When we state ‘personal information’ we mean information that reveals one’s identity through name, email, address, telephone number, bank account details, payment information, IP addresses, content comments, and etc. When we use the term ‘sensitive information’ we mean information that uniquely identifies an individual and reveals one’s biological; political; mental and/or physical; sexual; and/or criminal offences, identities and/or tendencies. We do not collect ‘sensitive information’ from any of our clients.
- We collect only essential information for the maintenance & improvement of our website and our digital services, and to honour our obligation to you in providing you exemplary service.
- We use straightforward methods for acquiring your information; through your discretion and we never purchase your details from 3rd parties.
- We only use the information we have about you to allow you to buy and sell wine with us.
- We do not share your information with any other party where it is not necessary to do so (e.g., logistical partners, legal entities, tax entities, etc.).
- Our retention period of your information varies and hinges upon the type of information and how vital it is for us to keep this information for our business interests.
- You have the right to erase, move, collect your information and to also know and object to our collection methods, retention periods and processing aims of your data.
- Our systems are secure either through the technology they use and/or the processes we have deployed in lieu of their security specifications.
Who is “we”?
When we use the words ‘we’, ‘us’ or ‘our’, this refers to BiBO Holdings Ltd. Our headquarters and primary activities and operations are based in the UK, but we operate internationally.
In adherence to the EU data protection policies, we typically act as a controller of your personal data. BiBO Holdings Ltd. (company number 13153736) acts as the representative towards the EU.
Our key data principles
We love data. However, we love people more (as well as wine!). To show this we have put in place our key principles as a company and as individuals to hold ourselves accountable and offer an unrivalled service, regarding personal data.
- Transparency: We operate and act, as a business and individuals, transparently, and we acknowledge and reflect this all the way through to our treatment of your data selves.
- Respect: We respect your rights to choose and your right to privacy and we take heed of any feedback and preferences you may supply us.
- Control: We realise our responsibility in accessing personal data and we deem it essential to have you at the core reasoning and for you to have your say over your personal data.
- Security: We believe in securing all information and all information within our systems. We provide safe and secure methods for using our services and engaging with us.
What data do we collect?
- Web information
- IP address
- Time of visit
- Web information
- Personal process information
- Contact information (names, phone numbers and email addresses)
- Payment information (bank details)
- Logistical information (collection/delivery address)
- Buying/selling history and preferences
- Preference information (service requirements, product knowledge, etc.)
- Personal process information
We do not actively use this information to identify individuals; neither do we store this information in its raw, identifiable and accessible form with the intention of operational use. The information that is stored on our servers is archived every 24 hours and then deleted every month, automatically.
Personal process information
We process and store this information securely and safely. Our email, CRM, accounting, website, storage, marketing and research systems are encrypted and inaccessible to unauthorised third parties.
How we acquire your data?
When you visit our website or use our services, we collect personal data. We capture data in three different ways.
- Contact forms
- Use of our Valuation Tool service
- Subscribing to our Journal and Resources services
- Buying enquiries
- Selling enquiries
- Comments or reviews on us, our products or services
- Wine buying/selling enquiries through online eCommerce platforms
- Databases & Servers
- Website analytics & tracking
- Surveys, competitions or promotions
- N/A – we do not collect personal information about you from 3rd party sources
When you visit our website, use some of our services or request the use of some of our services, we will ask for your personal details to allow us to communicate with you and provide you with the best service (‘best service’ meaning the quickest, most accurate, personalised assistance) in which we are able to provide. If you are unwilling to provide your contact details, you may be unable to use certain services or areas/functions of our website.
Additionally, we believe that in most cases, a voice is nicer than text; as such, we build a majority of our relations via phone. In some cases, we characterise you based on your personal/commercial requirements, product preferences and product knowledge. Further, should you enter into a contract with us, we are obliged to honour our legal obligations and therefore must acquire more personal information (e.g., your bank details for payment, your physical address for a collection or delivery, etc.).
When you use our website, we automatically collect information about you (contact details, browser type, device type, the country from where you visit, etc.). We also collect information about your navigation through and around our website (what you pages you visited, clicked on, etc.). We collect this information because it allows us to cater the website language to the language you speak, protect the website from & respond to cyber-attacks, improve the performance of our website and it allows the ease of use of our services (e.g., remembering the information you inputted into our site previously).
