top of page

PRIVACY POLICY

1. HOW WE HANDLE YOUR DATA

This section covers the sources and categories of personal data that we collect and process, why we do so, and the lawful bases for such processing.

This Privacy Policy covers the processing of the following categories of individuals:

  • Section 1.1 Our Digital visitors

  • Section 1.2 Our Business Partners (this section covers existing and prospective customers, business partners and suppliers collectively called Business Partners. Where these are legal entities, this covers their employees or representatives)

  • Section 1.3 Visitors to our premises

  • Section 1.4 Californian Residents

A. Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly (for example, at the time of subscribing to any services offered on a website, mobile applications, events, interactive kiosks or social media including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);

  2. from your device or browser; and/or

  3. if you contact us, we may keep a record of that communication.

​

B. Personal data that we collect and process

  1. Name

  2. Username

  3. Address

  4. Date of birth

  5. Email address

  6. Operating system

  7. Browser type

  8. Cookie data (for more information please see our Cookie Policy - linked below)

  9. Preferences regarding online marketing and tracking

  10. IP address

  11. Location

  12. Information you submit to us when you contact us posting material or requesting our service

  13. Responses you provide as part of our surveys, competitions, games and other interactive services; and/or

  14. Product orders, event invitations sent, and tickets bought

  15. Behavioral information from online, web, apps, email and social media, if we have your permission to do so.

​

C. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.

​

WE MAY USE YOUR PERSONAL DATA TO:

​​

  1. Provide our digital services to you
    Our legitimate interest: Website and Application Management Account Management
     

  2. Establish and manage our relationship
    Our legitimate interest: Understand the market in which we operate
    Management Reporting (including at an intra-group level)
    Account Management
     

  3. learn about our digital users’ browsing patterns and the performance of our digital services
    Our legitimate interest or your consent*: Website & Application ManagementUnderstand the market in which we operate
    Understand the market in which we operate
     

  4. Security
    Our legitimate interest: Managing security, risk and crime prevention
    Management Reporting (including at an intra-group level)
     

  5. Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication
    Our legitimate interest or your consent*: Promote our goods and services
    Management Reporting (including at an intra-group level)
     

  6. Learn about how our products or services may be used
    Our legitimate interest: Understand the market in which we operate
    Management Reporting (including at an intra-group level)
     

  7. Sharing information with advertising partners (including Social media platforms, such as Facebook, Instagram, Pinterest, LinkedIn, Tripadvisor, Snapchat)
    Your consent: Promote our goods and services
    Management Reporting (including at an intra-group level)
     

  8. Ad retargeting: Sending you targeted and personal adverts on websites and social media based on your preferences, purchase history and tracked behavior.
    Your consent: Promote our goods and services
    Management Reporting (including at an intra-group level)

​

​

*Where we use your email or other digital means to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your personal data for the above purposes, including direct marketing, please contact us using contact details set out in section 9.

Where we use cookies or similar technologies, we will seek your prior consent where required to do so by law.

We do not sell your personal data to any third party.
 

Our website may, from time to time, contain links to and from the websites of our partner networks, creative partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies. Please check their privacy notices or policies before you submit any personal data to these websites.
 

Please do not submit any information via this website or application if you are not happy with the way your personal data is processed as described in this Privacy Policy.

​

1.2. IF YOU ARE OUR BUSINESS PARTNER

This section covers existing and prospective customers, business partners and suppliers, collectively called Business Partners. The information we collect and process in relation to our customers is primarily business information. We may collect personal data related to employees, directors, authorized signatories and other individuals associated with our existing or prospective Business Partners.

​

​

A. Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly,

  2. from a company that employs you, if you are an employee of our Business Partner,

  3. from our affiliates, i.e. members of Pistil Spirits;

  4. during networking events that we have either hosted, or sponsored, or attended; and/or

  5. from publicly available sources (for example, your company website or social media sites).

