For the purpose of the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2016 (the Law), the data controllers for any personal information that we hold about you are CITY WINE COLLECTION LIMITED, 2 Bridge Street, Richmond Upon Thames, Surrey, TW19 1TQ, United Kingdom.
What personal data do we collect and why?
We collect, process and retain personal information from you and any devices you may use when you navigate to the CITYWINECOLLECTION.COM website or mobile view, by transacting, by registering an account and otherwise interacting with us. The personal information we collect includes the following:
Managing cookies: most web browsers have cookies enabled; if you’d prefer to restrict, block or delete cookies from CITYWINECOLLECTION.COM, or any other website, you can use your browser to do this. Each browser is different, so check the Help menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.
Under the Law, we must have a legal basis to process your data. In most instances, we will process your data because we have a contract with you to deliver your purchases, or to provide you with other services that you have requested:
How long do we keep your data?
We will not retain your personal data for longer than is necessary to fulfil the purposes for which you provided that personal data, unless the law permits or requires that we retain if for longer. The retention period varies depending on the purpose of the processing. For example, the data collected during your purchase of goods are retained in accordance with local tax law (seven years in the UK), whilst data used to send you our marketing communications are retained until you ask to be unsubscribed.
We use and retain your personal information to prevent, detect, mitigate and investigate fraudulent or illegal activities. We retain your personal information as long as it is necessary and relevant for our operations. In addition, we may retain personal information from closed accounts to comply with legal requirements, prevent fraud and resolve disputes. After it is no longer necessary for us to retain your personal information, we dispose of it securely according to our data retention and deletion policies.
The General Data Protection Regulation provides for rights of access, modification and deletion of your personal information. The GDPR provides you with the following rights:
Disclosure and security
We protect your information using measures that reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We minimise the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specified purpose.
In so doing we may disclose your personal information to authorised third party service providers who help us to provide our services such as:
Where legally compelling grounds exist, we may also disclose your personal information to governmental and law enforcement agencies, and otherwise in the defence of legal claims.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We do NOT share or disclose your personal information to third parties for marketing purposes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us:
You can find more information about GDPR and your rights on the UK Information Commissioner’s Office (ICO) website at https://ico.org.uk/concerns or by calling their helpline on 0303 123 1113.