- what information we collect;
- how we use that information;
- how this information is shared;
- your rights;
- and other useful privacy and security related matters.
We hope you take the time to read this policy. It is important to check back often for updates to this policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Service and/or contact you using other methods such as email.
Who is the Data Controller?
The Box of Wine data controller is Cloud Wine Limited T/A Box of Wine of Office Address 8 Rosmeen Gardens, Dun Laoghaire Trading Out of Unit 32, Millennium Business Park, Finglas. (Herein known as Box of Wine)
And, what about the Data Protection Officer, or is it DPO?
Yes, Box of Wine has appointed a Data Protection Officer ('DPO'). While our DPO can be reached at email@example.com, our Customer Service team will be your initial point of contact if you wish to exercise your rights. Please see the 'Your Rights' section below.
Information we collect
When you use our Services, we collect the following types of information:
Information you provide us:
We collect information about you during the account registration process for any of our Services. This information may include, but is not limited to your name, postal address, e-mail address, phone number, credit/debit card details and any other details as might be requested from you for the purpose of registration and/or continued use of our products or Services.
We may also collect information from you if you request information or customer support.
Additional Information collected:
We may also collect the following information:
- name, contact information and message if you contact us or participate in a survey, contest or promotion;
- details such as traffic information, location data and other communication data (including IP address and browser type) collected by your availing of the Services;
- device information including unique device identified;
- information and communications on forums on our websites, including chat rooms and message boards, blog comments, profile comments, and chat messaging with customer service operators or other users;
- Your payments, payment method and other account transactions - these are routinely analysed to assist us in improving the Services we provide to you;
- your telephone or Live Chat conversations – either to place an order or a customer service call;
- your response to marketing campaigns from us or through our third parties i.e. open/click on such emails;
- your social media profile details (name, profile photo and other information you make available to us) when you connect with or contact us through a social media account;
- information derived based on profiling activity (see below); and
- information from third party databases to comply with our legal and regulatory obligations.
- Your quiz information provided includes tastes and preferences and date of birth.
Third Party and Publicly Available Sources
Not all the personal information we hold about you will always come directly from you. We may also collect information from third parties such as our partners, service providers and publicly available websites (i.e. social media platforms), to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and provide and enhance the Services.
If you log into one of our products through Facebook, Facebook provides us with some of your Facebook user details. We may use these details for the purposes of our registration process and to market our products and Services to you on Facebook.
How do we use this information
We process personal information for these Services- and business-related purposes:
- Account setup, verification and management: We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account, provide technical and customer support and training, verify your identity, process payment information and send important account and Service information.
To verify your age and accuracy of your registration details, including disclosure of such information to third parties e.g. financial institutions and third party reference agencies. This is required for the purpose of our complying with our legal obligations
We may also use personal information to enforce our terms and conditions.
- Personalisation: We use personal information to deliver and suggest tailored content to personalise your experience with our Services. This is processing which is necessary for the purpose of our legitimate interests in delivering or presenting relevant content to our customers.
- Marketing and events: Subject to any preferences you have expressed (where applicable), we use personal information to deliver marketing and event communications to you across various platforms, such as email, telephone, text messaging, direct mail, online, push notification or otherwise. We will do this during the period of your relationship with us and, unless specifically instructed otherwise by you, for a reasonable period of time after the relationship has ended in order to inform you about products, services, promotions and special offers which we think may be of interest to you.
If we send you a marketing email or SMS, it will include instructions on how to opt out of receiving these marketing communications in the future. You can also manage your information through your customer login area when you login to your account. Please allow up to 48 hours for any changes you make to your marketing preferences to be fully processed. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
Most browsers and applications also allow you to control notifications settings. For example, when you first download our application on IOS, you will be asked to allow or block notifications from our application. Please refer to your browser/app settings for full details.
We will, from time to time, send you marketing material which may be of particular interest to you based upon your behaviours i.e. your purchase and subscription activity, trends and interests. These marketing messages will provide you with information about the products, services, active promotions or offers available to you by Box of Wine and information about products and services provided by our selected partners and third parties.
Except where we use your personal data for marketing purposes on the basis of your prior written consent and subject to any opt out preferences you notify to us in respect of electronic direct marketing communications, we process personal data for marketing purposes as necessary for the purpose of our legitimate interests in promoting our products and services.
