The type of personal information we collect
We keep the amount of data we collect to a minimum, only collecting enough to perform the functions described above. The information we collect is limited to the following:
- Personal Identifiers and contact information, such as title, name, addresses, phone numbers and email address.
- Transactional data, such as your order history, the wines you have stored with us, or your attendance at any our events, courses, or webinars.
- Marketing and communications data, such as your preferences around when how you want to hear from us and what you want to hear from us about, as well as details of when you open marketing emails, and which links you access.
- Feedback information, such as how you rated our products or customer service, or your responses to surveys/market research.
- Dietary information.
- Social identifiers, such as age, gender, socio-economic status.
- Functional data such as registration and system data, as well as additional usage data.
- Payment information and bank details.
Before you register with Cava Spiliadis for access to services or transactional areas of our website, you can browse our website anonymously and we will not collect your data. Once you are registered and logged into your account, we may collect the following:
- Technical information, including online identifiers, such as IP Address, browser type and version, time zone and location and operating system.
- Information about your visit, such as times and location of log on or access, duration of sessions, clickstream and similar usage or system data.
How we collect your personal data
Most of the personal information we process is provided to us directly by you, either via our website, or through correspondence via email, phone, or post. We will collect your personal data when you:
- Make an enquiry or purchase our products and services.
- Visit our website or register for an online account.
- Sign up for a ballot or prize draw, either using an online form or via social media.
- Attend an event, experience or private dinner, join one of our online experiences, or login to our guest WiFi.
- Register to receive our newsletter or blog updates.
- Provide feedback on our products or services or complete a survey/market research questionnaire.
- If you speak to someone in our contact centre, we may record the telephone call.
- If you visit one of our shops, events spaces or offices, your image may be recorded on CCTV, which is in operation for the safety of our staff and customers.
Finally, we also receive personal information indirectly, from the following sources in the following scenarios:
- When processing gift requests from customers where you are the recipient.
- When you are referred to us via a referral scheme.
- From third parties who we have partnered with to deliver a product or service (you will always be informed if this is the case).
- Personal identifiers or contact information from publicly available sources or data brokers.
What we use your personal data for
We use your personal data not only to provide you with products and services, but to ensure that you receive the best possible experience and to improve and develop what we offer. More specifically, we use the information that you have given us in order to:
- Fulfil contracts, orders and collect payment.
- Resolve customer queries and complaints, monitor quality, and provide training to our staff.
- Send you marketing communications, primarily via email but from time to time also by phone or post. If you wish to stop receiving some, or all, of our marketing communications, you can unsubscribe by going to the Your Preferences section in your online account and changing your ‘Mailing Preferences’, follow the instructions included in the footer of our emails or contact firstname.lastname@example.org.
- Send you service-related emails relating to wine you have stored with us or how your account may be used or managed.
- Improve your experience of our products and services and for product development.
- Detect and prevent faults, breaches of our network security, the law or our contract terms.
- Contact you to obtain feedback or perform market research.
We work with a small number of trusted third-party suppliers, such as logistics partners who help deliver our wine to you, or a digital agency who help maintain our website. We only enter into partnership with suppliers who sign data protection agreements limiting their use of personal data to fulfil their role, and we only ever share the minimum amount of data that they need.
We occasionally enter into event-based marketing agreements with other leading wine and spirits organisations where we are joint controllers. This means that both organisations are jointly responsible for your personal data, and we are required to share it with them if you register for qualifying events. We will always let you know about this before you share any data with us and provide instruction on how you can request a copy of the agreement for your information.
We do not share your personal data with anyone else unless required to by law, and we never sell your personal data.
Upon request, and when relevant to a service you use, we can provide details of which third parties we work with.
The UK General Data Protection Regulation (UK-GDPR) requires that we always have a lawful basis before processing your personal information.
Therefore, we will only process your data if we have a contractual or legal obligation, a legitimate interest or where we have your consent. You can remove your consent at any time by contacting email@example.com.
How we store your personal information
The safety of your personal information is paramount, and therefore we take every reasonable precaution when it comes to how we store it.
