At H. Weston & Sons Limited (“Westons Cider“, “we“, “us“, “our“) we recognise that it is important for you to understand how we use your personal data. Therefore, please read the following information carefully as it contains important information regarding the Westons Cider website (this/our “Site“) and the way in which we use your personal data.
2. WHO WE ARE
For the purposes of applicable data protection laws, H. Weston & Sons Limited is the data controller of your personal data (in other words, we are the organisation responsible for determining how your personal data is used).
3. WHAT PERSONAL DATA WITH PROCESS?
The personal data we may process about you may include but is not limited to:
- your name;
- your email address;
- your home address;
- your phone number;
- your gender (and preferred salutation);
- your date of birth;
- information about the services or products that you order from us;
- your purchase history;
- your payment card details or other financial information;
- the company that you work for;
- your social media handle/user name details if you engage with us on social media;
- technical information, including the Internet protocol (IP) address used to connect your device to the Internet, information about your device (such as device IDs) your login information, browser type and version, time zone setting, browser plug-in types and versions, device types, operating system;
- information about your visit to our Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse the Site;
- any feedback or reviews that you give us on our Site or on social media, including via any survey that you complete for or about us;
- any content relevant to entering one of our competitions or promotions;
- images and recordings of you collected via our CCTV system at our premises (we may be required by law to share the data captured with the relevant authorities); and
- any other information that you choose to give to us via our Site, on social media or to our customer services team.
If you apply for a role with us, in addition to the above (where applicable) we will also collect a range of additional information directly from you either by email, over the phone or via an online job application process which may include but is not limited to:
- your health information (if relevant to your application);
- the contents of your CV (including details of previous roles, any relevant qualifications you have obtained);
- evidence that you are legally permitted to work in the United Kingdom;
- your current and desired annual salary;
- your current notice period;
- whether you have previously been employed by us;
- how you heard about the role you are applying for; and
- any other information that we may reasonably require as part of the recruitment process.
If you are a job applicant and want more detail about how we process your personal data as part of our recruitment process, you can contact our HR department by email at Recruitment@westons-cider.co.uk .
4. HOW DO WE COLLECT PERSONAL DATA?
We collect personal data in a variety of ways. In terms of information about you, it is generally when you give it to us, including when you:
- create an online account with us on our Site;
- ask us to provide you with items or services;
- visit our Cider Mill (or book to do so);
- visit our Site;
- sign up for our newsletters or to receive other marketing communications;
- enter one of our competitions or promotions or fill in a survey;
- leaving a site review on our Site or on social media;
- corresponding with us by e-mail, telephone or SMS;
- engage with us on social media (for example by mentioning/tagging us or by contacting us directly); and
- contact our customer services team or otherwise get in touch with us.
We may also collect personal data about you from third parties who have a lawful basis (which may be your consent) to pass your details on to us. For example, we may use data from third parties to help us personalise our digital marketing activity.
5. HOW DO WE USE YOUR PERSONAL DATA AND WHAT IS OUR JUSTIFICATION FOR DOING SO?
Whenever we use your personal data, we need to make sure that we have established a valid legal justification (known as a “lawful basis”) for that use of data. We have described the ways that we use your data and the associated lawful basis below.
Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
|How and why we use your personal data||What is our legal justification for processing your personal data|
|To carry out our obligations arising from any contractual agreement with you and to provide you with the information and products or services you request. These may include fulfilling your order with us, registering and dealing with any claim in relation to your order with us, managing your account with us, and the provision of services related to these purposes to us by our agreed third-party providers.||
We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data in relation to an order for products and services.
Alternatively, in some scenarios, we rely on our legitimate interests as a business (for example, it is in our interests to measure customer satisfaction and troubleshoot customer issues).
|To measure how satisfied our Site visitors and our customers are and provide customer service (including dealing with enquiries or complaints as well as troubleshooting in connection with the products you purchase from us or when you ask us questions by email, on the phone or on social media).|
|To process payments and maintain accounts and records.|
|To prevent or detect crime, fraud or abuses of our products and services or our Site and to enable third parties to carry out related technical, logistical, research or other functions on our behalf related to these purposes.||
In some circumstances we will use your personal data because it’s necessary for us to comply with a legal obligation (for example, if we receive a legitimate request from a law enforcement agency).