We may publish customer names and images, along with any prizes received through our promotions, on our websites in accordance with our legitimate interests.
- Risk Management: In order to provide the Services to you and for our legitimate purposes, we process personal data to evaluate and manage risks to our business.
- Show and measure ads and Services: We use a combination of information collected such as advertising cookies, your email address and your onsite activity to show you targeted and relevant advertisement on a selection of whitelisted websites across the world wide web and social media websites. This information can also be used to measure and analyse the effectiveness and reach of these ads, to help us improve and refine our marketing strategy in accordance with our legitimate interests.
- Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide may be used for marketing or market research purposes in accordance with our legitimate interests.
- Diagnostics, research and development: We use personal information for internal research and development purposes, to help diagnose system problems, to administer our websites, to improve and test the features and functions of our Services, to develop new content, products and services. To carry out testing and analysis. This processing is necessary for the purpose of our legitimate interests.
- Legal and regulatory obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; and (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
- Profiling: In accordance with our legitimate interests detailed below or to comply with our legal obligations, we carry out profiling and analysis based upon your location data, age, interests and behaviours for the following purposes:
- Customer segmentation to offer you tailored products and services, and more relevant marketing. For example, if you indicate you like specific wine grapes or regions of wine then we may contact you about offerings in relation to this;
- Risk and trading analysis; and
- Licensing and legal obligations i.e. Age Verification, prevention of fraud or commission of a crime.
- Other purposes: We may be required to use and retain personal information for; loss prevention; and to protect our rights, privacy, safety, or property, or those of other persons in accordance with our legitimate interests.
How is the information shared
Your personal information may be transferred or disclosed, subject to appropriate agreement, to third parties, for the processing of that personal information based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures.
Our third-party service providers & partners:
Box of Wine may, from time to time, retain trusted third parties to process your information to provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research and surveys. As part of our agreements with our partners, we may be required to share your information for the purposes of calculating fees and benefits owed.
Third parties for legal reasons:
We will share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence;
- In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
- To protect our rights, users, systems, and Services.
Under the General Data Protection Regulation, you, as a data subject, have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.
- Access to personal data: You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request please reach out to firstname.lastname@example.org
You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
- Correction of personal data: You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We provide you with account settings and tools to access the information associated with your account.
- Right to withdraw consent: Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent.
To opt out of marketing, you can use the unsubscribe link found in the marketing communication you receive from us. For other marketing preferences, you can visit the customer login area when you log into your account or contact us at email@example.com
- Right of erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances, it is not a guaranteed or absolute right.
- Right to data portability: This right allows you to obtain your personal data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
- Right to restrict processing of personal data: You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
- Right to object to processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
- Rights relating to automated decision making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right means you can request that we involve one of our employees or representatives in the decision-making process. We are satisfied that we do not make automated decisions of this nature.
How to contact us
For any requests related to your personal information or any of your rights referenced above, please feel free to contact us @ firstname.lastname@example.org
Filing a complaint
If you are not satisfied with how we manage your personal data, you have a right to make a complaint to your local Data Protection Authority.
Other useful privacy & data security related matters
We retain personal information for as long as we reasonably require it for legal or business purposes. For the unregulated jurisdictions in which they operate, and subject to us not having a legal or regulatory requirement or a risk management reason for retaining your information for a longer period, your information will not be kept for longer than 7 years post account closure.
Please note that we may be required in certain circumstances to retain your information indefinitely. We will take all necessary steps to ensure that the privacy of information is maintained for the period of retention.
We recognise that online security and data protection is an area of vital importance for all our customers, so it is important to us that you have confidence in the security of your personal details before you register an account. We are committed to employing security measures to protect your information from access by unauthorised persons and to prevent accidental or unlawful processing, disclosure, destruction, loss, alteration and damage. Our technological security solutions are governed by a mature framework. Our approach is focused on preventing risks. In order to help us in this regard, we will endeavour to employ pseudonymization and encryption whenever possible to reduce the impact of any potential incidents. As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and Box of Wine will accept no liability for any direct, consequential, incidental, indirect, or punitive losses or damages arising out of such an occurrence.