Please note that any reference to Data Protection Law in this document includes the Data Protection Act 1998 and The General Data Protection Regulation (from its implementation) and all applicable laws and regulations relating to the processing of personal data and privacy from time to time, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other applicable supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.
For the purpose of Data Protection Law, we are the Data Controller in relation to the processing of your personal data arising from your use of our Website.
What Is Personal Data?
Personal data can be anything that relates to a living person. It includes obvious things like your name and address and date of birth but also includes things you might not think about, like your car registration number or your employee number.
Some information is deemed to be ‘special’ and needs more protection because of its sensitivity. Data Protection Law considers this type of information as information about your race, ethnic origin, your religious, philosophical or political beliefs, trade union membership, genetic data, biometric data, health information or information about your sexual orientation or your criminal history. We don’t generally process information that comes into the ‘special’ category via the Website.
We are required by law to treat all of your personal information legally and fairly.
What We Do With Your Personal Data And Our Legal basis For Processing Your Personal Data
We use personal data about you in the following ways:
Providing you with a service
We shall process personal data where this is necessary to allow you to use our services e.g. buy and sell alcohol and this will include communicating with you about this service and providing you with an account on our website. Our legal basis is that it is necessary to perform the contract we have with you as a customer or where it is necessary to take steps at your request with a view to entering into a contract with you.
Dealing with Enquiries
If you fill out a “make an enquiry” form then we capture personal data that you supply, such as your name, address, business name, e-mail address, home telephone number and work telephone number. We will use this personal data to respond to your enquiry. Our legal basis for processing your personal information is that we have a legitimate interest to process your personal data so that we can deal with your enquiry.
We may use your personal data to send you information about our services if you have consented to this at the point of collecting your data. In doing so we will add you to our marketing database and send you marketing materials from time to time according to your preferences. You have the right to withdraw your consent at any time by contacting firstname.lastname@example.org However please note that if you withdraw your consent, you will no longer be able to receive this information from us regarding our services.
Making a Payment
You have a choice of payment methods and further information on this can be found at www.whiskyauctioneer.com/getting-started-buying-whisky.
Some payments (including those made by Credit/Debit card) made to Whisky Auctioneer are completed by a Third Party Website. Where you use this method, Whisky Auctioneer shall not retain or process your Credit/Debit Card details. These are processed by a Third Party Website and are never viewed by or shared with Whisky Auctioneer.
Depending on your payment option, Whisky Auctioneer may retain some of your banking information. It is your responsibility to inform Whisky Auctioneer of any updates in banking details and ensure this information is always correct.
Our legal basis for processing this information is that it is necessary for the performance of our contract with you since payment is an essential part of any contract.
Some data is automatically collected when your browser connects to a website. This includes your IP Address, your computer’s Operating System and the type of Web Browser you used to access www.whiskyauctioneer.com. Whisky Auctioneer collects this data to identify patterns relating to the use of www.whiskyauctioneer.com and not data relating to any individual.
Technical Data – Cookies
- where cookies are essential to the operation of our Website;
- where cookies are used for personalisation features on our Website; and
- to gather statistics about how people use our Website.
You can disable cookies on your computer by modifying the settings on your browser. However, disabling Cookies may affect various services offered by www.whiskyauctioneer.com.
More information regarding our Cookies policy can be found at www.whiskyauctioneer.com/cookies-policy.
How We Collect Your Personal Data
We may collect your personal data in one or more of the following ways:
- directly from you when you raise a query with us;
- directly from you when you make a payment through our Website;
- from the devices you use when you use our service via Cookies; or
- directly from you when you consent to marketing.
Where We Store Your Personal Data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the personal data we collect via our Website.
Some of these measures include:
- using a reputable, accredited data centre in which to store your personal data;
- making sure the security within our office is stringent;
- making sure our staff and the staff of any third parties we use are subject to confidentiality obligations;
- providing staff with appropriate training in data protection;
- encrypting our services and data;
- reviewing our processes and activities regularly to make sure they are fit for purpose;
- restricting access only to those employees who need to know the information in order to deliver the service; and
- applying formal risk management to all of our activities.
All personal data you provide is stored on Whisky Auctioneer’s secure servers which are currently based in Ireland. Any payment transactions will be encrypted using SSL Technology. Where you have been provided or where you have chosen a password, User ID or PIN, you are responsible for keeping this information confidential. Do not share these credentials with anyone.
