Data Privacy Process
MaxiVinos (the “Company”) is the trading name used on behalf of Mathies Trading Ltd. This Data Privacy Process explains how we use any personal information we collect about you.
The Company is a data controller in respect of the personal data we collect about you for purposes of the EU General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and the UK Data Protection Act 2018 (“DPA”) and any other data protection legislation which supplements the GDPR in the United Kingdom in the future.
What information do we collect from you?
Some of the information we collect is classified as “personal data” under the GDPR as it is information relating to an individual such as a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc.. We collect personal information that you provide when you complete an account application form or our online registration form, if you
make an online purchase and check out as a guest or if you provide us with your personal details by email, telephone or any other means of communication.
The Company may collect and process the following types of personal data which you provide in connection with the services:
- Your name and sometimes your signature;
- Your date of birth;
- Your contact details such as your residential address, email and telephone
- Your bank details and /or your card payment details;
- Copies of documents you provide to prove your age or identity (including your
passport and driver’s license). This will include details of your facial image, and if
your passport it will include your place of birth, gender and nationality
- Your Social media username, if you interact with us through those channels to
help us respond to your comments, questions or feedback;
We may also collect information such as your IP address when you visit our website and URLs of the web pages you have viewed.
Who will you share my personal data with?
We may disclose your personal information to service providers who process data on our behalf in the course of providing services to the Company, including:
- Warehousing and delivery services;
- IT companies who support our website and other business systems;
- Banks and payment processors;
- Identification verification services to prevent or detect crime in compliance with current regulations/li>
- Third party debt collection agencies.
These service providers are required to use your personal data in accordance with our instructions, to take appropriate security measures and to protect you personal data in line with our policies. It is our policy to not allow service providers to use your personal data for their own purposes.
In some contexts, we may disclose the personal data to the following controllers who will be directly responsible under data protection law for protecting the personal data:
- the Company’s legal adviser for the purposes of providing legal advice to the Company;
- the Company’s auditor for the purpose of providing audit services to the Company;
- HM Revenue & Customs and other regulatory bodies if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We will not pass on your details to our wine producers & suppliers, but they may invite you to events from time to time if you consent to this.
How do we protect your personal data?
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
How long will you retain and store my data for?
Personal data is stored for varying lengths of time depending on the nature and purpose for which it was collected. In any case personal data will be retained for only as long as is necessary for the purpose for which it was collected subject to any statutory minimum periods. We review the personal data held by us periodically to ensure it is held in line with our data protection policies.
To determine the appropriate retention period for your data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data and whether we can achieve the purpose of the processing through other means.
Our retention of your personal data – and the criteria we apply to determine how long it is necessary for us to retain your personal data – is kept under review. Some examples of data retention periods:
Orders and Wine in Reserve
When you open an account with the Company, we will hold your personal data for the duration of the relationship with you and for as long as we hold your wine in our reserve plus an additional period; the additional period would be the date of the last order plus seven years so we can comply with our legal and contractual obligations.
If you do not place an order and you cease to interact with us for a 24 month period, we will consider your account to have become dormant at that point.
Where we have obtained your consent to process your data i.e. for direct marketing purposes but you cease to interact with us and your consent goes cold over the passage of time i.e. you do not place an order with us for a 24 month period we will consider your account to have become dormant at that point.
At the end of a retention period, if your account becomes dormant or if you ask us to stop processing your data and close your account, your data will either be deleted completely or anonymised.
What are my rights?
In certain circumstances, under the GDPR, you will have the right to:
- request access to your personal data;
- request rectification of your personal data if it is inaccurate or incomplete;
- restrict the processing of your personal data (for example, if you want the Company to establish its accuracy or the reason for processing it);
- object to your personal data being processed;
- lodge a complaint with a supervisory authority;
- withdraw your consent to the processing, in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose. Once the Company have received notification that you have withdrawn your consent, they will no longer process your information for the purpose or purposes you originally agreed to, unless they have another legitimate basis for doing so in law. Please note that the withdrawal of your consent will not affect the lawfulness of any processing of personal data based on your consent before it is withdrawn.
If you would like to access, rectify or request deletion of your personal data, object to the processing of your personal data, or withdraw your consent to processing (if applicable), please contact the Company by emailing us at email@example.com.
We will respond to your request within 28 days from the day after receiving your request and if for any reason we cannot get the information to you in that time frame, we will contact you.
We want to make sure that your personal information is accurate and up to date and we may contact you from time to time to ask you if anything has changed.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Data Privacy Process. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Marketing and Communication
You can change your preferences on how we communicate with you at any time using the following methods:
You can unsubscribe from our promotional and marketing E-mails by clicking the ‘unsubscribe’ link on the bottom of any promotional E-mail.
If you would like to withdraw your consent for us to process your personal data, please send an E-mail to firstname.lastname@example.org with the subject containing the word “DELETE” and a clear, unambiguous message expressing how you wish us to change, restrict or delete our records of your personal data.
We are bound by UK jurisdiction to maintain seven years of financial records.
Updates to this Statement
The Company reserves the right to update this Notice and any other relevant policies or procedures at any time. Any substantial changes that we may make to this Notice in the future will be provided to you by. The Company may also notify you in other ways from time to time about the processing of your personal data.
Please do so by emailing us at email@example.com.
Alternatively you have the right to lodge a complaint with the Information Commissioner’s Office either on their website at https://ico.org.uk/concerns/ or by post to:
Information Commissioner’s Office
Wilmslow SK9 5AF