Data Privacy Notice
1. Who we are:
1.1 This data privacy notice applies to SO Prosecco Limited of DMG House, Deansgrange Industrial Estate Deansgrange County Dublin. You can contact us at firstname.lastname@example.org
1.2 This Data Privacy Notice has been prepared in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (“GDPR”) and sets out how we collect, process, store and keep secure your personal data.
2. The information we collect
2.1 We may collect, record and use information about you in physical and electronic form and will hold, use and otherwise process the data in accordance with the GDPR and as set out in this notice.
2.2 We will collect your personal data when you register on our Website, place an order with us, subscribe to our newsletter or fill out a form. You may visit our Website anonymously.
2.3 We may share such data with other (for example third party delivery providers).
2.4 The categories of personal data that we may collect includes, but is not limited to:
2.5 If you fail to provide us with this information, or you object to us processing such information the consequences are that we may be prevented from processing your product order or continuing to provide all or some of our services to you.
4. How we use information about you
The personal data we collect from you may be used in one of the following ways:
If at any time you want to unsubscribe from receiving future emails, it will simply be necessary to email us at email@example.com
5. The legal basis for processing of personal data
5.1 As we are required to do we are setting out the legal basis upon which we may rely in order to lawfully process your personal data. In this regard we rely on one or more of the following:
5.2 Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.
6. Sharing your information
6.1 In the normal course of running our business and in connection with one or more of the purposes set out at clause 5 above, we may disclose details about you to some or more of the following recipients, or categories of recipients:
Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
7. Transferring your personal data outside the EEA
7.1 Information we collect will not normally be processed in or transferred to any country or territory outside of the European Economic Area (EEA). It may however be necessary to transfer your personal data outside the European Economic Area (“EEA”) in connection with the lawful basis for processing to jurisdictions which may have less stringent data protection laws.
7.2 When we, or our permitted third parties, transfer your personal data outside the EEA, we or they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA.
7.3 If we transfer your personal data outside the EEA in other circumstances (for example because we have to provide such information by law), we will put in place appropriate safeguards to ensure that your personal data remains adequately protected.
7.4 We may share anonymised and aggregated information with third parties for data analytics, research, and promotional purposes.
8. Protection of your Personal Data
8.1 The security of your personal data is important to us. We restrict access to personal information to those of our employees, contractors and processors who have a requirement to process your personal data.
8.2 We implement a variety of security measures to maintain the safety of your personal data when you place an order or enter, submit, or access your personal data. We offer the use of a secure server. All sensitive personal data (such as credit card information) is transmitted via Secure Socket Layer (SSL) technology. We do not store encrypted credit card information. Currently all payments are processed for us by Stripe, and Stripe only stores information needed to process the order and is a fully PCI compliant global payment processor.
8.3 Transmission of personal data over the Internet (for example web-forms or email) is insecure. Therefore we cannot guarantee the safety and security of personal data transmitted in this way.
9. Your rights
9.1 Under the GDPR, you have the following rights in respect of your personal data:-
10. How long will we retain your data?
10.1 It is our policy not to keep personal data for longer than is necessary, for the purposes that are set on in this data privacy notice and for long as is required to do so in order to meet any legal obligations that we are bound by.
10.2. We will hold your personal data for the longer of the following periods: