When we use the words ‘we’, ‘us’ or ‘our’, this refers to BiBO Holdings Ltd. Our headquarters and primary activities and operations are based in the UK, but we operate internationally.
In adherence to the EU data protection policies, we typically act as a controller of your personal data. BiBO Holdings Ltd. (company number 13153736) acts as the representative towards the EU.
We love data. However, we love people more (as well as wine!). To show this we have put in place our key principles as a company and as individuals to hold ourselves accountable and offer an unrivalled service, regarding personal data.
We do not actively use this information to identify individuals; neither do we store this information in its raw, identifiable and accessible form with the intention of operational use. The information that is stored on our servers is archived every 24 hours and then deleted every month, automatically.
We process and store this information securely and safely. Our email, CRM, accounting, website, storage, marketing and research systems are encrypted and inaccessible to unauthorised third parties.
When you visit our website or use our services, we collect personal data. We capture data in three different ways.
When you visit our website, use some of our services or request the use of some of our services, we will ask for your personal details to allow us to communicate with you and provide you with the best service (‘best service’ meaning the quickest, most accurate, personalised assistance) in which we are able to provide. If you are unwilling to provide your contact details, you may be unable to use certain services or areas/functions of our website.
Additionally, we believe that in most cases, a voice is nicer than text; as such, we build a majority of our relations via phone. In some cases, we characterise you based on your personal/commercial requirements, product preferences and product knowledge. Further, should you enter into a contract with us, we are obliged to honour our legal obligations and therefore must acquire more personal information (e.g., your bank details for payment, your physical address for a collection or delivery, etc.).
When you use our website, we automatically collect information about you (contact details, browser type, device type, the country from where you visit, etc.). We also collect information about your navigation through and around our website (what you pages you visited, clicked on, etc.). We collect this information because it allows us to cater the website language to the language you speak, protect the website from & respond to cyber-attacks, improve the performance of our website and it allows the ease of use of our services (e.g., remembering the information you inputted into our site previously).
Just as importantly, this information allows us to attain feedback and report on how useful our website and its functions are and whether we have laid it out correctly to use for people, different devices, browsers, countries, etc. As a digital wine merchant, our website is now our shop front and the best way to arrange our layout (or our ‘shelves’) or remember a previous customer’s name is to see how people interact with the layout and record certain, pertinent information.
From time to time, it is necessary for us to engage in proactive research. This entails surveying you, our customers, for preferences, wants, needs and feedback. We perform this activity through direct email marketing and results are gained automatically, in some instances, from the emails’ interactions.
It is imperative to overtly state and reiterate that we do not acquire, retain and process ‘sensitive information’ about you, our customers. We have no need for this information and we believe it is overly intrusive to acquire this type of information.
You, the user/customer, is at the heart of everything we do; as such, we only use your data to operate our primary activities and operations, providing you with services that you have requested and to manage our relationship. We only use your personal data for the following operations:
We only use your personal data for the following activities:
Although we use third-party applications to process and store your data, we have ensured that they are not shared outside of BiBO Holdings Ltd. without a privacy contract in place and when they are processed or stored secure methods are used, e.g., encryption, 2-step authentication, limited access to pertinent persons, etc.
There will be times when we need to share your data with third parties (typically, our partners). We only disclose your personal data to:
Where we collect personal data, we will only process it:
If we do not collect your personal data, we may be unable to provide you with all our services and provide unrivalled service, and some functions and features on our website may not be available to you.
A “Cookie” is a small file that is downloaded to your device (e.g., computer, smartphone or tablet) when you visit a website. These “Cookie files” allow the websites you visit to recognise your device and to gather information about your interaction with the website, as well as the device you are using. A Cookie, by itself, cannot be used to identify you.
You are able to choose to opt-out of cookies being stored on your device by disabling Cookies in the “Settings” your Internet browser, commonly found under the “Privacy” and/or “Security” tab(s).
Please be aware that if you do choose to disable all Cookies and opt-out of Cookie Tracking, our website may not function for you as intended.
We use the following 3rd party data processors to process personal data on our behalf:
To be an online wine merchant we have to have a website. To be able to create and manage our website, we use a content management system (CMS) to publish web pages and its contents (i.e., information) as well as to enable us to control and process your information. We use this system to operate and is a fundamental necessity. Contact information is stored in our CMS system and we retain this information indefinitely for reporting and record keeping unless otherwise instructed or requested to erase.
BiBO’s website is secure (HTTPS) and encrypted (SSL). Similarly, the System Admin area is encrypted using SSL and only registered accounts have access/logins, with only one dedicated System Admin. Additionally, our website information is secure through protection systems and firewalls at the server level.
