“We”, “us” and “our” refers to Chivas Brothers Limited and Chivas Brothers International Limited, companies registered in Scotland and having our registered offices at 111-113 Renfrew Road, Paisley, Renfrewshire, PA3 4DY and Kilmalid, Stirling Road, Dumbarton, Scotland G82 2SS. We collect, use and are responsible for certain Personal Data about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that Personal Data for the purposes of those laws.
- Whose Personal Data might we collect and process?
We may collect and use the Personal Data about the following people:
- customers and individuals within customer organisations
- suppliers and individuals within supplier organisations
- visitors to our premises, distilleries and Heritage Centres
- people to whom we market our products and brands and those of our affiliates within the Pernod Ricard Group. A link to affiliates is available here.
- visitors to our website
- other individuals who do not fall within the above categories
- What Personal Data do we collect about you and how?
Personal Data means any information that can be used to personally identify you or contact you online or elsewhere.
We may collect and use the following Personal Data about you:
- your name and contact information, including postal address, email address and telephone numbers and, if applicable, company details
- information to enable us to check and verify your identity, e.g. your date of birth
- your gender information, if you choose to give this to us
- location data
- contractual data that we obtain by providing products or services to you (or your employer)
- contractual data that we obtain through you (or your employer) providing products or services to us
- data that we obtain through communications with you (e.g. emails, letters or conversations)
- your financial position, status and history, including bank details
- your billing information, transaction and payment card information
- information to enable us to undertake credit or other financial checks on you
- your personal or professional interests, household, lifestyle, habits and preferences
- your professional online presence, e.g. LinkedIn profile
- your contact history, purchase history and saved items
- information from accounts you link to us, e.g. Facebook
- information about how you use our website, IT, communication and other systems
- your responses to surveys, competitions and promotions
- your IP address and your mobile/tablet/device ID
- information in relation to any complaints you may make
- information provided to us for your attendance at Heritage Centres and distilleries, meetings and events at our premises and elsewhere, including details of which Heritage Centres and distilleries you visit, and which other meetings and events you attend as well as information about access or dietary requirements.
- How your Personal Data is collected
Personal Data we collect from you
We collect most of this Personal Data directly from you—in person, by telephone, text or email and/or via our website and apps. For example:
- Registration or sign-up online: e.g. mobile app, websites, social media or subscribing to a newsletter specific to our Digital Services or creating an account to be a member of a club;
- ‘Send to a friend’ marketing communications;
- Sweepstake and contest;
- Joining a loyalty program or subscribing to a newsletter;
- Buying products or services online;
- When doing e-commerce on certain of our websites;
- Using a QR Code displayed on products;
- Events (invitation form or online forms on tablets filled out by our representatives with your input);
- Booking a tour or attending a distillery or Heritage Centre;
- Brand websites or our corporate website;
- User generated content;
- Feedback, questions, enquiries, surveys or comments through ‘Contact us’; or our responses to you;
- When you or your organisation use or contact us to provide any goods or services;
- When you browse, provide information or use our websites;
- When you or your organisation make an enquiry for our services or otherwise engage with our staff for business related purposes;
- Where you or your organisation provide goods or services to us.
- Where you are our guest;
- Any other interaction with you that requires the submission of Personal Data.
The type and amount of information we collect will vary and depends on the activity.
Personal Data we collect from other sources
We may also collect information:
- from publicly accessible sources, e.g. the Electoral Roll or the Post Office’s National Change of Address Database;
- directly from a third party, e.g.: “Send to a friend” marketing communications or a third party sign-up form from one of our partners;
- from credit reference agencies;
- from customer or supplier due diligence providers;
- from a third party with your consent, e.g. your bank or building society
- from cookies on our website (see below - How and why do we use tracking technologies?)
- via our IT and other systems, e.g. door entry systems, Heritage Centre, distillery and reception logs; automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems; wifi logon information; or
- from one of our Pernod Ricard Group affiliates.
