www.cigar-box.co.uk (“Website”) is owned and operated by The Dormant Distillery Company Limited, a private limited company registered in Scotland (company number SC172078), whose registered office is 66 Tay Street, Perth, Scotland, UK, PH2 8RA (the “Company”).
This Privacy Policy (which forms part of our Terms and Conditions) details how your personal data is collected and explains our data processing practices with regard to the Website. Other websites to which this Website links are not covered by this policy and you should read their privacy statements to find out about their processing.
What is Personal Data?
Personal data can be anything that relates to a living person. It includes obvious things like your name and address and date of birth but also includes things you might not think about, like your car registration number or your employee number.
Some information is deemed to be ‘special’ and needs more protection because of its sensitivity. Data Protection Law considers this type of information as information about your race, ethnic origin, your religious, philosophical or political beliefs, trade union membership, genetic data, biometric data, health information or information about your sexual orientation or your criminal history. We don’t generally process information that comes into the ‘special’ category via the Website.
We are required by law to treat all of your personal information legally and fairly.
What personal data we collect
When you visit us at The Cigar Box, in-store or online, we ask for, and collect, personal information to fulfil your order, correspond with you and for our operational business.
• Your name, billing and delivery address, telephone number, email address, payment or bank details for your order or enquiries.
• Details of your transactions, including purchases and refunds.
• Email address to receive service notifications, electronic receipts for in-store purchases, and marketing you have consented to
• IP address(es), device and browser information, and any cookies and similar technologies you have opted in to or are that are essential to use our website as well as looking at how our customers use our site when they visit us.
• Passwords for any accounts that you create with us.
We may collect your personal data in one or more of the following ways:
- directly from you when you raise a query with us;
- directly from you when you make a payment through our Website;
- from the devices you use when you use our service via Cookies; or
- directly from you when you consent to marketing.
Your email address is requested when you sign up to receive our email newsletter. If you sign up to our newsletter, we may also track information and data from marketing emails or emails sent under legitimate interest such as open and click-through-rates to help us improve our service to you.
We may also collect, and third-party providers of advertisements may also collect, information regarding your visit to www.cigar-box.co.uk. This may include where you are geographically, how you were referred to us (eg search engines, social media or email marketing), your browser and device type, the pages you viewed and duration of your visit and any search terms used. This information may be collected, even if you do not register an account with us.
Anonymous website usage is gathered using cookies. For more information on cookies as well as an exhaustive list of cookies we collect see the Cookies section.
How we use your personal data and our legal basis for processing it
We ask you for this information so that we can make your shopping experience as easy and enjoyable as possible and to offer you benefits of having an account with us or receiving marketing communications if you choose to. This information is processed under lawful basis in the following ways, please note this is not an exhaustive list:
Legal Basis |
|
Contract |
To process and fulfil your order(s). This includes delivery, payment and returns and to communicate order and delivery updates to you. |
Contract |
To assist in the detection and prevention of fraud
|
Contract |
If you have created an account, to manage your account details.
|
Consent |
If you have opted-in to our marketing communications, to send special offers, emails and promotions that may be of interest to you (you can opt out of receiving these at any time).
|
Legitimate Interest |
To deal with enquiries such as if you fill out a “Contact Us” form, we will use this personal data to respond to your enquiry.
|
Legitimate Interest |
For analysis to continuously improve The Cigar Box website to improve your experience with us.
|
Cookies
Our Website uses cookies. A cookie is information that a website can transfer to the cookie file of your browser on your computer’s hard drive, so that the website remembers who you are. A cookie will normally contain the name of the domain, the lifetime of the cookie and a unique randomly generated number. We use cookies so that we can provide you with a good experience when you visit our Website and it also allows us to improve our Website.
You can disable cookies on your computer by modifying the settings on your browser. However, disabling Cookies may affect various services offered by www.cigar-box.co.uk. More information can be found at our Cookies policy.
Marketing & Communications
You can sign up to receive marketing communications through our online sign-up form, when you create an account, during the checkout process online or when you opt for an e-receipt in-store.
If you have consented to this at the point of collecting your data, we will add you to our marketing database and send you marketing materials from time to time according to your preferences. You have the right to withdraw your consent at any time by contacting [email protected] or by unsubscribing directly from the email.
We may collect data through cookies or other similar technologies for marketing purposes when you use, access or interact with our website. You can find out more information and manage your settings in our Cookies Policy.
Disclosure of your personal data
The Dormant Distillery Company has not and will not, sell any personal data to third parties.
We disclose information within the Vintage Saga family of companies. We share all categories of information with our parent company and subsidiaries. These related entities include Royal Mile Whiskies, Drinkmonger, The Cigar Box, Whisky Auctioneer, Wine Auctioneer, Rum Auctioneer and Bright Spirits. This includes future related companies.
We will not pass your personal data to anyone else outside The Cigar Box without your permission, except;
- (i) Where we are obliged by law or regulatory obligation we are subject to
- (ii) As an essential part of being able to provide the relevant services to you we share your data with trusted third parties: payment processors and providers, associated credit and fraud check agencies, delivery companies, couriers and order fulfilment service providers, data analysis, email delivery, web hosting services, customer service and marketing efforts.