We store the personal data you provide on cloud based or computer systems that have restricted user access and are in controlled facilities. When there is a need to transmit data over the internet, it is protected by encryption and or passwords. Where possible, we avoid storing paper records of personal data.
We have developed and implemented strict policies and processes governing information technology and data user behaviour. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage and back up, transmission standards and environment integrity. We use reasonable endeavours to install and have appropriate security measures in place in our systems and facilities to protect against the loss, misuse, or alteration of information that we have collected from you.
We will store your personal information for a minimum of six years plus the current financial year after your last transaction with us. This is because UK-GDPR requires wine and spirit businesses such as ours to keep all business records concerning excise goods for this time period.
We will keep records of transactions for longer periods, but we will ensure that the data is anonymised.
We retain call recordings for no longer than 18 months.
International Data Transfers
In some cases, we (or our third-party data processors) may need to store, transfer, or process your personal data outside of the UK or the European Economic Area (EEA). Where this happens, we ensure adequate safeguards are in place so that your data is protected in line with both the UK and EU GDPR. This will usually mean one of the following:
- The country that the data is being transferred to has been deemed as having an adequate level of protection by the European Commission and the UK Information Commissioner’s Office (ICO).
- We will put in place a contract with the recipient of your personal information that contains model clauses approved by the European Commission and the ICO.
Your rights regarding your personal information
We firmly believe that you should be in control of how your personal data is stored and used, and we will always happily honour all reasonable and proportionate requests from our customers. But it is important for you to know that data protection law provides you with the following legal rights:
- Your right of access - You have the right to ask us for a copy of all the personal information we hold on you.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you wish to make a request, then please contact us at firstname.lastname@example.org.
We will respond to any request as soon as possible but certainly within 30 days.
How you can contact us
You can get in touch with us by one of the following means:
- By Email: Via email@example.com or submitting a form via the Contact Us on our website.
How you can make a complaint
The best way to contact us if you have any concerns about how we use your data is by sending an email to firstname.lastname@example.org.
Whilst we would appreciate the chance to resolve your issues or concerns ourselves, it is important that you know you have the right to lodge a formal complaint with a supervisory authority at any time – in the UK this is the ‘Information Commissioner’s Office’, or ICO.
You can find out more about the ICO on their website: https://www.ico.org.uk
If you want to contact the ICO, you can call their helpline on 0303 123 1113 or write to them on the following address:
Information Commissioner’s Office
International Data Protection Regulations
For EU Citizens
Cava Spiliadis continues to be compliant with EU GDPR and EU citizens have the same rights as stated above. If you wish to contact us about exercising these rights, please email email@example.com.
If you wish to make a complaint however, you may prefer to contact a supervisory authority within the EU. Cava Spiliadis has a presence in the EU member state[s] of Greece.
Also, you can either contact The Data Protection Commission (DPC), the supervisory authority in Ireland, or the CNIL, the supervisory authority in France.
For California Residents
The California Consumer Privacy Act of 2018 (CCPA) gives California residents certain rights regarding the personal information that businesses collect about them. These rights are:
- The right to know about the personal information a business collects about them and how it is used and shared.
- The right to delete personal information collected from them (with some exceptions).
- The right to opt-out of the sale of their personal information.
- The right to non-discrimination for exercising their CCPA rights.
If you wish to contact us in order to exercise any of these rights, then please email us on firstname.lastname@example.org, referring to the CCPA. We will respond to your request within 45 days.
We never sell your personal data.
If you are a Cava Spiliadis customer, we will notify you of any changes which result in a significantly different or new use of your data and give you the option to agree to the new use.
The policy was last updated on 02/2022
What are Cookies?
A cookie is a small data file, typically containing letters and numbers, downloaded onto your device when you access our website. These cookies enable us to collect information about how our websites and services are being used and to manage them more efficiently.
You can disable cookies by modifying the settings in your browser. However, if you chose to do this you may not be able to use all of the features of our website.
Details of the cookies that we use, their purpose, and how long they are stored on your device, are set out in the table below.