Any queries regarding data protection compliance, should be directed to the HR team. There is a mailbox called email@example.com, for all data protection compliance queries. Questions about this policy, or requests for further information, should be directed to this mailbox, and will be answered by the HR team.
What information does the Company collect?
The personal information we collect about you will depend on the products and services you receive from us.
We may collect and process your personal data in the following ways:
Information you give us
You may give us personal information by filling in forms, or by corresponding with us by phone, email, letter or otherwise. The information given may include your name, address, work address, email address and phone number.
We do not take debit or credit card payment information from you in any format, either by phone or in writing. If you purchase goods and services from us, you will be directed to an independent payment website where payment will be taken without us being party to your payment details.
We may collect information about your trading history, such as your purchasing preferences, product details, service visit details, surveys, and the products and services you use, with us and within the drinks industry.
If you are a company trading with Innserve, we may also process credit rating information for you (which we will acquire from credit reference agencies).
We also collect information about your communications with us.
You may also provide information voluntarily when completing surveys, providing feedback or when you request additional services. We collect this information based on you giving your consent by participating.
Information we collect about you
We may gather information about you during the course of our business transaction with you. This may include information we collect about your purchases, bar and cellar configuration, bar and cellar records, surveys and information about products and services you use, as well as how you use them.
Information about you from other organisations
We may gather information about you from our business partners, business directories, credit reference companies, and other companies and contacts within our industry.
Sensitive Personal Data
We do not hold any special categories of personal data about you. To clarify this may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health, or sexual orientation (this list is not exhaustive).
We do not carry out any direct marketing at any time.
Why do we hold this information?
We may hold this information about you to allow us to fulfil our contractual obligations that we may have with you or your suppliers.
In some circumstances there may also be a legal obligation for us to hold and process data, for example in relation to Code of Practice Certificates on safety valves, or health and safety instances that have happened when we’ve been working out in trade.
Some personal information, such as those detailed above is also needed to allow us to provide you with the goods and services you require from Innserve. If we did not hold this information, we may not be able to provide products and services that you might request.
How do we use your information?
We will use your personal data for the following purposes:
- To process and respond to requests, enquiries and complaints received from you
- To provide products and services requested by you (either directly or through one of our business partners)
- To carry out credit checks and to take payments when you are purchasing goods and services from us directly.
- To communicate with you about services provided to you.
- To process payments
- To update our records
- To analyse trends and profiles
- For audit Purposes
- To carry out customer satisfaction research
- To improve our products and services
- To enable third parties to carry out any of the purposes above on our behalf.
- To ensure security for you and our employees, and help maintain service quality (calls to our customer service centre may be monitored and/or recorded for authentication, security, quality and training purposes);
- To segment our customer base and help us develop offers, products and services to provide you with the best customer experience.
- To create anonymous and aggregated reports about our customers. We may use information about your purchases, bar configuration and bar records, cellar information, surveys and information about products and services you use.
Who has access to your information?
Your information may be shared with employees and representatives of Innserve who are directly required to process your data, in order to undertake their day-to-day activities and to allow Innserve to fulfil any contractual obligation we have with you.
Why do we give third parties your data?
The Company may also share your data with third parties, such as suppliers, service providers, IT suppliers etc. Third parties may deliver some of our products to you or provide all or part of the service requested by you. In these instances, while the information you provide will be disclosed to them, it will only be used for:
- The administration and provision of the relevant product or service
- Maintaining management information for business analysis
These third parties have to follow our express instructions in respect of the use of our personal information and they must comply with appropriate security measures to protect your personal information.
We are responsible for ensuring these third parties follow data protection legislation.
We will disclose or share your personal data if we are under a duty to do so in order to comply with any legal obligation, or in order to enforce our contractual rights or other agreements. We may be required to do so to protect the rights, property, or safety of Innserve, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may give information we hold about you to third parties as part of the process of selling one or more of our businesses, in which case we may provide your information to a prospective buyer.
Where do we store your personal data?
Data will be stored in a range of different places, including on our secure servers.
Any new information you provide to us may be used to update an existing record we hold for you.
If you provide us with a work email address, we won’t be responsible for third parties (who are authorised to access your work email address) having access to any communication we send.
The Company will not transfer your data to countries outside the European Economic Area.
We may record telephone conversations between our employees and customers to monitor quality, provide training, sort out disputes and prevent criminal activity. We do this because we have a legitimate interest in doing these things and we have put measures in place to ensure that your privacy is protected. Any data from recorded call will be held for a maximum of 365 days before being deleted.
How does the Company protect data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, with companies who are under a duty of confidentiality and are obliged to implement appropriate processes and technical measures to ensure the security of data.
Data transfer and storage is handled securely to avoid information loss, misuse or alteration of information that we have collected from you.
We regularly review our information collection, storage and processing practices, including physical security measures.
For how long does the Company keep data?
The period of which we keep your information depend on the purpose for which your information was collected and the use to which it is put. We will not keep your personal information for longer than necessary for our business purposes or for legal requirements.
Some account information will be held securely for a minimum period of six years but some details, such as contact details specific to work we are doing for you at this time, will only be held for up to maximum of 90 days before being deleted.
Any data from recorded calls will be held for up to 365 days before being deleted.
Links to other websites
Our site may, from time to time, contain links to and from other external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We want to make sure that any personal information we hold about you is up to date, so if you think your personal information is inaccurate, you can ask us to correct or remove it at any time.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the Company to change incorrect or incomplete data;
- require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact us by emailing firstname.lastname@example.org
What if you ask us to stop processing your information?
Where data is processed only on the basis of consent, you can withdraw your consent at any time. However, this does not affect the lawfulness of any processing carried out before you notify us that you have withdrawn your consent.
Where we have another legal basis for processing your data, we may be able to continue to process this even if you do not consent to it. This policy contains information about processing which is not carried out on the basis of consent, and what our reason for this processing is.
We also have no obligations to stop using your data if it is required for legal proceedings or the establishment, exercise or defence of legal rights.
Where we process data on the basis of legitimate interests you have a right to object to this. We will restrict what we do with your data while we consider this request and will stop processing the data if we cannot show overriding legitimate grounds for processing the data.
What if you ask us to delete information about you?
Where data is being processed only on the basis of consent, and you withdraw that consent you also have the right to ask for the data to be deleted.
You have the right to ask for data to be deleted where the data is no longer necessary for the purposes for which it was collected, or if they are being processed unlawfully. You can also ask for data to be deleted if you successfully object to processing based on our legitimate interests.
This right does not apply to all information about you – for example information is not covered by this provision where it is necessary for us to retain the information for the purposes of the contract between us. Information required to establish, enforce or defend our legal rights or which is required for compliance purposes also does not need to be deleted.
How can I complain about how you use my data?
If you are unhappy with the products or services that we have provided you with or are dissatisfied with the handling of your personal data, you can email us at email@example.com
You may also refer your complaint to The Information Commissioner.
We do not make any autonomous decision-making using your data.