We are committed to respecting your privacy. This Notice is intended to inform you about how we collect, use and protect any personal data we collect about you. It sets out how we comply with the data protection laws and what your rights are.
This Notice applies to you if we process your personal data and you are not an employee. You could be an individual customer, a sole trader, a partnership, a user of our Website, www.store.oneyearnobeer.com, a user of one of our Apps (“App”), someone who works at a supplier or customer of ours or another organisation that we deal with, someone who enters one of our marketing competitions or attends one of our events, a recruitment candidate or someone else who is affected by our activities.
We are OYNB Ltd (“One Year No Beer”) of 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom and we are a Data Controller registered with the UK Information Commissioner’s Office with registration number 09626599. If you have any queries regarding your personal data and how it may be used by One Year No Beer, then you can contact us by email on email@example.com and by post at 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.
References to we, our or us in this Notice are references to One Year No Beer.
This Notice provides details about:
- What personal data we collect
- Where we collect your personal data from
- How we use your personal data
- Who we share your personal data with
- How we aim to protect your privacy
- How long we will keep your personal data
- International transfers of your personal data
- Your Rights
- Changes to this notice
- Contact Us
WHAT PERSONAL DATA DO WE COLLECT?
We may collect the following personal data about you:
- Contact details such as your name, address (including billing and delivery addresses), telephone number (including mobile number) and email address.
- Your social media handles, posts and information about your followers and the people that follow you.
- Details of financial and transaction data including purchases, orders, returns and refunds.
- Online browsing activities on our Website including which items you store in your shopping cart.
- Information about the device you use to browse our Website or access our App including the IP address, device type, usernames, account details and passwords.
- Information connected with any purchases made on our Website including financial and transaction data.
- Communication and marketing preferences.
- Interests, preferences, feedback and competition and survey responses.
- Your real-time location.
- Correspondence and communications with us including relating to complaints, allegations, disputes and claims.
- Other publicly available personal data, including any which you have shared via a public platform (such as LinkedIn, Instagram, YouTube, Twitter or a public Facebook page).
- Business information, such as where you are a sole trader, a partner or a company director.
- Details of your performance when working with or for us or in relation to any project or work we are engaged in.
- Subscription Information such as when you subscribe to one of our blogs or other materials.
This list is not exhaustive and in specific instances, we may need to collect additional personal data for the purposes set out in this Notice.
Where we do collect any special category personal data, we will do so based on your explicit consent.
We may collect, store and use any criminal records information in relation to you; in which case we will do so based on legal obligation or your explicit consent.
WHERE DO WE COLLECT YOUR PERSONAL DATA FROM?
We may collect your personal data directly or indirectly from you, for example when you:
- engage with us during our relationship with you or the organisation you work for;
- set up an online account on our Website and /or purchase products from us;
- register to use our Website or other services we provide;
- communicate with us regarding one of our Website or services, to ask a question, report a problem or for any other reason;
- register for, attend and/or participate in one of our events or enter one of our competitions;
- enquire about a vacancy or apply to become an employee of ours;
- enquire about and/or become one of our content contributors; and
- raise a query, complaint, claim, legal dispute on behalf of yourself or the organisation you work for.
We may also collect personal data from third parties who have your consent or some other lawful basis for doing so including:
- professional bodies;
- credit reference agencies including those which carry out data cleansing services;
- organisations who carry out research and analysis;
- Companies House;
- social media platforms including such as LinkedIn; Instagram, YouTube, Twitter or public Facebook page;
- referrals and recommendations, usually given by other people who know you or have a working relationship with you;
- your employer or the organisation you work for;
- our professional advisors including lawyers, accountants and other advisors;
- your professional advisors including lawyers, accountants and other advisors; and
- Government, local authorities or relevant regulators.
HOW WE USE YOUR DATA
|Purpose/Activity||TEST||Lawful basis for processing including basis of legitimate interest|
|To register you as a new Customer||(a) Identity|
|Performance of a contract with you|
|To process and deliver your order including:(a) Manage payments, fees and charges(b) Collect and recover money owed to us||(a) Identity (b)Contact (c)Financial (d)Transaction||(a) Performance of a contract with you (b)Necessary for our legitimate interests (to recover debts due to us)|
|To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity (b)Contact (c)Technical||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT Services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation|
|To deliver relevant Site content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity (b) Contact (c)Profile (d)Usage (e)Marketing and Communications (f)Technical||Necessary for our legitimate interests (to study how Customers use our Services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our Site, Services, marketing, Customer relationships and experiences||(a)Technical (b)Usage||Necessary for our legitimate interests (to define types of customers for our products and Services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about Services that may be of interest to you||(a) Identity (b)Contact (c)Technical (d)Usage (e)Profile (f)Marketing and Communications||Necessary for our legitimate interests (to develop our Services and grow our business)|
For some of your personal data you may have a legal, contractual or other requirement or obligation for you to provide us with your personal data. If you do not provide us with the requested personal data, we may not be able to properly perform our contract with you or the organisation you represent or comply with legal obligations and we may have to terminate our relationship. For other personal data you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly provide you with our goods and services or perform our arrangements with you or the organisation you represent.
Where you have given us your consent to use your personal data in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contact us” section below. We will generally only process your personal data based on your consent in relation to direct marketing or in relation to the processing of special category data and data relating to criminal convictions and offences.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal data to the extent that we are entitled to do so on a basis other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
We may anonymise and aggregate any of the personal data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services and for any other purpose.
You have the right to opt out of receiving marketing communications from us at any time, by:
- informing us that you wish to change your marketing preferences by contacting our customer support team at firstname.lastname@example.org;
- making use of the simple “Email Preferences” link in emails or the “STOP” number for texts; and/or
- contacting us via email at email@example.com
This will not stop service messages such as order updates and other non-marketing communications.