In other cases (such as the detection of theft, fraud or ensuring security of our Site) we will rely on our legitimate interests in keeping our employees and our Site secure and to prevent theft and fraud.
|We may use your personal data to send you our newsletters, updates and information about new products or services and other promotional and marketing information that we think may be of interest to you, to conduct prize draws, competitions and other promotions via email, telephone or post.||
Unless we are contacting you in a business to business capacity, we will only use your personal data to send you electronic marketing messages if we have consent from you to do so (or if you are an existing customer and have not opted out of receiving marketing materials). We will only ever rely on your consent to pass your personal data to third parties for their own marketing purposes.
In some cases, we will rely on our legitimate interests to send these types of communication (our legitimate interest in marketing and advertising our products).
To measure the effectiveness of our marketing campaigns and our advertising we serve to you.
|To pass your personal data to selected third parties, who may contact you for their own marketing purposes.|
To find out more about our customers as a whole (and not to find out more about you as an individual) to ensure that the products and services that we offer are most likely to interest our Site visitors and customers.
We have a legitimate interest to make sure that we are providing you with the information that we think is most relevant to you.
Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
To use the reviews, comments and feedback that you leave on our Site or provide to us for our own advertising purposes.
We may use a review, comment or piece of feedback that you submit in our advertising campaigns, such as in TV adverts, in press and digital advertising, on our social media pages, in our email marketing or on our Site.
|We have a legitimate interest to promote our own products and services and to use the reviews, comments and feedback that you provide to us to do so.|
|To notify you about changes to our services and terms and conditions||We rely on our contractual arrangements with you as the lawful basis for this processing. In some cases, we rely on our legitimate interests as a business to send you these updates.|
To ensure that content on our Site is presented in the most effective and relevant manner for you and for your device and to tailor the Site’s experience and content based on the way that you use the Site.
It is in our legitimate interests as a business to use your data in this way. For example, we have a clear interest in ensuring that our Site works properly and that our products and services are high quality and efficient. Where we rely on our legitimate interests, we will always ensure that your rights are protected.
|To administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and where you contact us for a particular reason other than those set out above, such as to report problems with our Site.|
|For our internal business purposes, such as analysing and managing our business, audits, developing new products or services, enhancing our Site, improving our services and products and identifying usage trends. For these purposes, your personal data will be aggregated and looked at on a statistical basis;|
|If you are a job applicant, we will use your personal data to assess your suitability for the role and to make recruitment decisions. Unless you ask us not to, we will continue to process the application data (including CVs and any interview notes) of unsuccessful applicants for a period of||
We have a legitimate interest in recruiting talent into our business and assessing candidates to ensure that we are making fair and appropriate recruitment decisions.
We may process some of your data on the basis of a legal obligation that applies to us as an employer (e.g. in some territories, this may require us to process data relating to race, religion, gender or disability/health).
To carry out profiling on and segment our customer base so that we are able to tailor our communications within our customer base to ensure they are more effective.
Please see our section on ‘Profiling and analysing information about our customers’ below this table for more information.
We have a legitimate interest to engage with our customers differently as it allows us to be more focused and cost effective with our resources and reduces the risk of someone receiving information they may not want to receive.
We may occasionally seek your consent for profiling activity if it is necessary in accordance with data protection laws.
|As part of our efforts to keep our Site safe and secure, managing risk for us and our customers.||In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the Site) we will rely on our legitimate interests as a business to use your data in this way.|
|To detect, investigate, report or seek to prevent fraud or other illegal activity.|
|As we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws or legal process in other countries).|
|To protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies.|
Profiling and analysing information about our customers
In order to tailor how we engage with our customers and people who have told us they want to hear form us, we may analyse personal data that you give us and that we collect about you including your purchase history, your location and other demographic information.
We may use the information that you provide us and match it with data that we have obtained from external sources to better understand our customer base and tailor our communications to you or others like you.
We may segment our customer base into different groups based on what we know about them to ensure that our communications are sent to those that are most likely to respond and engage with us. For example, we may send customers who have bought a particular product specific communications as a result of their purchase. Once we have carried out this segmentation, we will either only contact you in the ways that you have asked us to, or where we are entitled to do so in accordance with data protection laws. We don’t target specific individuals in this way, but we target groups of individuals that may share the same characteristics.
You are in control of how we process your personal data so if you don’t want us to do this, you can opt-out at any time by contacting us at email@example.com .
6. wHAT IF YOU FAIL TO PROVIDE PERSONAL DATA?
