Privacy Policy

Introduction

This privacy notice explains the types of personal data we may collect about you when you interact with us. It also explains how we shall store and handle your personal data, and keep it safe.

We know that there is a lot of information here, but we want you to be fully informed about your rights, and how we use your data. If you have any questions after reading this privacy notice, do contact us.

We may need to update this privacy notice from time to time. We shall notify you of any significant changes via email.


Who we are

Brew Republic is a trading name of Direct Wines Limited (a company registered in England and Wales with company number 01095091). Our registered office is:

One Waterside Drive
Arlington Business Park
Theale
Berkshire, RG7 4SW

You can contact us (i) in writing at the address above (please mark your letter for the attention of the Data Protection Officer) or (ii) by email to dpo@brewrepublic.co.uk.


A bit about the law

We’re required to tell you about the lawful bases we rely on when processing your personal data. This means that for every way in which we use your personal data, we need to have identified one of the six lawful bases under the General Data Protection Regulation 2016/697 (the ‘GDPR’). Here are some examples to help explain what we mean:

Consent – in some cases we shall collect and process your personal data with your consent. For example, we will send you emails about our products when you tick a box to provide your consent.

Contractual obligations – we also need to process your personal data to fulfil our contractual obligations to you. For example, we shall collect your address in order to deliver your beer to you and shall share those details with our courier for the same purpose

Legal compliance – if the law requires us to, we may need to collect and process certain of your personal data. For example, we use the services of a third party provider to verify your age as we are selling a licensed product.

Legitimate interest – we may process your personal data to pursue our legitimate interests except where our interests are superseded by your legal rights. For example, we may use your personal data and other aggregated data to review and improve the products we offer you, and to help us personalise those products in line with your tastes.


When do we collect your personal data

–   When you visit our website, create and use your account with us to buy products and services, or redeem vouchers on the phone or online.

–   When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).

–   When you purchase a product or service by phone but don’t have (or don’t use) an account.

–   When you engage with us on social media.

–   When you join our loyalty programme.

–   When you contact us by any means with queries, complaints or for any other reason.

–   When you enter our promotions, competitions or prize draws.

–   When you book to attend an event.

–   When you choose to complete any surveys we send you.

–   When you comment on or review our products and services.

–   When you give a third party permission to share with us the information they hold about you.


What types of personal data do we collect about you

–   If you have an online account with us: your name, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your password.

–   Any details of your contact with us, including any telephone calls you make or emails you send us. For example, we may store details of any complaints you make and how it the complaint is handled.

–   Details of the age verification that we undertake with the assistance of a third-party provider when you create an account with us.

–   Details of your shopping preferences.

–   Details of your visits to our website. For example, we may store details of items you purchased, viewed or added to your basket, and pages you visit on our website.

–   Information gathered by the use of cookies in your web browser.

–   Your comments and product reviews.

–   To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.

–   Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

–   Please note that we do not store your payment card information. This information is held securely by Braintree (part of PayPal).


How and why we use your personal data

–   To process any orders that you place by using our website or by telephone. For example, we will need to pass your delivery address to our courier to ensure that we deliver our products to you.

–   To respond to your queries, refund requests and complaints. We would not be able to respond to these issues if we do not collect and process your personal data, and retain it for a reasonable period of time after we have despatched your orders. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

–   We shall also retain copies of these communications to demonstrate how we handled your query, refund request or complaint.

–   To protect our business and you from fraud and any other crimes, we use your personal data to maintain and safeguard your account. We do this as part of our legitimate interests.

–   To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate interests.

–   If we discover any actual, potential or alleged criminal activity through our use of fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts.

–   With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, and via social media about relevant products and services including personalised offers, promotions, competitions, prize draws and events. You can withdraw your consent at any time.

–   To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

–   To display the most interesting content to you on our website, we shall use data we hold about your favourite products. We do so on the basis of your consent for our website to place cookies or similar technology on your device.

–   To administer any of our prize draws or competitions which you enter, based on our legitimate interests.

–   To develop, test and improve our business systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.

–   To comply with our legal obligations to share data with law enforcement. For example, we would share your personal data with a law enforcement agency if ordered by a court to do so.

–   To send you survey and feedback requests to help improve our services. We have a legitimate interest to do so as this helps make our products and services more relevant to you.

–   To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from across our website and social media. We shall do this on the basis of our legitimate business interest.


Protecting your personal data

Data security is incredibly important to our customers. We will treat your data with the utmost care and take all appropriate steps to protect it.

We use third party providers to manage this website, including the checkout through which you buy our products and services. We check to ensure that these providers security processes are adequate, and we enter into a written agreement with each of them to ensure they comply with data protection laws and only process your personal data for the purposes we require them to.

How long we keep your personal data for:

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning, and to the extent that it is necessary for us to comply with our legal obligations.

Who we share your personal data with:

We share your personal data with organisations which help us to operate our business and to meet our obligations to you. Examples of organisations we work with are:

–   IT companies who support our website and other business systems (including our order fulfilment function)

–   Operational companies such as our couriers

–   Direct marketing companies who may help us manage our electronic communications with you

–   Google, Facebook and other social media providers to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.


Where we do share your personal data with another organisation, we:

–   Only provide the personal data it needs to perform the services it is providing us;

–   Will review its data security arrangements to ensure that we are satisfied it will keep your personal data secure; and

–   Require it to enter into a written contract which states that it will only use your personal data for the purposes of performing the services and which requires it to delete or anonymise your personal data if we stop using its services.

In very limited circumstances, we may share your personal data with a third party for their own purposes. We would do this in the following circumstances:

–   For fraud management, we may share information about actual, potentially or allegedly fraudulent activity. This may include sharing data about individuals with law enforcement bodies.