We may occasionally purchase the contact details of people who might be interested in hearing from us. Before purchasing such information, we will check the wording used when your information was originally collected, to make sure that we only contact people who have actively expressed an interest in receiving information from third parties.
We may also receive information if you have provided permission to other organisations to share it with us. Before providing permission to such third party organisations to share your personal information, you should check their privacy notices carefully.
Subject to applicable laws, we may use a variety of technologies that collect and provide information about how our Digital Services are accessed and used by you. We may also use demographic information about who uses our Digital Services, which we get from third parties such as Google or social media that you use (we call this “Usage Information”).
Usage Information may consist of the pages you have visited, the time you visited them and which beverage information (or other content) you accessed or provided. It also includes which language you use, demographic information about you (such as your age, gender and interest areas, where available) and which pages you have visited before you visited the current page.
How and why do we use tracking technologies?
We use tracking technologies such as cookies, IP address recording or log files, to gather technical information such as your web browser type and which operating system you use, the webpage you came from, your path through our website and your Internet Service Provider. This is so we can improve the functionality of our websites and better understand how visitors like you use our Digital Services and the tools they offer.
Often, individuals will interact with us in multiple ways and will provide us with personal information in different contexts. We may use your personal information to obtain a profile of your different interactions with us and to understand your preferences.
These tracking technologies help us tailor our Digital Services to your personal needs:
- An IP address is a number used on a network to identify your computer every time you connect to the Internet. We may keep track of Internet Protocol (IP) addresses to (among other things): (i) troubleshoot technical issues, (ii) maintain website safety and security, (iii) restrict access to our Digital Services to certain users, (iv) track location and behaviour, analyse, segment and target advertising to customers, and, (iv) better understand how our Digital Services are utilised e.g. using Google Analytics;
- We (or a third party on our behalf) may collect and use your mobile/tablet device ID to provide a more tailored browsing experience, to alert you to nearby events or promotions and for reporting and analysis;
- We (or a third party on our behalf) may collect information in the form of logs files that record activity and gather statistics about browsing habits. These entries are generated anonymously, and help us gather (among other things) (i) your web browser type and operating system, (ii) information about your session (such as the URL you came from, the date and time you visited our Digital Services, and which pages you have viewed and for how long), and, (iii) other similar navigational or click-stream data. We also use log file information for our internal marketing and demographic studies, so we can constantly improve and customise the online services we offer you. Log files are only used internally, and are not associated with any personally identifiable individual.
- For what purpose do we use your Personal Data?
Under data protection law, we can only use your Personal Data if we have a proper reason for doing so, e.g.:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
Marketing, promotion and e-commerce purposes
These purposes may include marketing, promotion and e-commerce:
- When you register or sign-up via our Digital Services: the Personal Data you give is used to provide you with the benefits that typically come along with registration. This includes information on the products and brands that you have signed up to (and, if you have opted-in, to receive information about other Pernod Ricard products), the ability to send, receive and personalise communications you select at the time of registration or that automatically come with your registration. For example, subscription to a newsletter, creation of an account, participation in a sweepstake or contest, invitation to or attendance at an event organised by us or on our behalf;
- When you are selected or invited to attend an event we will use your Personal Data to provide you with details, tickets and entry information and to provide the organisers with information to allow them to verify your attendance;
- When you enter a sweepstake or contest we use your Personal Data to identify unique entrants and to inform winners and others of the outcome;
- When you use the ‘Send to a friend’ feature: Personal Data for one-time use (typically, names and email addresses) is used only once (e.g., to send a message) and is not retained by us;
- When using e-commerce on some of our websites: we (or a third party on our behalf) will use your Personal Data to create your account, facilitate the purchase process, manage your order and deliver your products under the contract you have with us (or the third party) and to understand your purchase history. We may use automated or technical solutions to detect fraudulent activity or payment and this may include profiling based on automated decision making;
- When you use a QR Code or equivalent feature displayed on our products: we use your Personal Data to send you more information on the products where the QR code or equivalent feature was displayed or other Pernod Ricard products (if you opt-in to receive that information);
- When you submit Personal Data on the iPads or other mobile devices available in Heritage Centres or distilleries: this is used to send you more information on the relevant products;
- Feedback, questions, or comments through our ‘Contact Us’ form and our ‘Tell Us’ compliance reporting system: if you contact us via an online contact form, your information is used to respond to your inquiry or comment;
When you submit your Personal Data, you may also be given the option (through a tick box or other consent mechanism) to have your information used for an activity or service different from the one you are requesting. For example, if you enter a contest to win a prize, you may also be invited to sign up for a newsletter about other products. If you choose to have your information used for another activity or service in this way we will use your information to provide them to you.
