We collect, use and store your personal data so that we can offer you the products and services you expect from us. We see your personal data as just that: it's yours. So we will always be clear and upfront with you about what we do with your personal data, and (of course) you have control over it.
We collect your personal data for three main reasons:
To process any orders you make and to deliver those orders to you
To personalise, report on and improve the products and services we provide to you
To send you special offers, often tailored to what you have told us you would like to hear about
That you can control the personal data you provide us with and that we will always be transparent about how we collect and use it
We will always tell you what personal data we are collecting from you, the means by which we will collect it and how we will use it. We will only use your personal data for the purposes we originally told you about.
We will always use market-leading technology and software to ensure that your personal data is secure and when we ask another organisation to provide services to us which involve sharing your personal data with them, we will always make sure they have appropriate security measures
• We will send you marketing communications as we believe we have a legitimate interest in doing so; however, we will always offer you a clear and simple means of changing your preferences whenever you want to. Simply click here to view and amend your preferences.
Who we are
Laithwaite's Wine is operated by Direct Wines Limited ("Direct Wines"), a private company registered in England and Wales with company number 01095091. Our registered office is:
One Waterside Drive
Arlington Business Park
If you have any questions about how we look after your personal data, you can contact us:
In writing, at the address above. Please mark your letter for the attention of the Data Protection Officer
You can manage your marketing preferences (whether we can mail you catalogues, call you on the phone, email you or share your personal data with third parties) by contacting us as above or through the preference centre in your online account - available here. We will update your preferences as soon as we can but please note that as catalogues are printed in advance, it may take up to 8 weeks for the process to be completed and for emails it may take up to 2 weeks.
How do we collect your personal data?
We collect your personal data in two main ways:
When you give it to us directly
When you create a customer account, visit our website, communicate with us or purchase our products or services, you may choose to give us certain information. For example, when you give us your name and address, tell us about your wine preferences or when clicking on active buttons such our 'Place Order & Pay'.
When our systems collect information or personal data as you use our website or app, or websites or apps that are connected to our website
Whenever you use a website, app or other internet service, information gets recorded automatically by the IT systems used to operate that website, app or service. The most common type of information collected is in the form of cookies (small text files sent by your computer each time you visit our website) but can also include personal data transferred by the electronic device you use to access our website and its settings. The manufacturer of your device, or the provider of the operating system, will have details about what information your device shares with us.
What categories of personal data do we collect?
We may collect the following information about you:
Your name, date of birth and contact details
This can include your postal, billing and delivery addresses (which would include the addresses of any family or friends you choose to send wine to); your telephone number(s), including, if you provide it, your mobile number; and your email address
Purchases and orders made by you
Your payment card details (which we encrypt) when you purchase our products or services
When you set up an account with us, your password (which we encrypt) and your marketing preferences
Your wine preferences, favourites, ratings and reviews
Your on-line browsing history on our website
Your correspondence with us
Personal data we will process to fulfil your orders and to comply with the law
We will need to process some of your personal data to fulfil any orders you place and to comply with the law. For example:
We will share your (or your recipient's) name, address and, where applicable, telephone number with our carriers.
We will share your payment details with our bank or clearing house so that we can process payment for your order
We will share your name, address and telephone numbers with an external provider to verify your age when you first purchase from us. This is because we are required by law to ensure that we sell products containing alcohol only to people aged 18 or over
Occasionally with the police, or our trade body, for the purposes of preventing and investigating fraud
Legal basis for collecting and processing your data
The law on data protection sets out a number of lawful bases for which a company may collect and process your personal data. Only 4 of these are relevant to us.
Personal data is processed on the basis of our legitimate interests
Personal data is processed on the basis of a contractual obligation
Personal data is processed on the basis of legal compliance
Personal data is processed on the basis of a person's consent
"Legitimate Interests" means the interests of our company in conducting and managing our business to enable us to give you the best products and services, and the best and most secure experience.
For example, we have an interest in marketing our products and services to you, and making sure our marketing is relevant for you. Therefore, we may process your information to send you marketing that is tailored to your interests.
It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Where we rely on our legitimate interests to send you marketing communications, we shall tell you when you become a customer how we would like to market our products and services to you, and offer you a means of opting out of those communications. You can opt out of our marketing communications at any time through the preference centre in your online account – available here – or by contacting us on 03330 148 168 or firstname.lastname@example.org.