–   We may also be required to disclose your personal data to the police or other enforcement, regulatory or government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

–   We may, from time to time, expand, reduce or sell part of our business and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this privacy notice.


When we might transfer your personal data outside of the EEA

From time to time we may use service providers outside the European Economic Area ("EEA"), in particular for the provision of IT services. As a result we may transfer your data to suppliers in countries such as Canada and the US.

If we do share your personal data with service providers outside the EEA we will ensure reasonable safeguards are put in place to protect your personal data. Our standard practice is to use 'standard data protection clauses' which have been provided by the European Commission for such transfers.


Your rights

The GDPR grants you rights in relation to your personal data. You have the right to:

–   Request access to the personal data we hold about you

–   Require us to correct any personal data we hold about you if it is incomplete, out of date or simply incorrect

–   Request, in certain circumstances only, that we delete the personal data we hold about you

–   Ask us to transfer your personal data in a commonly used format (such as CSV files) to another company where technically possible

–   Restrict our use of your personal data while we are considering an objection you have made

–   Require us to stop processing your personal data in certain circumstances, including when you withdraw consent

–   Demand that we stop using your personal data for direct marketing

–   Where you have given us your consent to process your personal data, you have the right to withdraw your consent at any time

–   Where we process your personal data on the basis of our legitimate interests, you can ask us to stop for reasons connected to your individual situation. We must then stop processing your personal data unless we believe we have a legitimate overriding reason to continue the processing

You can contact our Data Protection Officer to exercise these rights at any time:

–   By email at dpo@brewrepublic.com

–   Or in writing to the Data Protection Officer, Brew Republic, One Waterside Drive, Arlington Business Park, Theale, Berkshire, RG7 4SW.

To protect your information, we may ask you to verify your identity before proceeding with any request you make.

In certain circumstances we can decide not to action your request; where we do so we will always explain our reasons for refusing your request and remind you of your right to complain to our regulator.


How to stop receiving direct marketing from us

If would like to stop receiving direct marketing communications from us, you can:

–   Click the ‘unsubscribe’ link at the bottom of any of our marketing emails

–   Contact us at help@brewrepublic.co.uk or call us on 03330 148 217

Please note that you may continue to receive direct marketing communications for a short time after unsubscribing or changing your preferences while we update our records and systems.


Contacting our regulator

If you are concerned about how we have handled your personal data or unhappy with any response we give you to a request you have made, you have the right to make a complaint to our regulator, the Information Commissioner’s Office.

You can make a complaint at www.ico.org.uk/concerns (please note by clicking this link you will be directed to a third party’s website. We cannot be held responsible for any content on that site.)


Please let us know if you have any questions

If you have any questions you can contact our Data Protection Officer:

–   By email at dpo@brewrepublic.co.uk

–   Or in writing to the Data Protection Officer, Brew Republic, One Waterside Drive, Arlington Business Park, Theale, Berkshire, RG7 4SW.


Cookies

Introduction

Cookies are tiny text files which are stored on your computer when you visit certain web pages. Please note that cookies can't harm your computer. We don't store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine relevant related products to show you when you're browsing.

At brewrepublic.co.uk we use cookies to i) keep track of what you have in your basket, and to remember you when you return to our site, ii) as part of the security measures we use to protect your and other users' accounts, including preventing the fraudulent use of login credentials and iii) analyse the performance of the website.

To order products on brewrepublic.co.uk, you need to have cookies enabled. If you don't wish to enable cookies, you'll still be able to browse the site and use it for research purposes.


Types of cookies

Strictly necessary cookies - These cookies enable you to navigate our site and gain full access to its features and secure areas. Without these cookies, essential services like 'Your Basket' cannot be provided.

Performance cookies - These cookies remember information about how you and other customers use our website. This gives us vital information such as which pages are visited most often and if customers are receiving error messages from certain pages. The role of these cookies is to allow us to analyze and improve the performance of our website ensuring you receive a consistent look, feel and shopping experience. Performance cookies (often known as web analytic cookies) don't collect any information that identifies the customer and all information collected is aggregated and therefore anonymous.

Functionality cookies - These cookies remember choices you made on previous visits to our site such as your username, language or region so we can provide enhanced, more personal features. They can also be used to remember changes you've made to text size, fonts and other parts of web pages you can customise.

Targeting or advertising cookies - These cookies are used to deliver adverts more relevant to your personal interests. Alongside this they limit the amount of times you see an advert and measure the effectiveness of adverts. This means you won't keep seeing irrelevant adverts or the same adverts over and over. These cookies are usually placed by advertising networks with the website operator's permission. They remember that you have visited a website and the information is shared with other organisations such as advertisers


How you can manage cookies

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.


Cookies we use

Strictly necessary cookies used for the functioning of our website store:

_ab  Used in connection with access to admin.
_orig_referrer  Used in connection with shopping cart.
_secure_session_id  Used in connection with navigation through a storefront.
Cart  Used in connection with shopping cart.
cart_sig  Used in connection with checkout.
cart_ts  Used in connection with checkout.
checkout_token  Used in connection with checkout.
Secret  Used in connection with checkout.
Secure_customer_sig  Used in connection with customer login.
storefront_digest  Used in connection with customer login.


Reporting and analytics cookies:

_landing_page  Track landing pages.
_orig_referrer  Track landing pages.
_s  Shopify analytics.
_shopify_fs  Shopify analytics.
_shopify_s  Shopify analytics.
_shopify_sa_p  Shopify analytics relating to marketing & referrals.
_shopify_sa_t  Shopify analytics relating to marketing & referrals.
_shopify_uniq  Shopify analytics.
_shopify_visit  Shopify analytics.
_shopify_y  Shopify analytics.
_y  Shopify analytics.
tracked_start_checkout  Shopify analytics relating to checkout.