Please make sure you provide us with certain information when requested as if you don’t, we may not be able to perform the contract we have entered into with you (such as, to provide you with our products). In this case, we may have to cancel a product you have with us, but we will notify you if this is the case at the time.
7. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain our legal justification for doing so and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
8. HOW DO WE SHARE YOUR PERSONAL DATA?
When we provide you with services or you make a purchase from our Site, in order for us to provide our services to you or deliver your purchase, we share your personal data with our trusted third-party service providers as detailed below. Whenever we share your personal data, we put safeguards in place which require these other organisations to keep your data safe and to ensure that they do not use your personal data for their own marketing purposes unless you have given us your consent to do so. We share data in the following ways:
Third party suppliers and service providers that help us run our business
Like most businesses, we work with third party suppliers and service providers as part of the day to day operations of our business. In doing so, we may disclose information about you to any of our trusted agents, suppliers or subcontractors who provide services to us, such as website hosting, delivery fulfilment and logistics and taking payments on our behalf. We will only share your personal data with our trusted service providers in order to provide our services to you. It is in our legitimate interests as a business to work with these service providers since we may not have the capabilities to provide these services ourselves.
We make sure that the organisations we use meet agreed standards for the protection of your personal data and they will only ever be allowed to use your personal data in order to provide us with services and not for their own commercial purposes. .
We require all of our service providers to take appropriate technical and organisational security measures to protect your personal data and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law.
If you would like more information on the service providers that we share your data with, please contact us using the contact details set out at section 15 below.
Other scenarios in which we might share your personal data:
- with our professional advisors including tax, legal or other corporate advisors who provide professional services to us and our wider corporate group.
- with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.
- in the event that we consider selling or buying any business or assets we will disclose your personal data to any prospective sellers or buyers of such business or assets.
- in the event of any insolvency situation (e.g. administration or liquidation).
- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our members and customers will be one of the transferred assets.
- to protect the rights, property or safety of our employees, our customers, or others. This includes exchanging personal data with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of employee and customer safety, crime prevention, fraud protection and credit risk reduction.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
9. wHERE WE TRANSFER AND STORE PERSONAL DATA
Some of the processes involved in our use of your personal data may require your data to be stored or processed in countries outside of the UK and the European Economic Area (“EEA“) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA.. Similarly, some of our trusted third-party suppliers may transfer data outside of the UK/EEA and wherever this is the case, we will implement appropriate safeguards to protect your personal data.
Whenever we send (or permit a third party to send) your personal data outside of the UK or EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws (including the UK and EU GDPR). For example, we may require the overseas recipient to enter into particular contract terms such as those contained in the UK Government approved International Data Transfer Agreement (or where applicable, the European Commission’s Standard Contractual Clauses).
10. SECURITY AND RETENTION OF YOUR PERSONAL DATA
Unfortunately (and as you will probably already know) the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
Where you have chosen a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We will only keep your personal data for as long as we need it in connection with our relationship with you. The applicable retention periods will always be linked to our purposes for processing your personal data. This means that the retention periods may depend on whether you are visiting our Site or make a purchase and on whether we need to retain your personal data in order to comply with applicable laws.
We may retain some statistical information concerning the use of our website and about our customer base for longer than this however this data will be wholly statistical and anonymised and we will not be able to identify you from this data.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
You have a number of rights in relation to your personal data as set out below.
|RIGHT||DESCRIPTION OF RIGHT|
|Access||A right to access personal data held by us about you.|
|Rectification||A right to require us to rectify any inaccurate personal data held by us about you.|
|Erasure||A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with your right to object, below).|
|Restriction||In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.|
|Portability||In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.|
|Objection||A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims.|
|Not to be subject to automated processing||A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you|
|Withdrawal of consent and objection to marketing||A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products). You can object to direct marketing at any time.|
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes so that our records can be updated. We cannot be held responsible for any errors in your personal data in this regard unless you have notified us of the relevant change.
12. THIRD PARTY WEBSITES
Our Site may, from time to time, contain links to and from other websites (including the website of our retail partners, other business partner networks, advertiser and affiliates, or other sites). If you follow a link to any of these website, please note that these websites have their own privacy policies and that we do not accept any liability or responsibility for these privacy policies. Please check these policies before you submit any personal data to these websites.
This policy was last updated on 26th May 2022.
We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your data (our details are in the section immediately below). We will try to put things right.
However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to the UK’s Information Commissioner’s Office (“ICO”). You can contact the ICO at: First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or https://ico.org.uk/.
15. contact us