- (iii) in order to enforce or apply our terms and other agreements with you
- (iv) to protect the rights, property, or safety of our customers or others (including exchanging information with other companies or organisations for the purposes of fraud prevention and credit risk reduction)
- (vi) in the event of a valid dispute between buying and selling customers about the quality, description or non-delivery of an alcohol product purchased through our website, we may disclose the seller’s information to the buyer to facilitate the resolution of the dispute. Our lawful basis for processing personal data in this way is that it is in the buyer’s legitimate interests; and
- (vi) where some or all of our assets are purchased by a third party.
Where we store your personal data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the personal data we collect via our Website.
Some of these measures include:
- using a reputable, accredited data centre in which to store your personal data;
- making sure the security within our office is stringent;
- making sure our staff and the staff of any third parties we use are subject to confidentiality obligations;
- providing staff with appropriate training in data protection;
- encrypting our services and data;
- reviewing our processes and activities regularly to make sure they are fit for purpose;
- restricting access only to those employees who need to know the information in order to deliver the service; and
- applying formal risk management to all of our activities.
All personal data you provide is stored on The Cigar Box’s secure servers which are currently based in Ireland. Any payment transactions will be encrypted using SSL Technology. Where you have been provided or where you have chosen a password, User ID or PIN, you are responsible for keeping this information confidential. Do not share these credentials with anyone.
You accept that the transmission of information via the Internet is not completely secure. Whilst The Cigar Box will do the utmost to protect your personal data we cannot ensure the security of your data when being transmitted to our site. Any transmission is undertaken entirely at your own risk. Once your information has been received, we will use strict procedures and security features to try and prevent any unauthorised access.
Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data. As above, we cannot be held responsible for the security of your personal data collected by websites that our site may link to. Such third parties have their own privacy notices and you should read these carefully.
For the avoidance of doubt, we will never sell your information or disclose it for direct marketing purposes, unless you have explicitly consented to this.
Will we transfer your personal data outwith the EEA?
If you have an online account with us, you can access this information (if you log into your account) from outside of the EEA, which technically means this is transferring your personal data outside of the EEA. However, it will only be accessible by you and you should keep your password safe and secure. You acknowledge that this is necessary for the performance of the contract you have with us.
To deliver your goods that you have purchased, we require you to provide your name and address to the courier services we use. If you are located outwith the EEA, this will involve an international transfer of your personal data. You acknowledge that this is necessary for the performance of the contract you have with us.
Also, some of our suppliers are based outside of the EEA e.g. the United States. We only use suppliers that we trust therefore in addition to having an appropriate supplier contract in place obliging them to keep your data secure, we shall also ensure any international transfer of personal data is in compliance with the requirements of GDPR. Key suppliers that are based outside of the EEA are:
- SendGrid – we use them to send transactional emails on our behalf and their servers are based in the US. To ensure they have adequate security in place, SendGrid is a certified participant of the EU-US Privacy Shield.
- Klaviyo – we use them to send marketing emails on our behalf and their servers are based in the US. To ensure they have adequate security in place, Mailchimp is a certified participant of the EU-US Privacy Shield.
How long we will keep your data for
We will follow our retention policy when assessing how long to store your personal data and shall only keep the information for as long as is legally or legitimately required to provide you with the requested information or service in line with this policy.
Your rights
You have the following rights:
- You can withdraw your consent (where processing is based on consent), seek to restrict our processing of your personal data or, ask us to rectify any personal data we hold about you at any time by contacting us at [email protected]. If you withdraw your consent it does not effect the legality of the processing carried out by us before your withdrawal.
- You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/.
- You have the right to access personal data held by us about you. You can access your personal data and correct, update or delete it at any time by contacting us at [email protected] We will then provide you with a copy of all your personal information that we hold about you. Please be aware that there may be a small admin charge in cases of large or complex data requests.
- In certain circumstances you have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to allow you (or us on your behalf) to transmit this information to another party.
- In certain circumstances you have the right to ask us to erase the personal data we hold about you. Such circumstances include; (a) where we no longer need your personal data for any purpose; (b) if you withdraw your consent to our processing; (c) if we process the data unlawfully; or (d) where the personal data has to be erased to comply with legal obligation to which we are subject. To do this, you should submit a formal request of erasure to us by contacting us at [email protected]. We will consider any such request in line with Data Protection Law. Please note this is not an absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you. More information about your right of erasure can be found at https://ico.org.uk
- You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Other Websites
Our website may contain links to and from other websites. This privacy policy only refers and applies to this website, www.cigar-box.co.uk, so please note that we do not accept any responsibility or liability for other websites policies. If you click a link to visit another website you should read their own Privacy Policy.
Amendments to Privacy Policy
The Cigar Box reserves the right to amend this policy at any time. If amendments are made they will be published on www.cigar-box.co.uk. Please check back frequently to see any updates or changes to our privacy policy.
How To Contact Us
Please contact us if you have any questions about our privacy policy or information we hold about you:
By email – [email protected]
Or write to us at: The Cigar Box c/o The Dormant Distillery Company Ltd., GDPR Team, Unit 7, 27 Beaverhall Road, Edinburgh, EH7 4JE