Like a vast majority of websites, we use website and marketing analytics applications to monitor the performance of our website and its use and thus improve our website’s user experience. We monitor metrics that indicate on an aggregated scale how users interact and engage with our website, services and products.
Though our marketing applications record data such as your device, internet browser, OS, geographical location, we do not have access to this information on an individual basis and we are unavailable to identify any single individual based off this aggregated information.
The information is retained until we believe it is unnecessary to retain such information. It is necessary for us to retain such information for reporting purposes. To request erasure, then you would need to file a request with us to which we will then evaluate your reasoning and reroute you to the necessary application providers for deletion.
Similarly to many other businesses, we use a CRM system to help us manage our relationships with our logistical partners and to manage relationships with you, our customers. We have undeniable control over the data that is within this system and there is limited access to only relevant employees and third parties, as well as, security checks to authenticate the anyone who does have access. Our system only records contact, logistical, payment, and buying & selling preferences & historical information.
The information is retained until we believe it is unnecessary to retain such information and where we believe there is still an ongoing business, mutually beneficial relationship. It is necessary for us to retain such information for reporting purposes.
We use direct marketing to keep in contact with our customers and potential customers. We communicate offers, educational information, market research, updates and industry news to you. We believe it is necessary to maintain community amongst our customer base and to promote community in this industry. Our direct marketing system processes email addresses and names and will sometimes store this information to our dedicated account.
This information is refreshed and updated every day automatically and then manually, which is based on the frequency of use and activity. We retain this information in these systems until you unsubscribe, request erasure or until we deem the relationship to have ended.
Our email system provider is used to communicate internally, between our partners and to communicate with you, our customers. We process information contained within emails, which can include payment details, contact information, buying/selling preferences and buying/selling history. Our email system also acts as a proxy storage system which allows us to digitally agree to contracts, have an audit trail and have a back-up of pertinent documentation/information/details.
Our website hosting service provider allows to have our website connected to the internet and have an online address. The web hosting service provider supplies us with our own dedicated servers, online databases, security systems, among other things.
Information we have of you is stored on our servers but is routinely archived and deleted, automatically. The provider of this system is secure and provides encryption as well as added security measures to ensure security.
Our accounting system processes payment documentation and is able to distribute both documentation and information regarding payments via email. This system assists in record keeping financials. As such, we only store contact information in this system.
The information contained within this software is of limited access to dedicated persons. The information is encrypted too. We retain this information indefinitely due to reporting and tax purposes and so only certain information can be erased at your request.
We use surveying to understand our customers. We distribute surveys to find out what you want from us and how best to provide it. Our survey software processes email addresses and names and will sometimes store this information to our dedicated account.
We retain this information in this software until you unsubscribe, request erasure or until we deem the relationship to have ended. We retain this information until then due to wanting to preserve and store our survey results.
To support additional functionalities with our email system we use plugin applications. These additional applications provide key metrics for marketing performance.
The cloud storage systems in use at BiBO Holdings are secure and encrypted and have secure protocols to grant access to these storage facilities. The amounts of your information we store in our facilities is very limited and will at most only be contact information if that.
We retain information in this system until you ask us to erase or upon review where in which we ‘clean’ our storage systems. These reviews occur every 2 years.
We have a major logistical partner that processes information on our behalf. We transfer information to them to allow the fulfilment of a contract we have entered with you. We do in fact have privacy agreements in place with this partner to not share, redistribute or store our clients’ information. We communicate with our partners through a secure medium, encrypted email.
Security is a certain priority for us, therefore, we realise it should also be important for you and thus respected. Our efforts ensure your personal data is securely & safely processed and stored. As such, we use relatively high-level security processes and systems to handle your data and we make sure that your data does not leave our ownership (unless we have to honour our contract with you), e.g., encryption. We also ensure that our employees are vetted, to a certain degree, and have legal contracts in place to commit to our security measures and processes.
The length of time we keep your personal information depends on what the specific data is and whether we require the information for an ongoing business need. We will securely retain your personal data for as long as we have a relationship with you and for a period afterwards where we have an ongoing business & legal need to retain it. However, we are able to anonymise and delete non-required personal information upon your request and would be able to list our reasoning and what information has been deleted/retained. Additionally, we have in place an annual retention review in which we clear-out outdated and non-required information.
Because the personal information that you have submitted to us is your property, you have the right to command some form of control over it. In regards to marketing communications, you can unsubscribe at any time by following the instructions contained within the marketing communication.
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, you have the right to object through our complaints process. Failing that, you may opt to not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed as your acceptance of those changes.
9 Chapel Place
Tell us what you like and we will personalise a collection bespoke to your taste!