Just as importantly, this information allows us to attain feedback and report on how useful our website and its functions are and whether we have laid it out correctly to use for people, different devices, browsers, countries, etc. As a digital wine merchant, our website is now our shop front and the best way to arrange our layout (or our ‘shelves’) or remember a previous customer’s name is to see how people interact with the layout and record certain, pertinent information.
From time to time, it is necessary for us to engage in proactive research. This entails surveying you, our customers, for preferences, wants, needs and feedback. We perform this activity through direct email marketing and results are gained automatically, in some instances, from the emails’ interactions.
It is imperative to overtly state and reiterate that we do not acquire, retain and process ‘sensitive information’ about you, our customers. We have no need for this information and we believe it is overly intrusive to acquire this type of information.
How we use your data?
You, the user/customer, is at the heart of everything we do; as such, we only use your data to operate our primary activities and operations, providing you with services that you have requested and to manage our relationship. We only use your personal data for the following operations:
- Buying wine
- Selling wine
We only use your personal data for the following activities:
- Communicating to and with you:
- Feedback, surveys and research
- Informing and educating you through written blog content, newsletters, etc.
- Improve our website usability and performance
- Prevent cyber-attacks and fraudulent activity
- Analyse and report on anonymised data
- Communicating to and with you:
Although we use third-party applications to process and store your data, we have ensured that they are not shared outside of BiBO Holdings Ltd. without a privacy contract in place and when they are processed or stored secure methods are used, e.g., encryption, 2-step authentication, limited access to pertinent persons, etc.
There will be times when we need to share your data with third parties (typically, our partners). We only disclose your personal data to:
- Honour our contractual obligation (usually, a transaction (buying or selling), and typically involving our logistical partner).
- Comply with the applicable law & regulations to parties such as regulators, law enforcement bodies, government agencies (e.g., HMRC), courts and/or third party legal practitioners.
- Other third parties where your consent has been attained.
Legal bases we rely on to process personal data
Where we collect personal data, we will only process it:
- To honour a contract with you.
- Where both us and yourself have the mutual benefit on the basis of legitimate interests, which would not be overridden by your individual rights.
- We have attained your explicit consent.
- Or, to fulfil a legal obligation.
If we do not collect your personal data, we may be unable to provide you with all our services and provide unrivalled service, and some functions and features on our website may not be available to you.
Third-party data processors
We use the following 3rd party data processors to process personal data on our behalf:
- Content management system
- Website analytics applications
- Customer relationship management system
- Direct marketing provider
- Email system provider
- Website hosting service provider
- Accounting software
- Survey software
- Email system support applications
- Storage systems
Content management system (CMS)
To be an online wine merchant we have to have a website. To be able to create and manage our website, we use a content management system (CMS) to publish web pages and its contents (i.e., information) as well as to enable us to control and process your information. We use this system to operate and is a fundamental necessity. Contact information is stored in our CMS system and we retain this information indefinitely for reporting and record keeping unless otherwise instructed or requested to erase.
BiBO’s website is secure (HTTPS) and encrypted (SSL). Similarly, the System Admin area is encrypted using SSL and only registered accounts have access/logins, with only one dedicated System Admin. Additionally, our website information is secure through protection systems and firewalls at the server level.
Website analytics applications
Like a vast majority of websites, we use website and marketing analytics applications to monitor the performance of our website and its use and thus improve our website’s user experience. We monitor metrics that indicate on an aggregated scale how users interact and engage with our website, services and products.
Though our marketing applications record data such as your device, internet browser, OS, geographical location, we do not have access to this information on an individual basis and we are unavailable to identify any single individual based off this aggregated information.
The information is retained until we believe it is unnecessary to retain such information. It is necessary for us to retain such information for reporting purposes. To request erasure, then you would need to file a request with us to which we will then evaluate your reasoning and reroute you to the necessary application providers for deletion.