In addition, when you submit your Personal Data, you may be given the option (through a tick box or other consent mechanism) for your information to be used for other Pernod Ricard products. If you choose this option we (and other Pernod Ricard Group affiliates) will use your information to provide you with information and promotions regarding other Pernod Ricard products.
We may also use your email address to send you transactional or administrative communications such as confirmation emails when you sign up for, or unsubscribe from, a specific registration or activity. We may also use it for certain service-related announcements, such as updates to our Privacy Notice, discontinued features or programs on our Digital Services, changes to our online services or technical support policies.
We retain your personal data in our global consumer database which allows us to ensure that your Personal Data remains accurate and up to date and to share your Personal Data with appropriate Pernod Ricard group affiliates. To avoid duplication in our database, we may use information about each of your interactions with one of our Pernod Ricard Group affiliates to check whether your Personal Data is still accurate. We will use that information to complete, enhance or update your Personal Data with the additional information you might have provided.
Subject to applicable laws, this may include occasionally combining, updating, or otherwise enhancing the Personal Data collected through our Digital Services with anonymised data we get from outside records or third parties. For instance, we may combine purely demographic or survey information (e.g., age, gender, household information, and other interests) not linked to any personal information about you with Personal Data collected in other cases (such as during account registration).
We may also use your Personal Data, the combined information referred to above and/or demographic information for our internal marketing, segmentation, analysis and demographic studies. This helps us to constantly improve, personalise, and customise the products and services we provide.
Other business purposes
We set out below more detail on the ways in which we use your Personal Data. We use your Personal Data:
- To provide products and services to you and your organisation;
- To ensure the confidentiality of commercially sensitive information;
- To manage and administer your or your organisation's business relationship with us, including use for the purposes of processing payments, accounting, auditing, billing and collection and other support services;
- To screen for financial and other sanctions or embargoes, including credit reference checks with credit reference agencies;
- To comply with legal and regulatory obligations that apply to our business;
- Where necessary to gather and provide information required by or relating to audits, enquiries or investigations by enforcement authorities, regulatory bodies, courts, tribunals and government agencies;
- To deal with any complaints received;
- To ensure business policies are adhered to, e.g. policies covering security and internet use and to prevent unauthorised access and modifications to systems;
- For operational reasons, such as ensuring safe working practices, improving efficiency, risk management, training, staff assessment and quality control;
- For statistical analysis to help us improve our products and services and communications to you or the strength of our relationship with you or to manage our business, e.g. in relation to our financial performance or efficiency measures;
- For the purposes of external audits and quality checks, e.g. for Investors in People accreditation and the audit of our accounts;
- For insurance purposes;
- To complete statutory returns;
- To ensure your needs are catered for in connection with any meeting or event you may attend; and/or
- For recruitment. Where you apply for a job we will give you further information about how your personal data will be used.