​

Personal data that we collect and process

We may collect the following categories of personal data relating to our Business Partners’ employees, officers, authorized signatories, or other associated individuals:

  1. Name

  2. Picture (photography) – During our events

  3. Business address

  4. Business email address

  5. Business telephone number

  6. Business fax number

  7. Job title or role

  8. Business bank account details

  9. Date of birth

  10. Language of communication

  11. Date of first contact

  12. Categorization as a business partner (e.g. supplier, existing or prospective customer); and/or

  13. Pistil’s system usage details, if suppliers or business partners are permitted access to Pistil systems.

​

C. Why do we collect your personal data and what are our lawful bases for it?

WE MAY USE YOUR PERSONAL DATA TO:

​

  1. Provide you with our products or services or receive products or services from you 
    Our Contractual Obligation (if you act in your personal capacity or a sole trader): Efficiently fulfil our contractual and legal obligations
    Our Legitimate Interest: Management Reporting (including at an intra-group level)
    Efficiently fulfill our contractual and legal obligations (if you are an incorporated entity)
     

  2. Establish and manage our relationship: 
    Our Contractual Obligations (if you act in your personal capacity or a sole trader):
    Efficiently fulfill our contractual and legal obligations
    Our Legitimate interest:
    Understand the market in which we operate
    Management Reporting (including at an intra-group level)
    Exercise or defend legal claims
    Efficiently fulfill our contractual and legal obligations (if you are an incorporated entity)
     

  3. Learn about how our products and services are or may be used
    Our legitimate interest or Your Consent * :
    Understand the market in which we operate
    Management Reporting (including at an intra-group level)
     

  4. Security
    Our Legitimate interest:
    Managing security, risk and fraud prevention
    Management Reporting (including at an intra-group level)
     

  5. Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication
    Your Consent:
    Promote our goods and services
    Our Legitimate interest:
    Management Reporting (including at an intra-group level)
     

  6. Your image (film or photos) at events to be used to support our communication and promotional campaign
    Our legitimate interest or your consent * :Promote our goods and services
     

  7. Checking your age at Pistil Spirits events to ensure compliance with age limitations for alcohol consumption
    Our Legitimate interest: Compliance with laws

​

* We will seek your prior consent where required to do so by law.

If you object to us using your personal data for above purposes, including direct marketing, please let us know using the email address provided in section 9.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

​

1.3. IF YOU ARE A VISITOR TO OUR PREMISES
 

A. Sources of personal data

We may obtain your personal data from you directly and from our systems’ records

(If we add events the A B C needs to be copied from digital visitor above)
 

B. Personal data that we collect and process

  1. Name

  2. Surname

  3. Date of birth

  4. Email address

  5. Address

  6. Business contact details

  7. Organization

  8. Role

  9. Time and date of your visit; and/or

  10. Image (for example, from CCTV cameras at our premises, where they are used,
     

C. Why do we collect your personal data and what are our lawful bases for it?

WE MAY USE YOUR PERSONAL DATA TO:
 

  1. Security
    Our legitimate interest: Managing security, risk and crime prevention
     

  2. Maintain records of visitors to our premises
    Our legitimate interest: Management Reporting
     

  3. Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication
    Our legitimate interest or your consent *:
    Promote our goods and services
    Management Reporting (including at an intra-group level)
     

* We will seek your prior consent where required to do so by law

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your contact details for these purposes, please let us know using the methods listed in section 9.
 

1.4. IF YOU ARE A CALIFORNIAN RESIDENT

The following is applicable to individuals residing in California from whom we collect Personal data, in accordance with the California Consumer Privacy Act (hereinafter “CCPA”).
 

The chart below outlines the categories of Personal Information (as defined by the CCPA) that we have collected for a business purpose in the preceding twelve months.

WE DO NOT SELL PERSONAL INFORMATION.
 

A. Categories of Personal Information collected

The examples of Personal Information for each category below are provided by CCPA to describe the information that pertains to each category. CCPA requires us to provide disclosures in regard to each category, even where we collect only one element that pertains to such category. For example, because we may collect “gender” information, we have to disclose that we collect personal information for the category “Characteristics of Protected Classifications under California or Federal Law” even where we do not collect any other element that pertains to that category.
 

