Privacy Policy

 

Distell International Limited (“the Company”) Privacy Policy

Welcome to the Company’s Privacy Policy.

 

The Company respects your privacy and is committed to protecting your Personal Data. This Privacy Policy will inform you as to how we look after your Personal Data when you visit our websites (regardless of where you visit from) and tell you about your privacy rights and how the law protects you.

 

  1. IMPORTANT INFORMATION AND WHO WE ARE

 

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how the Company collects and processes your Personal Data through your use of our websites, mobile applications, our pages on social networks, online forms and whenever else you communicate electronically with us (our “Digital Services”), including any data you may provide through this website when you sign up to our loyalty programmes, purchase a product or service or take part in a competition.

 

Our Digital Services are not intended for children and we do not knowingly collect data relating to children. You must be at least eighteen years of age (or if the legal drinking age where you live is higher, you must be at least that age) to create an account and engage in activities and transactions on our Digital Services.  By creating an account or engaging in activities or transactions, you confirm that you are at least eighteen years of age (or if the legal drinking age where you live is higher, you must be at least that age) and are fully able to enter into, comply with and be legally bound by any terms of use made available to you and this Privacy Policy.  If we are notified or learn that a Minor has submitted Personal Data to us through our Digital Services, we will delete their Personal Data.

 

It is important that you read this Privacy Policy so that you are fully aware of how and why we collect, store, use and share your Personal Data.  The Privacy Policy also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint.

 

Who We Are

Our Digital Services are operated by a member of the Distell Group of companies, namely Distell International Limited, registered in Scotland with company number SC109881 and having its registered office at 8 Milton Road, College Milton North, East Kilbride G74 5BU.

 

All references to “we”, “us”, “our” or “Company” in this Privacy Policy, are deemed to refer to Distell International Limited, its subsidiaries, affiliates and/or associates as appropriate.

 

Distell International Limited is the Data Controller when processing your Personal Data in the conditions described in this Privacy Policy, which includes any Personal Data you submit to this website or any other website that links to this Privacy Policy, such as a microsite that we use to run a promotion or competition (“the Website”).

 

Changes to the Privacy Policy and Your Duty to Inform Us of Changes

We keep our Privacy Policy under regular review. This version was last updated on 1st January 2021.  It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

 

Third-Party Links

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

 

  1. THE DATA WE COLLECT ABOUT YOU

 

Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

 

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

 

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

If You Fail to Provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

  1. HOW YOUR PERSONAL DATA IS COLLECTED & USED

 

We use different methods to collect data from and about you including through:

 

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:

 

  • apply for our products or services;
  • create an account on our website;
  • subscribe to our service or publications;
  • join a loyalty programme;
  • book a tour;
  • use a QR code displayed on products;
  • visit a brand website;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey;
  • give us feedback or contact us; or
  • undertake any other request that requires the submission of Personal Data.
  • Automated technologies or interactions. As you interact with our Website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.  In addition, we receive IP addresses from all users because this information is automatically reported by your browser each time you view a web page.  For most users accessing the internet, the IP address will be different every time you log on.  An IP address is a number used on a network to identify your computer every time you connect to the Internet. We may keep track of Internet Protocol (IP) addresses to, among other things (i) troubleshoot technical issues, (ii) maintain website safety and security, (iii) restrict access to our Digital Services to certain users, (iv) track location and behaviour, analyse, segment and target advertising to customers, and, (iv) better understand how our Digital Services are utilised e.g. using Google Analytics.  IP addresses are generally recorded in files called “log files”.
  • Third parties or publicly available sources. We also receive Personal Data about you from various third parties and public sources. We will only obtain such information where we have your consent and/or another legal ground to do so.  This information may come from:

 

  • Publicly accessible sources, e.g. the Electoral Roll or Companies House;
  • Credit reference agencies;
  • Customer due diligence providers;
  • A bank or building society (with your consent);
  • Other third party websites we have partnered with.