Legitimate interests - managing our business
In relation to a number of uses of Personal Data we refer to above we are doing this on the basis that it is in our legitimate interests – or those of a third party – for us to do so. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. These interests cover a number of aspects of our business operations, namely:
- Ensuring that we are as efficient as we can be so we can deliver the best Digital Service, products and other services for you that we can and understanding our customers and the users of our Website;
- To allow us to provide bespoke Digital Services and products and other services where requested by you, to personalise your experience and to tailor the content, offers and promotions we send to you promoting our products and services;
- Protecting our commercially valuable information and also our intellectual property;
- Preventing and detecting fraud and/or criminal activity that could be damaging for us and for you;
- For credit control purposes and to make sure our customers can pay for the products we provide;
- Understanding how our business is performing and considering how to improve our performance; and
- Ensuring we are able to keep up to date with our customers and contacts and developments in their organisations.
We may use your Personal Data to send you updates (by email, text message, telephone or post) about our products and Digital Services, including exclusive offers, promotions or new products and Digital Services.
We have a legitimate interest in processing your Personal Data for promotional purposes. This means we do not always need your consent to carry out promotional activities. However, where consent is needed, we will ask for this consent separately and clearly.
You have the right to opt out of receiving promotional communications at any time by:
- contacting us at email@example.com
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or Digital Services in the future, or if there are changes in the law, regulation, or the structure of our business.
- What happens if you do not wish to share your Personal Data with us?
If you choose not to submit any Personal Data when requested, you may not be able to participate in certain activities or use some of the personalised features of our Digital Services. This may also limit the products, services and special offers we can tell you about. For example, if you refuse to share your email address, you will not be able to receive any of our newsletters or otherwise register for our Digital Services or if you do not provide us with billing information we may not be able to pay you. However, you do not need to give us any Personal Data to simply browse our websites and learn more about us and our products.
- Who do we disclose your Personal Data to and why?
We will never share your Personal Data with any third party that intends to use it for direct marketing purposes, unless we have specifically told you and you have given us explicit permission to do this.
We may share your Personal Data with our parent company, Pernod Ricard SA and with Pernod Ricard SA’s affiliates worldwide (these affiliates are collectively referred to as the “Pernod Ricard Group”).
We share your Personal data for the purposes explained in Articles 3 and 4 above and also for the purposes of group purchasing and selling, security, accounting and administration.
We may also share your Personal Data with other third parties, but only in the following circumstances:
- We may use third parties to help deliver our products or Digital Services to you, e.g. payment service providers, warehouses and delivery companies;
- We may share your Personal Data with social media providers such as Facebook, Twitter and Instagram, in which case email addresses will be uploaded then hashed. For example, where you are a registered user of Facebook, we will use your email address in an encrypted format to enable Facebook to find other registered users of their services that share similar interests to you based on: (1) information that we observe about you from your different interactions with us; and (2) the information Facebook holds about you;
- We may share your Personal Data with third parties who provide programmatic advertising services to serve you with relevant advertising;
- We may use service providers, agents or contractors e.g. marketing and digital agencies to support the internal operation of our Digital Services, and to assist us with administering them or the various functions, programs and promotions available on them. Any such third party must provide appropriate levels of security for your Personal Data and, where required, are bound by a legal agreement to keep your Personal Data private, secure and to process it only on our specific instructions;
- When we run a joint or co-sponsored program or promotion on our Digital Services with another company, organisation, or other reputable third party, we may collect and process Personal Data and share it with that partner or sponsor as part of the event. If your Personal Data is being collected by (or is shared with) a company other than one that is part of the Pernod Ricard Group as part of any such promotion, we will let you know at the time it is collected;
- We may also disclose your Personal Data if we are required to do so by law or by law enforcement agencies or regulatory bodies, or if such action is necessary to comply with legal or regulatory processes, to establish, respond to or pursue any claims, or to protect the safety or rights of us, our employees, customers, or the public;
- In the event of a merger or acquisition of all or part of us by another company, or in the event that we were to sell or dispose of all or a part of our business. In this case the acquirer would have access to the information maintained by us, which could include Personal Data, subject to applicable law. Similarly, Personal Data may be transferred as part of a corporate reorganisation, insolvency proceeding, or other similar event, if permitted by and done in accordance with applicable law;
- We may disclose your Personal Data to our insurers and brokers, external auditors, professional advisers, banks and other third parties which provide services to us to allow us to fulfil our legal and contractual obligations and for risk management purposes;
- We may also disclose your Personal Data to our CCTV providers and outsourced security providers (including G4S);
- We may share your Personal Data with external service suppliers, representatives and agents that we use to make our business more efficient, e.g. technology service suppliers, marketing agencies, event organisers and hosts, survey providers, translators or suppliers of analysis services and companies providing services for credit risk reduction, fraud and crime prevention purposes.