Personalisation and Automated Decision Making
If you visit our Website or use our App, you may receive personalised banner advertisements whilst browsing website of other companies. Any banner advertisements you see will relate to your browsing activity on our website from your computer or other devices.
We may analyse your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to decide what marketing communications are suitable for you and to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making.
This allows us to provide more personalised services and experiences, we may review personal data held by external social media platform providers about you, such as the personal data available on social media platforms such as Twitter, Instagram, YouTube, Twitter and Facebook. Some of our services enable you to sign-in via external social media platform providers such as Facebook. If you choose to sign-in via a third party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal data (e.g. your full name, date of birth, email address and any other information you have made accessible).
We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal data by profiling and segmenting, identifying what our customers like and ensuring messages we send them are relevant based on their demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications. We may also use your personal data to exclude you from communications which we feel are irrelevant to you. For example, we may exclude someone from resends of marketing emails when we know that person has already opened the original email sent.
Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data so we can send them product news or promotional offers that are relevant to that shared interest.
You may have the right to opt out of some automated processing, including profiling, at any time by:
- informing us that you wish to opt out of automated processing by contacting our customer support team at info@One Year No Beer.com; and/or
- contacting us by email to firstname.lastname@example.org
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data with the following third parties:
- The organisation that you represent.
- Other companies within our group.
- Other organisations within our supply chain so that they can contact you about any issues in the supply chain or where your personal data is relevant to a subcontractor or party above us in the supply chain.
- Other organisation including but not limited to organisations who own the venues at which our events take place, organisations who market and/or facilitate our events and photographers and videographers who attend our events.
- Purchasers, investors, funders and advisers if we sell or negotiate to sell all or part of our business or assets or restructure our business whether by merger, re-organisation or otherwise.
- Third parties who ask for or want referrals for example we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide.
- Other service providers and advisors to us including companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal, property or financial advice and generally help us deliver our products and services to you or the organisation that you represent or for us to purchase them from you or the organisation you represent.
- Our professional advisors including lawyers, accountants and other advisors.
- Your professional advisors including lawyers, accountants and other advisors.
- Organisations who carry out research, analysis and/or data cleansing services.Governmental bodies, regulators, law enforcement agencies, security services, courts/tribunals and insurers including where we are required to do so in order to comply with our legal obligations and the administration of justice.
HOW WE PROTECT YOUR DATA
One Year No Beer is committed to keeping your personal data safe and secure and so we have numerous security measures in place to protect the loss, misuse and alteration of information under our control.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
You should always be cautious when sharing your personal data. No one from our company will ever ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from One Year No Beer asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety:
- When creating a password, use a difficult word/number combination of at least 8 characters and something that is not easily guessed or something that cannot be easily obtained such as your name, email address, or other personal data that can be easily obtained.
- Frequently change your password (you can do this in your account settings.
- Avoid using the same password for different online accounts.
HOW LONG WE KEEP YOUR DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
The personal data we collect may be transferred to and stored in countries outside the UK and the European Union. This will typically occur when service providers are located outside the UK and the European Union or if you are based outside the UK and the European Union. These transfers are subject to special rules under data protection laws.
Some of these jurisdictions require different levels of protection in respect of personal data and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will ensure that your personal data is only used in accordance with this Notice and applicable data protection laws and is respected and kept secure and where a third party processes your personal data on our behalf we will ensure that one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and the European Union; and
- where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe Union and the US.
Our directors and other individuals working for us may in limited circumstances access personal data outside of the UK and European Union if they are on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
In limited circumstances the people to whom we may disclose personal data as mentioned in the “Who We Share Your Personal Data With” section above may be located outside of the UK and European Union. In these cases, we will impose any legally required protections to the personal data as required by law before it is disclosed.For further details please contact us by using the details set out in the “Contact us” section below.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Access to information: You have the right to request a copy of the information OYNB holds about you.
- Ensuring accuracy of information: OYNB wants to make sure that your personal information is accurate and up-to-date. You may ask OYNB to correct or complete information that is inaccurate or incomplete.
- Right to erasure: You may have a right to erasure, which is more commonly known as the ‘right to be forgotten’. This means that in certain circumstances you can require OYNB to delete personal information held about you.
- Ability to restrict processing: You may also have the right to require OYNB to restrict OYNB’s use of your personal information in certain circumstances. This may apply, for example, where you have notified OYNB that the information OYNB holds about you is incorrect and you would like OYNB to stop using such information until OYNB has verified that it is accurate.
- Right to data portability: You may have the right to receive personal data OYNB holds about you in a format that enables you to transfer such information to another data controller (e.g. such as another service provider).
- Review by an independent authority: You will always have the right to lodge a complaint with a supervisory body, including ICO as listed above.
- Preventing direct marketing: OYNB does not sell your personal data. From time to time, OYNB may send emails containing information about new features and other news about us. This is considered direct marketing. OYNB will always inform you if OYNB intends to use your personal data or if OYNB intends to disclose your information to any third party for such purposes.
- Objecting to other uses of your information: You may also have the right to object to OYNB’s use of your information in other circumstances. In particular, where you have consented to OYNB’s use of your personal data, you have the right to withdraw such consent at any time.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal data recorded and stored by us. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Whilst this Notice sets out a general summary of your legal rights in respect of personal data, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
If you wish to exercise any of the above rights, you can always contact us using the details set out in the ‘Contact Us’ section below.You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.
CHANGES TO THIS NOTICE
We may update this Notice from time to time. When we change this Notice in a material way, we will update the version date at the bottom of this Notice. For significant changes to this Notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal data.
In the event of any query or complaint in connection with the information we hold about you, please email email@example.com.
Version: 26th November 2019