 

We, or a third party on our behalf, may collect and use your mobile/computer/tablet device ID to provide a more tailored browsing experience, to alert you to nearby events or promotions and for reporting and analysis.  We, or a third party on our behalf, may collect information in the form of log files that record activity and gather statistics about browsing habits.  These entries are generated anonymous, and help us gather, among other things, (i) your web browser type and operating system, (ii) information about your session (such as the URL you came from, the date and time you visited our Digital Services, and which pages you have viewed and for how long), and, (iii) other similar navigational or click-stream data. We also use log file information for our internal marketing and demographic studies, so we can constantly improve and customise the online services we offer you. Log files are only used internally, and are not associated with any personally identifiable individual.

 

  1. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

 

Under data protection law, we can only use your Personal Data if we have a proper reason for doing so, e.g. (i) to comply with our legal and regulatory obligations; (ii) for the performance of a contract with you or to take steps at your request before entering into a contract; (iii) for our legitimate interests or those of a third party; or (iv) where you have given consent.

 

Generally, the information we collect is only used for any purpose for which you submitted it to us, for any purpose made clear to you at the point it was collected or here in this Privacy Policy. These purposes may include:

 

  • When you register or sign-up via our Digital Services: the Personal Data you give is used to provide you with the benefits that typically come along with registration. This includes information on the products and brands that you have signed up to (and, if you have opted-in, to receive information about other Distell products), the ability to send, receive and personalise communications you select at the time of registration or that automatically come with your registration, e.g. subscription to a newsletter, creation of an account, participation in a sweepstake or contest, invitation to or attendance at an event organised by us or on our behalf;
  • When you are selected or invited to attend an event we will use your Personal Data to provide you with details, tickets and entry information and to provide the organisers with information to allow them to verify your attendance;
  • When you enter a sweepstake or contest we use your Personal Data to identify unique entrants and to inform winners and others of the outcome;
  • When you use the ‘Send to a friend’ feature, Personal Data for one-time use (typically, names and email addresses) is used only once e.g., to send a message, and is not retained by us;
  • When using e-commerce on some of our websites, we, or a third party on our behalf will use your Personal Data to create your account, facilitate the purchase process, manage your order and deliver your products under the contract you have with us, or the third party, and to understand your purchase history. We may use automated or technical solutions to detect fraudulent activity or payment and this may include profiling based on automated decision making;
  • When you use a QR Code or equivalent feature displayed on our products: we use your Personal Data to send you more information on the products where the QR code or equivalent feature was displayed or other Distell products (if you opt-in to receive that information);
  • When you submit Personal Data on the iPads or other mobile devices available in the Distillery Visitor Centres, this is used to send you more information on the relevant products;
  • Feedback, questions, or comments through our ‘Contact Us’ form, if you contact us via an online contact form, your information is used to respond to your inquiry or comment;
  • When you submit your Personal Data, you may also be given the option (through a tick box or other consent mechanism) to have your information used for an activity or service different from the one you are requesting. For example, if you enter a contest to win a prize, you may also be invited to sign up for a newsletter about other products. If you choose to have your information used for another activity or service in this way we will use your information to provide them to you.

 

In addition, when you submit your Personal Data, you may be given the option (through a tick box or other consent mechanism) for your information to be used for other Distell products. If you choose this option we (and other Distell Group affiliates) will use your information to provide you with information and promotions regarding other Distell products.

 

We may also use your email address to send you transactional or administrative communications such as confirmation emails when you sign up for, or unsubscribe from, a specific registration or activity. We may also use it for certain service-related announcements, such as updates to our Privacy Policy, discontinued features or programs on our Digital Services, changes to our online services or technical support policies.

 

We retain your Personal Data in our global consumer database which allows us to ensure that your Personal Data remains accurate and up to date and to share your Personal Data with appropriate Distell group affiliates. To avoid duplication in our database, we may use information about each of your interactions with one of our Distell Group affiliates to check whether your Personal Data is still accurate. We will use that information to complete, enhance or update your Personal Data with the additional information you might have provided.

 

Subject to applicable laws, this may include occasionally combining, updating, or otherwise enhancing the Personal Data collected through our Digital Services with anonymised data we get from outside records or third parties. For instance, we may combine purely demographic or survey information, e.g. age, gender, household information, and other interests, not linked to any personal information about you with Personal Data collected in other cases such as during account registration.

 

We may also use your Personal Data, the combined information referred to above and/or demographic information for our internal marketing, segmentation, analysis and demographic studies. This helps us to constantly improve, personalise, and customise the products and services we provide.