- Is your Personal Data sent to recipients located in other countries and why?
We and our affiliates in the Pernod Ricard Group are a global group and your Personal Data may be transferred across international borders. It may be transferred to countries that have different data protection laws to the country from where you submitted your Personal Data. Your Personal Data may also be transferred between different companies of the Pernod Ricard Group located in different countries.
We will, however, ensure the transfer complies with data protection law both during transit and at the storage location and all Personal Data will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission.
Our main service providers for the operation of our Digital Media are based in the United States. The transfers of personal data to these services providers are implemented in accordance with applicable laws and rely on standard contractual clauses as set out by the European Commission. Such service providers are also bound by a contract that ensures a high standard of privacy protection and requires (amongst other provisions) that they act only on a member of Pernod Ricard Group’s instructions and implement technical measures necessary on an ongoing basis to keep your Personal Data secure.
- How long do we keep your Personal Data?
We may store the Personal Data that you send to us via our Digital Services in our databases. We will not retain your Personal Data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Data.
We have in place a retention policy which sets out the different retention periods for the types of information we hold.
The retention periods we apply take account of:
- Legal and regulatory requirements and guidance;
- Limitation periods that apply in respect of taking legal action;
- Our ability to defend ourselves against legal claims and complaints;
- Good practice; and
- The operational requirements of our business.
When it is no longer necessary to retain your Personal Data, we will delete or anonymise it.
If you ask us to delete your information in accordance with your rights set out in Article 10 below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.
- How do we keep your Personal Data secure?
We have appropriate security measures to prevent your Personal Data from being accidentally lost, or used or accessed unlawfully. These include: (i) storing your Personal Data in secure operating environments that are not available to the public and that are only accessible to authorised employees, our agents and contractors; and, (ii) verifying the identities of any registered users before they can access Personal Data we store about them.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
- Your rights
You have the following rights, which you can exercise free of charge:
You can ask us to:
- provide a copy of your personal data (the right of access)
- correct any mistakes in your personal data
- delete your personal data—in certain situations
- restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data
- provide you with a copy of the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
You can object:
- at any time to your personal data being processed for direct marketing including profiling;
- in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests
If your Personal Data has been processed on the basis of your consent, you can withdraw your consent at any time.
We hope that we can resolve any query or concern you may raise about our use of your information. You also have the right to complain to the supervisory authority in the European Union where you work, normally live or where any alleged infringement of data protection laws occurred.
If you would like to exercise any of your rights in this Article 10, please email us on firstname.lastname@example.org
Your objection (or withdrawal of consent) may mean we cannot provide the products or services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your Personal Data if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
- How do we treat children's information?
- Do we link to other third party websites?
Our Digital Services may contain links that will direct you to other websites or services that are operated and controlled by third parties. This includes links from advertisers, sponsors and partners that may use our brands or logo(s) as part of a co-branding agreement.
- How can you contact us?
- by writing to: Data Privacy Champion, Chivas Brothers Limited and Chivas Brothers International Limited, Kilmalid, Stirling Road, Dumbarton G82 2SS, or sending an email to: email@example.com
- or by writing to: Data Protection Officer, Pernod Ricard SA, 12 place des Etats-Unis 75783 Paris Cedex 16 France
This privacy notice was last updated: Aug 2020.