the data is anonymised.
We retain call recordings for no longer than 18 months.
International Data Transfers
In some cases, we (or our 3rd party data processors) may need to store, transfer, or process your personal data outside of the UK or the European Economic Area (EEA). Where this happens, we ensure adequate safeguards are in place so that your data is protected in line with both the UK and EU GDPR. This will usually mean one of the following:
•The country that the data is being transferred to has been deemed as having an adequate level of protection by the European Commission and the ICO.
•We will put in place a contract with the recipient of your personal information that contains model clauses approved by the European Commission and the ICO.
Your rights regarding your personal information
We firmly believe that you should be in control of how your personal data is stored and used, and we will always happily honour all reasonable and proportionate requests from our customers. But it is important for you to know that data protection law provides you with the following legal rights:
- Your right of access - You have the right to ask us for a copy of all the personal information we hold on you.
- Your right to rectification - You have the right to ask us to correct personal information that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you wish to make a request, then please contact us at email@example.com or call us on 0800 280 2440.
We will respond to any request as soon as possible but certainly within 30 days.
How you can contact us
We have a team of subject matter experts working hard to look after your data. Principle amongst them is Richard Hulin, Customer Data Manager.
You can get in touch with us by one of the following means:
- By Email: Via firstname.lastname@example.org or submitting a form via the Contact Us on our website.
- By Phone: Call us on 0800 280 2440.
- By Post: Write to us at the following address:
Berry Bros. & Rudd
Our registered company details are as follows:
Berry Bros. & Rudd Limited, Company Number 05490962, ICO notification number Z9611515; BB&R Limited (trading as Berry Bros. & Rudd), Company Number 05492886, ICO notification number Z9367033
Registered office address: 3 St James’s Street, London, SW1A 1EG
How you can make a complaint
The best way to contact us if you have any concerns about how we use your data is by sending an email to email@example.com.
Whilst we would appreciate the chance to resolve your issues or concerns ourselves, it is important that you know you have the right to lodge a formal complaint with a supervisory authority at any time – in the UK this is the ‘Information Commissioner’s Office’, or ICO.
You can find out more about the ICO, including the best method to contact them, on their website: https://www.ico.org.uk
International Data Protection Regulations
For EU Citizens
Berry Bros. & Rudd continues to be compliant with EU GDPR and EU citizens have the same rights as stated above. If you wish to contact us about exercising these rights, please email firstname.lastname@example.org.
If you wish to make a complaint however, you may prefer to contact a supervisory authority within the EU. Berry Bros. & Rudd has a presence in the EU member states of both Ireland and France.
Therefore, we recommend that you either contact The Data Protection Commission (DPC), the supervisory authority in Ireland, or the CNIL, the supervisory authority in France.
For California Residents
The California Consumer Privacy Act of 2018 (CCPA) gives California residents certain rights regarding the personal information that businesses collect about them. These rights are:
•The right to know about the personal information a business collects about them and how it is used and shared.
•The right to delete personal information collected from them (with some exceptions).
•The right to opt-out of the sale of their personal information.
•The right to non-discrimination for exercising their CCPA rights.
If you wish to contact us in order to exercise any of these rights, then please email us on email@example.com, referring to the CCPA. We will respond to your request within 45 days.
We never sell your personal data.
If you are a BB&R customer, we will notify you of any changes which result in a significantly different or new use of your data and give you the option to agree to the new use.
The policy was last updated on 21/03/2023