Privacy Policy

Contents

1. HOW WE HANDLE YOUR DATA
   • IF YOU ARE A DIGITAL VISITOR
   • IF YOU ARE OUR BUSINESS PARTNER
   • IF YOU ARE A VISITOR TO OUR PREMISES

• SHARING OF YOUR INFORMATION
  1. Our affiliates
  2. Third party recipients
  3. Service providers that we may involve for THE PURPOSES described in above sections
  4. Law enforcement or government bodies

3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA and the UK (EEA)
4. YOUR RIGHTS
5. VARIATIONS
6. CHILDREN
7. RETENTION PERIOD
8. INFORMATION ABOUT US
9. CONTACT DETAILS
10. INFORMATION ABOUT US

We are committed to protecting and respecting your privacy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

1. HOW WE HANDLE YOUR DATA

This section covers the sources and categories of personal data that we collect and process, why we do so, and the lawful bases for such processing.
This Privacy Policy covers the processing of the following categories of individuals:

• Section 1.1 Our Digital visitors
• Section 1.2 Our Business Partners (this section covers existing and prospective customers, business partners and suppliers collectively called Business Partners. Where these are legal entities, this covers their employees or representatives)
• Section 1.3 Visitors to our premises

 

1.1. IF YOU ARE A DIGITAL VISITOR

A – Sources of personal data
 B – Personal data that we collect and process 
C – Why do we collect your personal data and what are our lawful bases for it?

1. Sources of personal data

We may obtain your personal data from the following sources:

1. from you directly (for example, at the time of subscribing to any services offered on a website, mobile applications, events, interactive kiosks or social media including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
2. from your device or browser; and/or
3. if you contact us, we may keep a record of that communication.

 

1. Personal data that we may collect and process
2. name
3. username
4. address
5. date of birth
6. email address
7. operating system
8. browser type
9. cookie data (for more information please see our Cookie Policy)
10. preferences regarding online marketing and tracking
11. IP address
12. Location
13. Information you submit to us when you contact us posting material or requesting our service
14. Responses you provide as part of our surveys, competitions, games and other interactive services; and/or
15. Product orders, event invitations sent, and tickets bought
16. Behavioural information from online, web, apps, email and social media, if we have your permission to do so.

 

1. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.

We may use your personal data to	What are our legal basis for processing your data
Provide our digital services to you	Our legitimate interest: Website and Application Management   Account Management
Establish and manage our relationship	Our legitimate interest: Understand the market in which we operate   Management Reporting (including at an intra-group level) Account Management
Learn about our digital users’ browsing patterns and the performance of our digital services	Our legitimate interest or your consent*: Website & Application Management   Understand the market in which we operate
Security	Our legitimate interest: Managing security, risk and crime prevention   Management Reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication	Our legitimate interest or your consent*: Promote our goods and services   Management Reporting (including at an intra-group level)
Learn about how our products or services may be used	Our legitimate interest: Understand the market in which we operate   Management Reporting (including at an intra-group level)
Sharing information with advertising partners (including Social media platforms, such as Facebook, Instagram, Pinterest, LinkedIn.	Your consent: Promote our goods and services   Management Reporting (including at an intra-group level)
Ad retargeting: Sending you targeted and personal adverts on web sites and social media based on your preferences, purchase history and tracked behaviour.	Your consent: Promote our goods and services   Management Reporting (including at an intra-group level)

*Where we use your email or other digital means to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your personal data for the above purposes, including direct marketing, please contact us using contact details set out in section 9.

Where we use cookies or similar technologies, we will seek your prior consent where required to do so by law.

We do not sell your personal data to any third party.

Our website may, from time to time, contain links to and from the websites of our partner networks, creative partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies. Please check their privacy notices or policies before you submit any personal data to these websites.

Please do not submit any information via this website or application if you are not happy with the way your personal data is processed as described in this Privacy Policy.

1.2. IF YOU ARE OUR BUSINESS PARTNER

This section covers existing and prospective customers, business partners and suppliers, collectively called Business Partners. The information we collect and process in relation to our customers is primarily business information. We may collect personal data related to employees, directors, authorised signatories and other individuals associated with our existing or prospective Business Partners.