For each category of Personal Information, we collect:

  • We use share the personal information for the business purposes described under sections 1.1, 1.2. and 1.3 above above

  • We share the personal information as explain in section 2 below

​

​

​

​

CATEGORY

WHAT DOES THE CATEGORY INCLUDE

WE

COLLECT

WE

SELL

Identifiers

Categories of Personal data in Cal. Civ. Code 1798.80(e)

Characteristics of Protected Classifications under California or Federal Law

Commercial Information

Biometric Information

Internet or Other Electronic Network Activity Information

Geolocation Data

Sensory Information

Professional or employment-related information

Name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Race or colour, ancestry or national origin, religion or creed, age (over 40), mental or physical disability, sex (including gender and pregnancy, childbirth etc..), sexual orientation, gender identity or expression, medical condition, genetic information, marital status, military and veteran status.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Physiological, biological, or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, ( imagery of the iris, retina, fingerprint, face, hand, palm, voice recordings sleep, health, or exercise data that contain identifying information

Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement

Precise physical location

Audio, electronic, visual, thermal, olfactory, or similar information

Inferences Drawn from Personal data

Resume information related to education such as completion of degrees and educational institutions attended, information on educational certifications, job application or resume information, past and current job history, and job performance information.

Consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

No

No

No

No

No

No

No

No

No

No

Gender

B. You may exercise the following rights.

  • Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected. Prior to disclosing the information, we are required to verify that the individual making the request is indeed the individual to whom the information relates. Once we receive a verifiable request, we must disclose to you the information requested for the twelve months preceding your request.

  • Right to Delete. Subject to certain exceptions, you have the option to delete Personal data about you that we have collected from you.
     

Verification. Requests for access to or deletion of Personal data are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations.
 

Right to Equal Service and Price. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.

Submit Requests. For other requests or to authorize an agent to make a request on your behalf, you can also reach contact us (see Section 9).

​

2. SHARING OF YOUR INFORMATION

We do not sell your personal data to any third party.

We use secure methods to transmit personal data.

Data we collect may also be processed by staff operating outside the EEA who work with us or for us, or for one of our affiliated companies, suppliers or service providers.

Recipients of your personal data:
 

2.1. OUR AFFILIATES

We may disclose your personal data to our affiliates, who may use your information for the purposes described in this Privacy Policy. In so doing, they will be data controllers of your information together with us. As data controllers, our affiliates will process your data in compliance with the GDPR and other relevant data protection laws.
 

2.2. THIRD PARTY RECIPIENTS

We may share your personal data with third parties who are controllers of your personal data as follows:

  • Where required by law and similar mandatory disclosures.

  • In connection with a merger, sale, or asset transfer.

  • Other third parties for whom we have obtained your permission or consent to disclose your Personal data.
     

2.3. SERVICE PROVIDERS THAT WE MAY INVOLVE FOR THE PURPOSES DESCRIBED IN ABOVE SECTIONS

Our service providers process your personal data for data analytics/ marketing and advertising of our products and services to you. Our advertising and promotional agencies and consultants carry out marketing campaigns or email mailings on our behalf, or analyse or evaluate our data collection process or customer service fulfilment, such as website hosting companies. We will ensure that any service provider engaged by us is bound to comply with data protection obligations and process your personal data only on documented instructions from us and do not use it for their own purposes.
 

2.4. LAW ENFORCEMENT OR GOVERNMENT BODIES

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.
 

3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA AND THE UK (EEA)

If and when transferring your personal data outside the EEA and the UK, (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

  1. the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;

  2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA and the UK;

  3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or

  4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

You may request a copy of any relevant document in relation to transfers of your personal data outside the EEA and the UK by contacting us using the contact details in section 9 below.
 

4. YOUR RIGHTS

When prescribed by local regulations, you are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems.
 

You can also ask us to transfer a copy of your personal data that you provided to us, limit, restrict or object to the processing of your data.

We do not carry out any decision-making based solely on automated processing, including profiling.
 

If you gave us your consent to use your data, e.g. so that we can use your electronic contact details to send you marketing communications, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.
 

You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.
 

If you would like to exercise any of your above rights, contact us using the contact details in section 9 below.
 

5. VARIATIONS

We may revise this Privacy Policy at any time by amending this page. Any changes to our processing will take effect within a reasonable period of time after posting the amended Privacy Policy, so that you would have time to consider if you are ok with the changes.
 

6. CHILDREN

Our website is designed to appeal to adults only. We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites or its products or services to children or people under the legal drinking age.
 

If we become aware that a visitor to our websites is a child or under the Legal Drinking Age in the country or other territory in which he or she is located at the relevant time and has registered without verifiable parental consent, we will remove his or her personal data from our files.
 

7. RETENTION PERIOD

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

bottom of page