Person responsible for data protection compliance: Rich Staite, Operations Director.
We collect and process personal data relating to our accounts to manage our customer relationships. We are committed to being transparent about how we collect and use that data to meet our data protection obligations.
What information do we collect?
We collect and process a range of information about you. This includes:
• your contact name and contact details, including email address, transaction history and e-mail preferences.
In accordance with Data Protection laws, our legal basis for collecting and storing such personal information is that such processing is necessary for our legitimate interest in running and promoting our business and portfolio of brands. Whilst Shiner does not routinely obtain consent as the legal basis upon which it stores and processes personal data, it will, if necessary, and to the extent required by Data Protection laws, obtain the consent of the data subject to hold and process personal information. If consent is provided it can be withdrawn by the data subject at any time.
We collect this information when you sign up to for a Shiner account and is updated accordingly each time you make a purchase.
Data will be stored in a range of different places; internally on our ERP (Enterprise Resource Planning), BI (Business Intelligence) and WM (Warehouse Management) systems and externally with our MSP (Mail Service Provider – Mailchimp) and eCom providers (Owtanet) / AWS (Amazon Web Services).
Why do we process personal data?
We need to process data in order to notify you regarding B2B purchases and to send you the most relevant and up to date Shiner product mailers. For example, if you have purchased a Protection product, you will be included in any future Protection mailers.
Who has access to data?
Your information may be shared internally, including with the Company Directors, your account manager, members of the Sales, Marketing and IT teams.
We share your data with third parties such as our eCom provider and AWS to service your B2B account and our MSP (Mailchimp) in order to create, plan and send our Shiner mailers.
They will process your data only under our instructions. Some of this information is securely stored outside of the European Economic Area (EEA). The transfer of your personal data is carried out in compliance with the guarantees provided by law.
Their EU data processing addendum can be viewed here – https://shiner.co.uk/customer-eu-data-processing-addendum/
We do not share your information with any other third parties.
How do we protect data?
We take the security of your data seriously. We have internal controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. All data is kept secure, with access limited only to those who require the data for the proper performance of their job roles.
Our current third party MSP and eCom providers are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. They have been selected after a rigorous evaluation process and chosen for their security, reliability and competence.
For how long do we keep data?
We will hold your personal data in our MSP for the duration of you being an active Shiner customer. Your account information is stored within our internally on our ERP, BI and WM systems for up to 7 years.
As a data subject, you have a number of rights. You can:
• access and obtain a copy of your data on request;
• require us to change incorrect or incomplete data;
• require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing; and
• choose to opt out (unsubscribe) and no longer receive emails from us at any time.
If you would like to exercise any of these rights, please contact GPDR@shiner.co.uk
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
Shiner is registered with the ICO, with registration number Z7821339.