In addition to sending you marketing communications, we rely on our legitimate interests to process your personal data so that we can:
Improve our existing wine range, associated products and services, and develop new ones
Provide you with a quality customer service experience
Protect you, our employees and our business
Understand your likes and dislikes, what wines you want to hear about and how best to contact you to inform you about them
Manage insurance claims made by our customers
Carry out market research. We use a specialist third party market research company to assist with this research
Taking legal action against any party in breach of its obligations to Direct Wines, and handling any legal claims or regulatory enforcement actions taken against Direct Wines
Handling customer contacts, queries, complaints and disputes
Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
In specific situations, we collect and process your data to comply with our contractual obligations. For example, if you order an item from us we collect your address details, phone number and email and pass these to our couriers to deliver your purchase.
If the law requires us to we may need to collect and process your data. For example, we pass on your details to verify your age to ensure that we only sell products containing alcohol to those aged 18 or over. We may disclose the personal information that you provide to a credit reference or fraud prevention agency which may keep a record of that information. This is done only to confirm your identity. A credit card check is not performed, and your credit rating will be unaffected.
We can collect and process your data with your consent. For example, when you tick a box to confirm that you are happy for us to share your data with third parties for marketing purposes.
How and why do we use your personal data and on what lawful basis?
We use your personal data:
On the basis of our contractual obligation to send you the wines and other products and services you have purchased; to manage any accounts you have registered with us so that (i) we can provide you with products and services; (ii) you can place orders; and (iii) we can fulfil those orders and communicate with you about them.
On the basis of our legitimate interests to improve the range of wines, offers and associated products we offer you and to help identify new products and services in the future to present you with personalised offers on our website, through social media channels such as Facebook and Instagram and by placing banner advertisements on third party websites; to personalise the offers you receive from us – the wines you love, unique events, and special offers and promotions; to allow you to post links to our products on social media; to carry out research to better understand your views on our products and services and to allow you to continue enjoying our award winning customer service.
On the basis of our legal compliance to comply with the law (for example, to ensure that we only sell products containing alcohol to those aged 18 or over); to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same) to verify your identity and your age;
When do we share your personal data?
So that we can provide you with our products and services, we have to share some of your personal data with certain third parties.
When we share your personal data, we make sure that it remains secure:
We conduct a data security review of third parties we share your personal data with to ensure that they will keep your personal data secure and confidential to the standards you and we would expect
Every external company we work with is required to have a contract with us which clearly describes our expectations about the way in which they keep your personal data secure, the purposes for which they can use your personal data and which holds them fully responsible for meeting those expectations
We will only send to third parties the personal data that is necessary for the purposes it is required for.
We share your data as follows:
With core service providers to enable our business to function
We rely on a set of external companies to provide us with services that enable our business to run properly. Our core service providers include the courier companies we use to deliver our products to you; banks and clearing houses to process your payments; companies we use to carry out fraud protection and age verification checks; IT services providers; companies to help us with our marketing; and partners through which we provide our concession shops.
With other partners when we have your consent to do so
We work with a number of other third party companies to provide value to our business and to you. These companies include our marketing partners and social media partners (for instance you can publish a link on Facebook or Twitter to any wines of ours that you have enjoyed).
We will only partner with a company that meets our own high standards and that we think is a good fit for our business and our customers. Each of these third parties is required by the terms of the contract we have agreed with them to use your personal data only as we instruct it and to ensure that your personal data is secure.
We may also on occasions share your data with trusted retail partners either directly or through alliances operated by third parties. The companies we share your data with directly and the retailers participating in these alliances are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories.
These alliances work by each trusted retailer sharing information on what their customers buy. This information is analysed to help the retailers understand consumers' wider buying patterns. As a result, the retailers can tailor their communications, sending suitable offers that should be of interest, based on what they like to buy.
If you would rather not receive marketing offers from third party companies you can withdraw your permission whenever you want through the preference centre in your online account – available here or by contacting us on 03330 148 168 or email@example.com.
With regulators and law enforcement agencies when required to do so by law
We are required to co-operate with regulators (like the Information Commissioner's Office or HMRC) and law enforcement agencies (like the police or the Serious Fraud Office) in every country we operate in. Although it does not happen often, regulators and law enforcement agencies can require us to share information with them as part of an investigation; this may include your personal data. We would have to disclose your personal data where we believe that disclosure is reasonably necessary to comply with the regulator or crime enforcement agency's demand.
When we think it is reasonably necessary to protect you or us
Occasionally businesses are subject to attempted criminal activities; this can affect both us and you. We will take all reasonable steps to protect you and our business but sometimes we may need to share your personal data where we think it is reasonably necessary to:
Detect, monitor, investigate or prevent any suspected illegal activities, fraud or security issues
Enforce our terms and conditions and to protect your and our rights and property
Investigate and defend any third party claims or allegations
As part of a business sale or purchase, merger or reorganisation
From time to time we may look to purchase another business or sell or re-organise parts of our business to ensure that we remain in strong shape. Sometimes these types of corporate transactions involve the transfer of your personal data solely for the purposes of assessing the transaction. In the event that we sell or buy any business or assets, personal data which we hold about you may be one of the transferred assets.