 

Legitimate Interests – Managing our Business

In relation to a number of uses of Personal Data we refer to above we are doing this on the basis that it is in our legitimate interests – or those of a third party – for us to do so. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. These interests cover a number of aspects of our business operations, namely:

 

  • Ensuring that we are as efficient as we can be so we can deliver the best Digital Service and products for you that we can and understanding our customers and the users of our Website;
  • To allow us to provide bespoke Digital Services and products where requested by you, to personalise your experience and to tailor the content, offers and promotions we send to you promoting our products and services;
  • Protecting our commercially valuable information and also our intellectual property;
  • Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
  • For credit control purposes and to make sure our customers can pay for the products we provide;
  • Understanding how our business is performing and considering how to improve our performance; and
  • Ensuring we are able to keep up to date with our customers and contacts and developments in their organisations.

 

Promotional Communications

We may use your Personal Data to send you updates, by email, text message, telephone or post, about our products and Digital Services, including exclusive offers, promotions or new products and Digital Services.

 

We have a legitimate interest in processing your Personal Data for promotional purposes. This means we do not always need your consent to carry out promotional activities. However, where consent is needed, we will ask for this consent separately and clearly.

 

Opting Out

You have the right to opt out of receiving promotional communications at any time using the ‘unsubscribe’ link in emails; or using the ‘STOP’ number in texts.

 

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or Digital Services in the future, or if there are changes in the law, regulation, or the structure of our business.

 

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product purchase, product service experience or other similar transactions.

 

  1. DISCLOSURES OF YOUR PERSONAL DATA

 

We will never share your Personal Data with any third party that intends to use it for direct marketing purposes, unless we have specifically told you and you have given us explicit permission to do this.

 

We may share your Personal Data with affiliates within the Distell Group. The purposes are explained in paragraphs 2, 3 and 4 above. The information we collect as described in this Privacy Policy may come from the entity to which you provide it but may also be made available, subject to your consent, through such entity to other affiliates of the Distell Group to provide you with news and promotional information about their products or programs you have shown an interest in.

 

If you wish to withdraw your consent to such sharing and use of your information, please address your request as indicated in paragraph 9 of this Privacy Policy. Please tell us if you are withdrawing your consent for us to share your Personal Data with all of the affiliates in the Distell Group to provide you with news and promotional information or just some of those affiliates (and, in that case, please indicate which ones).

 

We may also share your Personal Data with other third parties, but only in the following circumstances:

 

  • We may use third parties to help deliver our products or Digital Services to you, e.g. payment service providers, warehouses and delivery companies;
  • We may share your Personal Data with social media providers such as Facebook, Twitter and Instagram, in which case email addresses will be uploaded then hashed, e.g. where you are a registered user of Facebook, we will use your email address in an encrypted format to enable Facebook to find other registered users of their services that share similar interests to you based on: (i) information that we observe about you from your different interactions with us; and (ii) the information Facebook holds about you;
  • We may share your Personal Data with third parties who provide programmatic advertising services to serve you with relevant advertising;
  • We may use service providers, agents or contractors e.g. marketing and digital agencies to support the internal operation of our Digital Services, and to assist us with administering them or the various functions, programs and promotions available on them. Any such third party must provide appropriate levels of security for your Personal Data and, where required, are bound by a legal agreement to keep your Personal Data private, secure and to process it only on our specific instructions;
  • When we run a joint or co-sponsored program or promotion on our Digital Services with another company, organisation, or other reputable third party, we may collect and process Personal Data and share it with that partner or sponsor as part of the event. If your Personal Data is being collected by, or is shared with, a company other than one that is part of the Distell Group as part of any such promotion, we will let you know at the time it is collected;
  • When we run a promotion in partnership with a third party outside the Distell Group, we may provide a separate link to their privacy policy which you should read before you share any Personal Data. The operators of other sites may collect information from you, which will be used by them in accordance with their own data protection policy or privacy policy. If you do not want your information to be collected by or shared with a company other than the Distell Group, you can choose not to opt in or participate in these events at the time the Personal Data is collected or requested.

 

We may also disclose your Personal Data if we are required to do so by law or by law enforcement agencies or regulatory bodies, or if such action is necessary to comply with legal or regulatory processes, or to protect or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity to comply with our audit and security requirements or to audit compliance with our corporate policies, procedures, legal or contractual obligations.

