The provider and the responsible entity
The provider of the website and the entity responsible under the UK`s Data Protection Act 2018 and the General Data Protection Regulation is Shroton Fair Gin Ltd with Company No. 13293302 and registered offices at 1 The Corner Shroton, Blandford Forum, DT11 8QH. (hereinafter referred to as “Shroton Fair Gin”, “we” or “us”). You can contact us at firstname.lastname@example.org.
The term “user” includes all customers and visitors to our website. The terms used, such as “user”, are to be understood as gender-neutral.
Rights of users and persons concerned
With regard to the data processing described in more detail below, users and data subjects have the right:
to confirmation as to whether data relating to them is being processed,
to information about the data processed, to further information about the data processing and to copies of the data;
to correction or completion of incorrect or incomplete data;
to immediate erasure of the data concerning them;
to receive the data concerning them and provided by them and to transfer this data to other providers/controllers;
to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions.
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Likewise,users and data subjects have the right to object to the future processing of data concerning them, insofar as the data is processed by the provider. In particular, an objection to data processing for the purpose of direct advertising is permissible.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
The legal bases of processing
The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:
Consent: the individual has given clear consent to process personal data for a specific purpose.
Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
Basic information on data processing
We process users’ personal data only in compliance with the relevant data protection regulations in accordance with the principles of data economy and data avoidance. This means that user data will only be processed if we are legally permitted to do so, in particular if the data is necessary for the provision of our contractual services and online services or is required by law, or if consent has been given.
We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
Our web site uses SSL encryption when transmitting confidential or personal content of our users. This encryption is activated, for example, when processing payment transactions and when you send us enquiries via our web site. Please make sure that SSL encryption is activated on your side for corresponding activities. The use of encryption is easy to recognise: The display in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information when SSL encryption is activated and contact us in case of doubt.
Encrypted Payment Transactions
We secure your data in payment transactions. For this reason, our website uses SSL encryption for security reasons and to protect your confidential as well as personal contents during the transmission of payment transactions. You can see for yourself whether SSL encryption is activated or not. You can recognise the use of encryption by the address bar of the browser. Only if the regular display changes from “http://” to “https://” is the data transmission encrypted. The browser line “https://” indicates the use of SSL encryption, the payment transaction is now encrypted. Activating SSL encryption makes it impossible for third parties to read your confidential data. Therefore, only transfer your data when SSL encryption is activated.
Processing of personal data
The provision, execution, maintenance, optimisation and safeguarding of our services, services and user services;
To ensure effective customer service and technical support.
We transmit users’ data to third parties only if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes if these are necessary to fulfil our contractual obligations to users (e.g. communication of addresses to our carefully selected courier and logistic service providers).
Data processing when opening a customer account and for contract processing
Pursuant to the GDPR and the DPA, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved on our part.
Data transfer to payment service providers
Age Verification on Delivery or on the website
In the UK it is illegal for someone under the age of 18 years to buy or attempt to buy Alcohol and Alcoholic Products. Equally, it is a criminal offence to use false or borrowed ID to buy Alcohol and Alcoholic Products. In this sense you will be required to proof your age upon delivery to the transport company commissioned or on the website when you first access our page (where applicable). The processing is carried out to comply with a legal obligation.
When contacting us
When contacting us, the user’s details are stored for the purpose of processing the enquiry and in case follow-up questions arise. Personal data will be deleted if it has fulfilled its intended purpose and there are no storage obligations that prevent its deletion.
Use of customer data for direct marketing purposes
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you e-mail offers for similar goods or services to those already purchased from our range. We do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the marketing.
We collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the web site accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
We use the log data without assigning it to the person of the user or otherwise creating a profile in accordance with the statutory provisions only for statistical evaluations for the purpose of the operation, security and optimisation of our website. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications.
Cookies and reach measurement
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider. The personal data collected on this website is stored on the service provider’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. Our service provide is used for the purpose of contract fulfilment and in the interest of a secure, fast and efficient provision of our website by a professional provider our legitimate interest.Our service provider will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data.
We send newsletters, e-mails and other electronic notifications with promotional information via SendinBlue SAS 47, Rue de la Chaussee d’Antin Paris, 75009 France and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our products, offers, promotions and Shroton Fair Gin ®. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The legal basis for the storage is your consent.
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the website to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Google Re/Marketing Services
We use the marketing and remarketing services (Google marketing services for short) of Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”).
The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if users are shown ads for products they were interested in on other web sites, this is called “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the web site. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).
The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web sites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring web sites, time of visit and other information on the use of the website. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user’s data within other Google offerings. This aforementioned information may also be combined with such information from other sources. If the user subsequently visits other web sites, he or she may be shown ads tailored to his or her interests.
The user’s data is processed pseudonymously as part of Google’s marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by “DoubleClick” about users is transmitted to Google and stored on Google’s servers in the USA.
The Google marketing services we use include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
Another Google marketing service used by us is the “Google Tag Manager”, with the help of which further Google analysis and marketing services can be integrated into our website (e.g. “AdWords”, “DoubleClick” or “Google Analytics”).
If you wish to object to the collection of data by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
Within our website, so-called “Facebook pixels” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our offer as a target group for the display of advertisements, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
The Facebook pixel is directly integrated by Facebook when our web sites are accessed and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, you can find more information on how the remarketing pixel works and generally on the display of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy.php.
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ . The settings are platform-independent. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
If you select a Klarna payment service, the payment will be processed via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postcode, town, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of checking your identity and creditworthiness, provided that you have expressly consented to this in accordance with your consnet during the ordering process. You can find out which credit agencies your data may be forwarded to here:
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data to the extent necessary to process payments in accordance with the contract.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with the provision of a contract and only insofar as this is necessary for the payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
We use the payment service provider Stripe. If you choose a payment method offered via the payment service provider Stripe Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number).
Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.You can find data protection information on Stripe Payments Europe Ltd. here: https://stripe.com/privacy
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.
As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Data processing by the operator of the social media platform
The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.
Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.
We do not directly and for the purpose of processing transfer your personal data outside the European Economic Area (EEA) and the United Kingdom.
If you have any questions about data protection, please write us an e-mail or contact us using the details provided.