In aggregated format
Strictly speaking this is not personal data, but on occasions we will use data from which you cannot be personally identified but which does include information that relates to you (such as your purchase history). This data is combined with data from other customers to provide general trends on customers preferences, ratings and reviews and general buying habits.
When do we send your personal data outside the European Economic Area and why does it matter?
From time to time we may use service providers outside the European Economic Area ("EEA"), in particular for the provision of IT services and as a result we may transfer your data to suppliers in countries such as Australia, the US and India.
If we do share your personal data with service providers outside the EEA we will ensure reasonable safeguards are put in place to protect your personal data. Our standard practice is to use ‘standard data protection clauses’ which have been provided by the European Commission for such transfers. Those clauses can be accessed here.
How long do we hold your personal data for?
We will not keep your personal data for longer than is necessary for the purposes described in this policy.
As a guide:
we will keep personal data while your account is active
Currently we retain data for 6 years from date of last purchase with us, but we may keep certain categories of personal data after your account is closed in order to meet any legal or regulatory requirements, or to resolve a legal dispute.
and, because of this, we may keep different types of personal data for different lengths of time (for instance, we may need to keep certain personal data relating to your purchases in order to comply with HMRC's VAT reporting requirements)
You have a number of rights under data protection laws; these are summarised below.
the right to be informed
the right of access
You can access the personal data we hold on you by contacting us 03330 148 168 or firstname.lastname@example.org. To process your request, we will ask you to send us two forms of proof of identity so that we can be sure we are releasing your personal data to the right person.
We will process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format or hard copy.
If we consider the frequency of your requests is unreasonable, we may refuse to comply with your request. In those circumstances, we would notify you of your right to complain to the Information Commissioner's Office.
the right to rectification
We welcome feedback from you to ensure our records are as accurate and up-to-date as possible. If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us on 03330 148 168 or email@example.com or by updating your details at any time through the My Details section in your online account. We will process your request as soon as we receive it or within one month of receipt at the latest.
the right to erasure
You can ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.
When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes.
Other than as described above, we will always comply with your request and do so promptly. We would also notify any third parties with whom we have shared your personal data (for instance, our carriers for the purposes of delivering wine to you) about your request so that they could also comply.
Some customers would still like to order our products but do not want to receive any marketing communications from us. This is not a problem as you can simply update your marketing preferences by contacting us on 03330 148 168 or firstname.lastname@example.org or through the preference centre in your online account – available here.
the right to transfer your personal data (known as data portability)
You have the right to move, copy or transfer your personal data from one organisation to another. We hold little information that would be much use to another wine merchant but if you do wish to transfer your personal data we would be happy to help.
If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (for instance, in a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.
Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.
When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
We will comply with your request within one month or, if the request is complex or there are a number of requests from you, within two months.
the right to object
If you would like us to stop processing your personal data for marketing purposes simply let us know by contacting us on 03330 148 168 or email@example.com or through the preference centre in your online account – available here.
We put a lot of effort into personalising your experience with us to ensure that the offers we send you are interesting, relevant and timely. To do this we look at your previous purchases plus any wine preferences, ratings, reviews and favourites you may have indicated to build a profile of what you are most likely to want to buy. This is known as 'profiling'.
If you don't want us to carry out any profiling using your personal data please let us know by contacting us on 03330 148 168 or firstname.lastname@example.org. However, please be aware that if you ask us to stop profiling your personal data you will stop receiving personalised offers on the wines you enjoy the most.
Data Protection Officer
We have appointed a Data Protection Officer. If you have any questions about how we use your personal data that are not answered here, or if you want to exercise any of your rights described above please contact our data protection team by contacting us on 03330 148 168 or email@example.com or write to Data Protection Officer, Laithwaites Wines, One Waterside Drive, Arlington Business Park, Theale, Reading, RG7 4SW.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response you have the right to lodge a complaint with the Information Commissioner's Office.
We may update this policy from time to time to take account of any new business activity or to reflect any changes in law or best practice in relation to data protection. We will notify you if we do so.
This policy was last updated on 23 May 2018.
What are cookies?
Cookies are tiny text files stored on your computer when you visit certain web pages. Please note that cookies can't harm your computer. We don't store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine relevant related products to show you when you're browsing.
To order products on bbcgoodfoodwineclub.com, you need to have cookies enabled. If you don't wish to enable cookies, you'll still be able to browse the site and use it for research purposes.
