We, Slurp Wine Company Limited (UK Company 10724589 whose registered offices are at 2 Riverside, Tramway Road, Banbury, Oxon OX16 5TU) are committed to respecting and protecting our customers' privacy and we want you to understand our policies regarding your personal data.
This was last updated on 24.09.2022.
Slurp Wines is committed to protecting and respecting our customers' data.
This policy sets out the different areas where your privacy is concerned and outlines your and our obligations and requirements in relation to the data you provide to us when using the website ("www.slurp.co.uk"). Furthermore, this policy also describes the way we process, store and protect your data and information.
This policy applies where we are acting as a data controller with respect to your personal data (personal data means any information about you from which you can be identified) and where we determine the purposes and means of the processing of such personal data. It captures personal data entered across all channels: through our website, and when you call us or email us.
This policy relates to personal information that identifies “you” meaning customers or potential customers, suppliers, individuals who browse our website and other individuals outside our organisation with whom we interact.
This policy is not intended for children and we would never knowingly collect personal data relating to children.
By using the marketing preferences functionality in your online account, you can specify whether you would like to receive direct marketing communications, including participation in the Slurp rewards and limit the use of your information. You can access and update your marketing preferences by logging into your account here or by simply contacting us.
How to contact us
If you need to contact us in connection with our use or processing of your personal data, or gain access to it, then you can contact us here, you can email us at firstname.lastname@example.org or you can call us at +44 (0) 1295 672 290.
Categories of personal data
In this section we outline the categories of personal data which we may collect, use, store, share and transfer. It does not include data where the identity has been removed (anonymous data). Usually the personal data we process falls into one or more of the following categories:
Identity Data this includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
Contact Data this includes billing address, delivery address, email address and telephone numbers.
Order, Account and Billing Data this includes information relating to your account and transactions (including payment) with us and information which we need to fulfil your order, such as Identity Data and Contact Data as well as bank account or card details, information which we collect for the purposes of the prevention of fraud, purchase history, some of which we may not receive directly as it may be collected by payment processors;
Internal Social Data this includes information that you post for publication on our website such as product ratings and reviews;
Usage Data this includes information about your use of our website and reaction to our emails and services, such as your device type and ID, IP (internet protocol) address, geographical location, browser type and version, operating system, length of visit, page views and website pages viewed, as well as information about the timing, frequency and pattern of your use;
Communication Data this includes information contained in any communication, enquiry or complaint you submit to us regarding goods and/or services and personal data we create or capture about you in relation to the same (such as where we make a written record of a complaint made about a delivery so that we can take steps to address the complaint) as well as any information in any survey you complete for us;
Marketing Data this includes your advertising preferences, such as your preferences in receiving marketing materials from us and/or our third parties (such as our media and marketing agencies), your name, email address, billing address, phone number, date of birth, gender, and the user ID of any social platforms you have connected with us on;
Audio and Visual Data this includes personal data which is gathered using our CCTV (which is in operation in office and warehouse) or other recording systems in the form of images, video footage and sound recordings that is taken by us for promotional or security purposes; and
Aggregated Data we also obtain and use aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your personal data
We will only collect and use personal data about you in order to:
1. perform our contractual obligations to you. This would include:
- to register you as a new customer;
- to accept your orders;
- delivering your orders to you;
- making or receiving payments;
- collecting and recovering money owed;
- supplying the purchased goods or services and keeping proper records of those transactions; and
- updating you on the progress of your order;comply with our own legal and industry obligations. This would include processing your date of birth data for the purposes of confirming you are 18 or over and therefore legally able to purchase alcohol;
2. administer and run our business. This would include processing your Internal Social Data:
- for the purposes of publishing on our website (or social media channels such as Facebook, Twitter, Instagram etc); and
- in our marketing materials to help us tell other customers about our products and services;
3. use data analytics (including Google Analytics and email services providers), to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences. This would include processing your Usage Data for the purposes of analysing the use of the website, emails and services;
4. manage our relationship with you including:
- to notify you if you have asked us to let you know when an item is back in stock;
- where you have paid with a gift card and there is a balance remaining, to remind you that the balance will be available as a credit to use on further purchases;
- if you have opened an account with us, to confirm your registration;
- contacting you if you have asked us to contact you by completing a Contact Form via our website;
- contacting you if you have asked for a password reminder or reset;
- to send you important notices such as communications about changes to our terms and conditions and policies (including this policy);
- to send you information you have requested;
- to email you when you have placed items in your shopping basket but not proceeded to payment;
- to ask you to leave a review or feedback on us; and
- to respond to, provide clarification on, resolve issues in relation to, or otherwise communicate with you in relation to, any enquiry you may have;
- if you are participating in our rewards program, points that have been rewarded, what your balance may be, if points are getting close to expiring, if you are close to reaching a new reward or if you have redeemed points for a reward;
5. make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising. This would include advertising our products and services to you on social media sites such as Facebook, Twitter, Instagram etc. We may also use Marketing Data to exclude you from seeing advertisements from such third party websites;
6. communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;
7. protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
9. to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same).
We may process any of your personal data identified in this policy where necessary for the establishment, investigation, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage or obtaining professional advice.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to deliver products to you). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Personal data about other people which you provide to us
Please do not supply any other person’s personal data to us, unless we prompt you to do so. If you do share personal data about someone else (such as the recipient of a gift) with us, you must ensure you have their authorisation, that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this policy.
Where you do share personal data about someone else with us, you must ensure the individual concerned is aware of the various matters detailed in this policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
The sources from which we obtain your personal data
We obtain your personal data from the following sources:
- Directly from you, either in person, via e-mail, our website or by telephone or via handheld personal devices. This includes personal data you provide when creating an account with us, requesting marketing, placing orders, entering competitions, promotions or surveys or giving feedback;
- Via automated technologies, such as CCTV or other recording systems, when you interact with our website, cookies, server logs and other similar technologies;
- From someone else, such as analytics providers (e.g. Google Analytics), our provider of customer feedback, advertising networks, search information providers, providers of technical, payment and delivery services, providers of social media platforms (such as Facebook, Twitter and Instagram) (for example where you share our content through social media, for example by liking us on Facebook or following us on Instagram).
Accuracy of personal data
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Providing your personal data to others
We do not, and will not, sell any of your personal data to any third party.
We may disclose your personal data with the following categories of companies as an essential part of being able to provide our goods and services to you, as set out in this policy:
- to any member of our group of companies who may process data on our behalf to enable us to carry out our usual business practices for the purposes, in particular Freixenet Copestick Ltd. or Bolney Wine Estate Ltd., regarding logistics services, customer services services, some limited marketing functions, or for general administrative purposes and on the legal bases, set out in this policy.
- to our insurers and professional advisers (such as accountants, bankers, insurers, auditors and lawyers) insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage or obtaining professional advice;
- to companies such as Facebook, Twitter, Instagram and other companies which you choose to interact with, including where those companies operate plugins or content on our website;
- to companies that do things to get your orders to you, such as warehouses, order packers and delivery companies;
- to third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- to HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
- to law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
- If applicable, to postal printing companies in order to deliver news and offers to you, as well as email service & marketing tool providers that help us to enable our marketing; and
- to our card payment service providers (including PayPal) to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our lawful basis for processing your personal data
We are required by law to have a lawful basis to process your personal data for the purposes set out in this policy.
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
- the processing is necessary in order for us to comply with our legal obligations (such as alcohol legislation);
- the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
- processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
- the provision of goods and services;
- the recovery of debt;
- the provision of administration and / or IT services;
- the security of our IT network;
- the prevention of fraud;
- marketing of goods and services and promotion of our businesses;
- the study in how to develop and the update of our products and services;
- the development of our business strategy;
- protecting our business and property.
5. the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises; or
6. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out above in this policy to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
Transfers outside the United Kingdom
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom, including in the European Economic Area. In connection with such storage, processing and transfers we will seek to ensure that:
- the transfer is to a country that the United Kingdom has decided provides an adequate level of protection such as to a country approved by the United Kingdom;
- there are appropriate safeguards in place such as ensuring that all our group companies follow the same rules when processing your personal data (called binding corporate rules) or putting in place standard data protection contractual clauses between us and the recipient (often called the model contractual clauses). A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in this policy; or
- one of the derogations for specific situations under the law applies, examples could include where you have explicitly consented to the transfer or the transfer is necessary for the performance of a contract or exercise or defence of legal claims.
We will take all reasonable steps to ensure your information is treated securely and in line with this policy. You acknowledge that personal data that you submit for publication through our website, for example product reviews, may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
How long we retain your data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will however retain your personal data whilst you are an active customer (in other words, you purchase products from us) for as long as is needed to give you the best possible service.
Where you have not placed an order (sale, refund or other payment) with us for seven years, we will anonymise your personal data provided you have not otherwise interacted with us for five years. For the purposes of this policy, an interaction is defined as an identifiable website session, contacting our customer service team, contacting us in store or via telephone or email. We will inform you before we anonymise your data and give you the option for us to retain your details in order to continue to serve you.
In all instances outlined above, the process of anonymising your data may take up to one calendar month.
In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
Any anonymised Internal Social Data which is stored in an unstructured format (such as reviews) will not be deleted unless requested by you.
You have a number of rights in respect to your personal data, some of which we have summarised in this section. While we have summarised some of those rights, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You may exercise any of your rights in relation to your personal data by emailing us on email@example.com, calling our customer service team.
Right of access – you have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
Right to rectification – you have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. We may need to verify the accuracy of the new data you provide to us.
Right to erasure – in certain circumstances you have the right to request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to restriction on processing – in some circumstances you have the right to request the restriction of the processing of your personal data .
Right to objection to processing – you have the right to object to our processing of your personal data on grounds relating to your particular situation as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to data portability – in certain circumstances, you have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit that information to another controller to enable it to use the data. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to stop marketing messages – at any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers. You can do this by accessing your account online, contacting our customer service team by phone or by unsubscribing to our emails (which can be found at the bottom of emails we send you).
Right to withdraw consent – to the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to complain – in the event that you wish to make a complaint to us about how we process your personal data, please contact us at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. You also have the right to make a complaint to the Information Commissioner’s Office, the UK regulator for data protection issues . Please see https://ico.org.uk/concerns/ for how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Links to other websites
Technical and security measures
All information you provide to us is stored on secure servers and we use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality
We ensure that any third parties with whom your personal information is shared in accordance with this policy are also subject to agreements which impose on them equally stringent procedures and security features to help keep your personal data secure.
Procedures are in place to deal with any suspected personal data breach and to notify you and any applicable regulator when legally required to do so.