 

In the event of a merger or acquisition of all or part of us by another company, or in the event that we were to sell or dispose of all or a part of our business. In this case the acquirer would have access to the information maintained by us, which could include Personal Data, subject to applicable law. Similarly, Personal Data may be transferred as part of a corporate reorganisation, insolvency proceeding, or other similar event, if permitted by and done in accordance with applicable law.

 

We may share aggregated demographic or survey information with third parties, but this information is in anonymous form and does not contain any Personal Data. The aggregate information that we share may include anonymous information that is captured through the use of cookies and other similar tracking technology, as explained in paragraph 2.

 

 

  1. INTERNATIONAL TRANSFERS

 

The Distell group operates globally and your Personal Data may be transferred across international borders. It may be transferred to and stored at a destination outside the country in which you reside, including countries that have less strict or no data protection laws, when compared to those in your country. Your Personal Data may also be transferred between different companies of the Distell Group located in different countries.

 

Whenever we transfer your information as described above, we will ensure the transfer complies with data protection law both during transit and at the storage location and all Personal Data will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission.  If you are located in the EEA, you may contact us using the contact details below for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

 

  1. DATA SECURITY

 

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so as promptly as possible.

 

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure, e.g. if you feel that the security of any account you might have with us has been compromised, please immediately notify us of the problem by contacting us at the contact details below.

 

  1. DATA RETENTION

 

How Long will we Retain your Personal Data?

We may store the Personal Data that you send to us via our Digital Services in our databases. We will not retain your Personal Data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of Personal Data.

 

We retain your Personal Data as long as your account is active, for the duration of a contract with you or however long it takes to provide you with the products or services requested, to answer queries or resolve problems, to show that we treated you fairly, to keep records required by law and to improve or offer new services.

 

We may also need to retain your Personal Data to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and similar records management purposes.

 

We may also retain your Personal Data for a reasonable period after you stop using our services or our Digital Services. After this period, your Personal Data will be deleted from all systems in the Distell Group.

 

If you ask us to delete your information in accordance with your rights set out in paragraph 9 below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.

 

Interfaces with Third Party Websites and Services

Our Websites may contain links, references and content from other websites and services outside of our control.  Please be aware that we have no control over these websites and our Privacy and Cookie Policies does not apply to them.  We will not be liable to you for any issues arising in connection with their use of your information and we encourage you to read the Privacy and Cookie Policies and Conditions of Use of any linked, referenced or interfacing websites and services you visit or use.

 

  1. YOUR LEGAL RIGHTS

 

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data.

 

You have the following rights, which you can exercise free of charge, by asking us to:

 

  • provide a copy of your Personal Data (the right of access);
  • correct any mistakes in your Personal Data;
  • delete your Personal Data – in certain situations;
  • restrict processing of your Personal Data – in certain circumstances, e.g. if you contest the accuracy of the data;
  • provide you with a copy of the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.

 

You can also object:

 

  • at any time to your Personal Data being processed for direct marketing including profiling;
  • in certain other situations to our continued processing of your Personal Data, e.g. processing carried out for the purpose of our legitimate interests.

 

If your Personal Data has been processed on the basis of your consent, you can withdraw your consent at any time.  We hope that we can resolve any query or concern you may raise about our use of your information. You also have the right to complain to the supervisory authority in the European Union where you work, normally live or where any alleged infringement of data protection laws occurred.

 

If you would like to exercise your right to object to direct marketing please use the link to unsubscribe on emails or contact us at the below email address.

 

If you would like to exercise any of your other rights, please email us on data.privacy@distellinternational.com.

 

Your objection, or withdrawal of consent, may mean we cannot provide the products or services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your Personal Data if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

 

If you participated in a program that involved a third party and you agreed to receive communications from that third party, you will need to contact them directly to opt-out. This process should be outlined in the third party’s privacy policy.

 

  1. HOW TO CONTACT US

 

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy.  If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

 

Full Name of Legal EntityDistell International Limited
Name of Data Privacy ManagerNwavudu Ekebuisi
Email Addressnwavudu.ekebuisi@distellinternational.com
Postal AddressAvalon House, 72 Lower Mortlake Road, Richmond, Surrey, TW9 2JY
Telephone Number01355 260999

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.