Customer relationship management (CRM) system
Similarly to many other businesses, we use a CRM system to help us manage our relationships with our logistical partners and to manage relationships with you, our customers. We have undeniable control over the data that is within this system and there is limited access to only relevant employees and third parties, as well as, security checks to authenticate the anyone who does have access. Our system only records contact, logistical, payment, and buying & selling preferences & historical information.
The information is retained until we believe it is unnecessary to retain such information and where we believe there is still an ongoing business, mutually beneficial relationship. It is necessary for us to retain such information for reporting purposes.
Direct marketing system
We use direct marketing to keep in contact with our customers and potential customers. We communicate offers, educational information, market research, updates and industry news to you. We believe it is necessary to maintain community amongst our customer base and to promote community in this industry. Our direct marketing system processes email addresses and names and will sometimes store this information to our dedicated account.
This information is refreshed and updated every day automatically and then manually, which is based on the frequency of use and activity. We retain this information in these systems until you unsubscribe, request erasure or until we deem the relationship to have ended.
Email system provider
Our email system provider is used to communicate internally, between our partners and to communicate with you, our customers. We process information contained within emails, which can include payment details, contact information, buying/selling preferences and buying/selling history. Our email system also acts as a proxy storage system which allows us to digitally agree to contracts, have an audit trail and have a back-up of pertinent documentation/information/details.
Web hosting service provider
Our website hosting service provider allows to have our website connected to the internet and have an online address. The web hosting service provider supplies us with our own dedicated servers, online databases, security systems, among other things.
Information we have of you is stored on our servers but is routinely archived and deleted, automatically. The provider of this system is secure and provides encryption as well as added security measures to ensure security.
Our accounting system processes payment documentation and is able to distribute both documentation and information regarding payments via email. This system assists in record keeping financials. As such, we only store contact information in this system.
The information contained within this software is of limited access to dedicated persons. The information is encrypted too. We retain this information indefinitely due to reporting and tax purposes and so only certain information can be erased at your request.
We use surveying to understand our customers. We distribute surveys to find out what you want from us and how best to provide it. Our survey software processes email addresses and names and will sometimes store this information to our dedicated account.
We retain this information in this software until you unsubscribe, request erasure or until we deem the relationship to have ended. We retain this information until then due to wanting to preserve and store our survey results.
Email system support applications
To support additional functionalities with our email system we use plugin applications. These additional applications provide key metrics for marketing performance.
Cloud storage systems
The cloud storage systems in use at BiBO Holdings are secure and encrypted and have secure protocols to grant access to these storage facilities. The amounts of your information we store in our facilities is very limited and will at most only be contact information if that.
We retain information in this system until you ask us to erase or upon review where in which we ‘clean’ our storage systems. These reviews occur every 2 years.
We have a major logistical partner that processes information on our behalf. We transfer information to them to allow the fulfilment of a contract we have entered with you. We do in fact have privacy agreements in place with this partner to not share, redistribute or store our clients’ information. We communicate with our partners through a secure medium, encrypted email.
Security is a certain priority for us, therefore, we realise it should also be important for you and thus respected. Our efforts ensure your personal data is securely & safely processed and stored. As such, we use relatively high-level security processes and systems to handle your data and we make sure that your data does not leave our ownership (unless we have to honour our contract with you), e.g., encryption. We also ensure that our employees are vetted, to a certain degree, and have legal contracts in place to commit to our security measures and processes.
The length of time we keep your personal information depends on what the specific data is and whether we require the information for an ongoing business need. We will securely retain your personal data for as long as we have a relationship with you and for a period afterwards where we have an ongoing business & legal need to retain it. However, we are able to anonymise and delete non-required personal information upon your request and would be able to list our reasoning and what information has been deleted/retained. Additionally, we have in place an annual retention review in which we clear-out outdated and non-required information.
Because the personal information that you have submitted to us is your property, you have the right to command some form of control over it:
- Know the- and have access to your personal data that we have on you
- Update or delete the personal information we have on you
- Object to continuing processing of your data
In regards to marketing communications, you can unsubscribe at any time by following the instructions contained within the marketing communication.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, you have the right to object through our complaints process. Failing that, you may opt to not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed as your acceptance of those changes.
Free Trade House
9 Chapel Place