A – Sources of personal data 
B – Personal data that we collect and process
 C – Why do we collect your personal data and what are our lawful bases for it?

1. Sources of personal data

We may obtain your personal data from the following sources:

1. from you directly,
2. from a company that employs you, if you are an employee of our Business Partner,
3. from our affiliates, i.e. members of the Your Spirits group of companies;
4. during networking events that we have either hosted, or sponsored, or attended; and/or
5. from publicly available sources (for example, your company website or social media sites).

 

1. Personal data that we may collect and process

We may collect the following categories of personal data relating to our Business Partners’ employees, officers, authorised signatories, or other associated individuals:

1. Name
2. Picture (photography) – During events
3. business address
4. business email address
5. business telephone number
6. business fax number
7. job title or role
8. business bank account details
9. date of birth
10. language of communication
11. date of first contact
12. categorisation as a business partner (e.g. supplier, existing or prospective customer); and/or
13. Your Spirits usage details, if suppliers or business partners are permitted

 

1. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.

We may use your personal data to:	What are our legal basis for processing your data?
Provide you with our products or services or receive products or services from you	Our Contractual Obligation (if you act in your personal capacity or a sole trader): Efficiently fulfil our contractual and legal obligations   Our Legitimate Interest: Management Reporting (including at an intra-group level) Efficiently fulfil our contractual and legal obligations (if you are an incorporated entity)
Establish and manage our relationship	Our Contractual Obligations (if you act in your personal capacity or a sole trader):   Efficiently fulfil our contractual and legal obligations Our Legitimate interest: Understand the market in which we operate Management Reporting (including at an intra-group level) Exercise or defend legal claims Efficiently fulfil our contractual and legal obligations (if you are an incorporated entity)
Learn about how our products and services are or may be used	Our legitimate interest or Your Consent *:   Understand the market in which we operate Management Reporting (including at an intra-group level)
Security	Our Legitimate interest   Managing security, risk and fraud prevention Management Reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication	Your Consent:   Promote our goods and services Our Legitimate interest: Management Reporting (including at an intra-group level)
Your image (film or photos) at events to be used to support our communication and promotional campaign	Our legitimate interest or your consent * :   Promote our goods and services
Checking your age at Your Spirits events to ensure compliance with age limitations for alcohol consumption	Our Legitimate interest: Compliance with laws

* We will seek your prior consent where required to do so by law.

If you object to us using your personal data for above purposes, including direct marketing, please let us know using the email address provided in section 9.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

1.3. IF YOU ARE A VISITOR TO OUR PREMISES

A – Sources of personal data
 B – Personal data that we collect and process
 C – Why do we collect your personal data and what are our lawful bases for it?

1. Sources of personal data

We may obtain your personal data from you directly and from our systems’ records

(If we add events the A B C needs to be copied from digital visitor above).

1. Personal data that we may collect and process
2. Name
3. Surname
4. Data of Birth
5. Email address
6. Address
7. Business contact details
8. Organisation
9. Role
10. Time and date of your visit; and/or
11. Image (for example, from CCTV cameras at our premises, where they are used)

 

1. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and what lawful bases we rely on.

We may use your personal data to:	What the legitimate interests of our business are:
Security	Our legitimate interest: Managing security, risk and crime prevention
Maintain records of visitors to our premises	Our legitimate interest: Management Reporting
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication	Our legitimate interest or your consent *:   Promote our goods and services Management Reporting (including at an intra-group level)

* We will seek your prior consent where required to do so by law.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your contact details for these purposes, please let us know using the methods listed in section 9.

2. SHARING OF YOUR INFORMATION

We do not sell your personal data to any third party.

We use secure methods to transmit personal data.

Data we collect may also be processed by staff operating outside the EEA who work with us or for us, or for one of our affiliated companies, suppliers or service providers

Recipients of your personal data: –

2.1 Our affiliates

We may disclose your personal data to our affiliates, who may use your information for the purposes described in this Privacy Policy. In so doing, they will be data controllers of your information together with us. As data controllers, our affiliates will process your data in compliance with the GDPR and other relevant data protection laws.

2.2 Third party recipients

We may share your personal data with third parties who are controllers of your personal data as follows:

• Where required by law and similar mandatory disclosures.
• In connection with a merger, sale, or asset transfer.
• Other third parties for whom we have obtained your permission or consent to disclose your Personal data.

