FAIR PROCESSING NOTICE - FIREBALL UK
Fireball UK collects data about people who use our website, contact us or purchase products. This
Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and your rights. We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the
Data Protection Act 2018 and other UK or EU data protection legislation.
Our contact details
Sazerac UK Limited t/a Fireball UK
60 Marina Place, Hampton Wick, Surrey, KT1 4BH, United Kingdom
Our Data Protection Officer is Kristy Gouldsmith and she can be contacted at firstname.lastname@example.org Sazerac UK Limited forms part of the Sazerac Company Inc group, which is an alcoholic beverage company headquartered in the United States and with group companies located elsewhere in the world. Our products consist of a range of alcoholic beverages and brand related offerings for consumers.
What data do we process?
When you use our website, we will process the following personal data about you:
Your name, email, phone number and your enquiry via our ‘Contact Us Form’.
Your IP address/ MAC address, browser type, geographical location and operating system when you use the website
When you call us, we will collect the following personal data about you:
Your name, email, phone, your enquiry and content of your communication.
If you purchase products from our website, we will process the following personal data about you:
Phone number; and
You can also visit thespiritcellar.com to purchase products. Please read their Privacy Notice.
Why do we process your personal data?
We need your name, contact details and the details of the communication itself in order to answer your enquiry. We need your IP address/ MAC address, browser type, geographical location and operating system for security reasons. We will use your personal data for statistical analysis to improve our website.
When you are a customer, we collect and process your personal data:
in order to fulfil our contract with you for the order and delivery of your goods;
to fulfil our legal obligations to HMRC;
where the activity is a legitimate one for a business; and
with your consent.
Our legal basis for processing personal data
By law, we need a legal basis for processing your personal data. Our processing is because we have a contract with you, we have a legal obligation to process the data, the processing is a legitimate activity or you have consented to the processing. Where you have consented to the processing, you are free to withdraw your consent at any time.
Contract is where we will process your personal data because you have entered into a contract with us or you wish to enter into a contract with us.
Consent is given where we ask you for permission to use your information in a specific way and you agree to this. Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time. For example, you consent to us contacting you to answer your enquiry.
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, we need to provide data from your invoice to HMRC.
We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights). For example, we have a legitimate interest to keep our systems secure so we will log your IP address.
We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your rights. You have the right to object to our processing your personal data because of our legitimate interests. Please contact us if you have any concerns.
We process the following data because we have a contract with you and we need to process this data to fulfil your order:
We will share only the required data with our delivery partners and payment providers that is necessary to fulfil your order.
We process the following data because we have a legal obligation to do so.
We have a legal obligation to HMRC to include the following personal data on your invoice:
In the case of any disputes, we will process the following personal data because we have a legitimate interest and the processing is necessary for the establishment, exercise or defence of legal claims:
all personal data will be shared, as required, with our legal advisors and our insurers
We will process the following personal data because it is a legitimate interest:
store your personal data securely on servers and in the cloud;
to process your IP address, browser type and operating system to keep our systems secure;
process your page views and clicks for our website analytics;
to send you marketing information because you are already a customer;
keep your name and email in an supression list; and
sharing your data within the Sazerac group of companies for administrative purposes only.
You have the right to object to our process because of our legitimate interests. You can object to use sending you marketing material by clicking on the unsubscribe link in the email.
Please contact us if you have any concerns.
If you would like to receive marketing material, we will process the following data with your consent:
name and email address.
You can withdraw your consent at any time by clicking on the unsubscribe link in the email.
How long we keep your data for?
We keep your personal data on invoices as long as you are a customer and for the next seven years, for HMRC requirements:
We will keep your name and email on our marketing list until you unsubscribe. Once you have unsubscribed, we will keep your data on a suppression list for five years so that we don’t market to you again by accident.
We hold your IP data for [x period of time].
We hold your data from your enquiry for [x period of time].
We hold your data for marketing purposes until you withdraw your consent or we see that you are no longer opening our emails. We review our open rates on a regular basis.
Who do we share your data with?
We may share your personal data with the following recipients:
Our insurance providers, if required;
Our legal advisors, if required;
Our software, website and cloud service providers;
Payment providers; and
Our head office in the United States for administrative purposes only.
Do we transfer your personal data outside of the EU or EEA?
Your data is kept in the EU or EEA except for data that is transferred to our head office in the United States for administrative purposes.
The United States is non-adequate country for data transfer as determined by the European Commission. Your data is protected by EU Standard Contractual Clauses between our UK office and our USA head office. The EU Commission has determined that Standard Contractual Clauses are sufficient safeguards on data protection for the data to be transferred internationally. You can learn more about Standard Contractual Clauses at https://ec.europa.eu/info/law/law-topic/data-
Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
You have rights in respect of our processing of your personal data which are:
To access your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
To rectify incorrect personal data that we are processing.
To request that we erase your personal data if:
o we no longer need it;
o if we are processing your personal data by consent and you withdraw that consent;
o if we no longer have a legitimate ground to process your personal data; or
o we are processing your personal data unlawfully
To object to our processing if it is by legitimate interest.
To restrict our processing if it was by legitimate interest.
To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.