We do have relationships with carefully-selected and monitored suppliers who may also set cookies during your visit to be used for remarketing purposes - in other words to show you different products and services based on what you appear to be interested in. If you'd like to opt out, please go to the Network Advertising Initiative website (opens in a new window - please note that we're not responsible for the content of external websites).
Do not track (DNT) is a feature offered by some browsers, with some newer browsers offering it as default. If you enable it, it sends a signal to websites to request that your browsing isn't tracked, for example by third party ad or social networks, or analytic companies. You can opt out of tracking and analytics on this website by changing your settings in the Managing Cookies section on this page.
At present no industry-wide uniform standard has been agreed and adopted to determine how DNT requests should be managed, so our website doesn’t currently respond to DNT requests. Until that standard is established, we'll continue to review DNT and other new technologies, but won't respond to DNT requests.
We're giving you this information as part of our initiative to both comply with legislation, and make sure we're honest and clear about your privacy when using our website. We know you'd expect nothing less from us.
Strictly necessary cookies - These cookies enable you to navigate our site and gain full access to its features and secure areas. Without these cookies essential services you have asked for like 'Your Basket' cannot be provided.
Performance cookies - These cookies remember information about how you and other customers use our website. This gives us vital information such as which pages are visited most often and if customers are receiving error messages from certain pages. The role of these cookies is to allow us to analyse and improve the performance of our website ensuring you receive a consistent look, feel and shopping experience. Performance cookies (often known as web analytic cookies) don't collect any information that identifies the customer and all information collected is aggregated and therefore anonymous.
Functionality cookies - These cookies remember choices you made on previous visits to our site such as your username, language or region so we can provide enhanced, more personal features. They can also be used to remember changes you've made to text size, fonts and other parts of web pages you can customise. Functionality cookies can also be used to provide services you have previously asked for such as watching videos or commenting on a blog. The information collected by these cookies may be anonymised and they cannot track your browsing activity on other sites.
Targeting or advertising cookies - These cookies are used to deliver adverts more relevant to your personal interests. Alongside this they limit the amount of times you see an advert and measure the effectiveness of adverts. This means you won't keep seeing irrelevant adverts or the same adverts over and over. These cookies are usually placed by advertising networks with the website operator's permission. They remember that you have visited a website and the information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations that generate the advert. When one of these adverts is presented to you on a site there will be a quick and easy way to click in and opt out of receiving further adverts.
Cookies we use
AppNexus - this cookie provides data and analytics to help us buy online display advertising
Bluekai - This cookie creates profiles through the use of cross-device/cross-context technology (such as statistical IDs), or other unique identifiers provided by you (such as mobile-device IDs) to learn about your journey across Laithwaites. This information is used in order to help show you more relevant marketing content. Normally if you don't visit our website for 90 days your cookies would expire, meaning we're unable to personalise your experience. To enable us to maintain your personalised experience for longer, we take part in a programme run by Oracle Bluekai whereby some cookies will not expire after 90 days, if in that period you browse the website of the other retailers and brands taking part in the same programme
JSESSIONID - These cookies enable us to respond to your actions on our website such as add to basket
V_STATUS - We use this cookie to understand the state of our users – are they first time visitors, returning, or already identified to us
Site Catalyst - These cookies enable software. It helps us analyse visitor information such as browser usage, visitor numbers, what people are looking at and buying.
Google Adwords conversion tracking - This is a cookie from Google that helps us to understand how customers are purchasing from our website. This information helps us understand what is working more successfully for us in terms of sponsored advertising on search engines, website structures, promotions and other key identifiers. The cookie does not contain any personal information about our customers. https://support.google.com/adwords/bin/answer.py?hl=en&answer=93148
bvgacefRatingsAnd Reviews - We use BazaarVoice to enable our customers to rate and review our wines
Mentionme - this cookie provides refer a friend programme
Rakuten - a cookie for sales attribution of affiliates which allows the optimisation of marketing by understanding the customer journey to a purchase. Rakuten does not identify individuals.
Sub2 Technologies - Sub2 helps us understand how visitors are using our websites, so we can improve users' experience on the websites and in buying or using goods and services us.
Share buttons (Facebook, Twitter and Google+) - These cookies are required to enable our customers to share their shopping experiences through social media such as Facebook and Twitter etc. Please note that if you do choose to share through these social media providers that we don't control the setting of these cookies and we recommend that you check the provider's website for further information.
Vivocha - a cookie that allows live online chat.
Company Secretary Direct Wines Ltd One Waterside Drive, Arlington Business Park, Theale, Berkshire RG7 4SW