2.3 Service providers that we may involve for THE PURPOSES described in above sections

Our service providers process your personal data for data analytics/ marketing and advertising of our products and services to you. Our advertising and promotional agencies and consultants carry out marketing campaigns or email mailings on our behalf, or analyse or evaluate our data collection process or customer service fulfillment, such as website hosting companies. We will ensure that any service provider engaged by us is bound to comply with data protection obligations and process your personal data only on documented instructions from us and do not use it for their own purposes.

2.4 Law enforcement or government bodies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA AND THE UK (EEA)

If and when transferring your personal data outside the EEA and the UK, (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

1. the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA and the UK;
3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

You may request a copy of any relevant document in relation to transfers of your personal data outside the EEA and the UK by contacting us using the contact details in section 9 below.

4. YOUR RIGHTS

When prescribed by local regulations, you are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems.

You can also ask us to transfer a copy of your personal data that you provided to us, limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.

If you gave us your consent to use your data, e.g. so that we can use your electronic contact details to send you marketing communications, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.

You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.

If you would like to exercise any of your above rights, contact us using the contact details in section 9 below.

5. VARIATIONS

We may revise this Privacy Policy at any time by amending this page. Any changes to our processing will take effect within a reasonable period of time after posting the amended Privacy Policy, so that you would have time to consider if you are ok with the changes.

6. CHILDREN

Our website is designed to appeal to adults only. We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites or its products or services to children or people under the legal drinking age.

If we become aware that a visitor to our websites is a child or under the Legal Drinking Age in the country or other territory in which he or she is located at the relevant time and has registered without verifiable parental consent, we will remove his or her personal data from our files.

7. RETENTION PERIOD

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

8. INFORMATION ABOUT US

For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), Your Spirits B.V., Van Musschenbroekbaan 3a, 3439 MX Nieuwegein, The Netherlands will be the data controller responsible for any personal data about you.
Our EU entities are subsidiaries/affiliates of or are otherwise associated with Your Spirits. These are listed in Annex 1 to this Privacy Notice. If you are a visitor to our websites, the relevant data controller is Your Spirits B.V., registered in The Netherlands under company number 82072671. Our registered office is at Van Musschenbroekbaan 3a, 3439 MX Nieuwegein, The Netherlands.

If you are a customer or a potential customer of one or more of our EU entities, or an individual related to one of our existing or potential customers, the relevant data controller is the Your Spirits entity which has contractual or business relations with our customer. If you contract with our EU entities in any other capacity (for example, to provide your services), your data controller will be the Your Spirits entity with which you contract. If you are a visitor to our premises or events, the relevant controller is the EU entity that is located in that office or hosting the event.
For cross-border matters, and in relation to personal data shared by several of our EU entities, the relevant entities may operate as joint controllers that will collaborate with one another, as necessary, to comply with our obligations under the GDPR, including to address requests by data subjects to exercise their rights under the GDPR, as set out in Section 4 above. Solely for purposes of compliance with the GDPR, the main establishment for all of our EU entities is c/o Your Spirits B.V., Van Musschenbroekbaan 3a, 3439 MX Nieuwegein, The Netherlands.
If you need to communicate with us, please contact us as explained in section 9.

9. CONTACT DETAILS

Questions, comments, complaints and requests regarding this Privacy Policy, or our privacy practices in general, are welcomed.
Any queries and requests regarding this Privacy Policy are welcome via the contact points below.

Who you are	Via	Address
Digital Visitor	Email	info@yourdrinks.com
Business Partners or Visitor to our Premises	Email	info@yourdrinks.com
Business Partners or Visitor to our Premises	Phone number	+31 (0)6 – 19 66 64 78

Digital visitors may opt out from our marketing communication by simply clicking on the “unsubscribe” function at the bottom of the email received by us.

10. INFORMATION ABOUT US

In the present Privacy Policy and in the connected Terms and Conditions of Website Use and Cookie Policy, “We” or “us” means Your Spirits B.V., with its registered office at Van Musschenbroekbaan 3a, 3439 MX Nieuwegein, The Netherlands.