You accept that the transmission of information via the Internet is not completely secure. Whilst Whisky Auctioneer will do the utmost to protect your personal data we cannot ensure the security of your data when being transmitted to our site. Any transmission is undertaken entirely at your own risk. Once your information has been received, we will use strict procedures and security features to try and prevent any unauthorised access.
Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data. As above, we cannot be held responsible for the security of your personal data collected by websites that our site may link to. Such third parties shall have their own privacy notices and you should read these carefully.
Disclosure of Your Personal Data
We will not pass your personal data to anyone else outside Whisky Auctioneer without your permission, except;
- (i) where we are obliged by law or regulatory obligation we are subject to;
- ii) where we are required to share your information with any third parties who provide services on our behalf, in which case we shall take appropriate measures to ensure any such supplier has appropriate security in place to keep your information safe and we shall ensure we have appropriate contractual terms obliging them to keep the information safe.. The following services are carried out by a third-party service provider: web hosting services, courier services for delivery of goods purchased, payment processors, web analytical services to improve our Website; and web developers, provider of transactional email platform, and marketing platform providers e.g. who send out our marketing emails, Google Adwords;
- (iii) in order to enforce or apply our terms and other agreements with you;
- (iv) to protect the rights, property, or safety of our customers or others (including exchanging information with other companies or organisations for the purposes of fraud prevention and credit risk reduction); and
- (v) where some or all of our assets are purchased by a third party.
For the avoidance of doubt, we will never sell your information or disclose it for direct marketing purposes, unless you have explicitly consented to this.
Will we transfer your personal data outwith the EEA
If you have an online account with us, you can access this information (if you log into your account) from out side of the EEA, which technically means this is transferring your personal data out side of the EEA. However it will only be accessible by you and you should keep your password safe and secure. You acknowledge that this is necessary for the performance of the contract you have with us.
To deliver your goods that you have purchased via an auction, we require to provide your name and address to the courier services we use. If you are located outwith the EEA, this will involve an international transfer of your personal data. You acknowledge that this is necessary for the performance of the contract you have with us.
Also, some of our suppliers are based out side of the EEA e.g. the United States. We only use suppliers that we trust therefore in addition to having an appropriate supplier contract in place obliging them to keep your data secure, we shall also ensure any international transfer of personal data is in compliance with the requirements of GDPR. Key suppliers that are based out side of the EEA are:
- Mailchimp – we use them to send emails on our behalf and their servers are based in the US. To ensure they have adequate security in place, Mailchimp is a member of the EU-US Privacy Shield.
- Getfeedback Inc. - we use them to send customer surveys on our behalf and their servers are based in the US. To ensure they have adequate security in place, Getfeedback is a member of the EU-US Privacy Shield.
- Leadpages - we use them to construct landing pages to serve customers tailored information and options. Leadpages is committing to the EU Standard Contractual Clauses (SCCs) in their Data Processing Agreement, which covers the EU's requirements for international data transfer.
How Long We Will Keep Your Data For
We will follow our retention policy when assessing how long to store your personal data and shall only keep the information for as long as we need it to provide you with the requested information or service in line with this policy.
You have the following rights:
- You can withdraw your consent (where processing is based on consent), seek to restrict our processing of your personal data or, ask us to rectify any personal data we hold about you at any time by contacting us at email@example.com. If you withdraw your consent it does not effect the legality of the processing carried out by us before your withdrawal.
- You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/.
- You have the right to access personal data held by us about you. You can access your personal data and correct, update or delete it at any time by contacting us at firstname.lastname@example.org. We will then provide you with a copy of all your personal information that we hold about you. There will be no charge to you for us to provide this information.
- In certain circumstances you have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to allow you (or us on your behalf) to transmit this information to another party.
- In certain circumstances you have the right to ask us to erase the personal data we hold about you. Such circumstances include; (a) where we no longer need your personal data for any purpose; (b) if you withdraw your consent to our processing; (c) if we process the data unlawfully; or (d) where the personal data has to be erased to comply with legal obligation to which we are subject. To do this, you should submit a formal request of erasure to us by contacting us at email@example.com. We will consider any such request in line with Data Protection Law. Please note this is not an absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you. More information about your right of erasure can be found at https://ico.org.uk
- You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How To Contact Us