Privacy and Cookie Policy

Please also see the website Terms and Conditions.

 

  1. The Worshipful Company of Brewers (“We”) is dedicated to ensuring the privacy of all individuals whose personal data we process. We recognise that privacy is important. This Privacy Policy explains how we collect and use any personal information you provide to us.
    • We will only use the information that we collect about you lawfully and in accordance with the General Data Protection Regulation (GDPR) and the British Data Protection Bill.
    • We want you to feel free to use and explore our website and services without worrying about whether your visit will generate unwanted sales or marketing activity such as junk mail or spam.
    • We set out below what personal information we hold about individuals, what we do with that personal information, and your rights regarding this information.
  2. The Data Controller. The Brewers’ Company (“We”) from a legal perspective are classed as the “Data Controller”.
  3. Purpose of Processing Personal Data. The personal information we collect may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services and maintaining back-ups of our databases.  Website usage data may be processed for the purposes of analysing the use of the website and services.
  4. Lawful Basis of Processing Personal Data. The lawful basis of processing your personal data is legitimate interests.  Namely monitoring and improving our website and services, and the proper administration of our website and business.
  5. Categories of Personal Data Processed. The information we hold should be accurate and up-to-date.  The personal information which we hold will be held securely in accordance with our internal data protection and security policies.  The type or categories of personal data we will collect about you includes the personal information you enter into a contact form, including your name, email address and telephone number.
  6. Retention of personal data. We will not retain your personal data for longer than is required for the purposes outlined above.
  7. Links to other sites. Our website contains links to other websites.  This privacy policy only applies to this website, so when you link to other sites you should read their own privacy policies.
  8. Cookies.
    • A cookie is a tiny text file stored on your computer when you visit certain web pages. For system administration purposes, we may use cookies to collect information about your computer including, where available, your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.  We then use that information to monitor usage and improve the user experience.
    • Please note:'Cookies' cannot harm your computer.  We do not store personally identifiable information in the cookies we create, but do use information gathered from them to help improve your experience of the site.
    • You may be able block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our site.
    • For further information visit aboutcookies.org or www.allaboutcookies.org.
  9. Category of recipients of personal data. We take all reasonable care to prevent any unauthorised access to and use of your personal data.  Whilst any personal information that we use to provide or promote our services to you will not be passed to any third party organisation for marketing purposes, on occasion your details may be shared with our approved contractors or agents, in order produce relevant services.  Examples of third party processors include IT support services, website developers and cloud service providers.  All third party processors are assessed and vetted according to our Data Protection and Security policies.
  10. Sensitive personal data. We will never collect sensitive personal data about you without your explicit consent and a clear explanation of why it is required.
  11. Sale or passing of personal data to third parties. We will not sell or pass your personal data to any commercial or charitable organisation.
  12. Data subject’s rights
    • Right of Access.
      • You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
        • Confirmation that your data is being processed (held)
        • Access to your personal data (a copy)
        • Other supplementary information that corresponds to the information in this privacy notice.
      • Under GDPR this information will be provided without charge, without delay and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, we may choose to: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond.  The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. the UK Information Commissioner’s Office (ICO) will be highlighted.
      • To protect your personal data we will seek to verify your identity before releasing any information, which will normally be in electronic format.
    • Right of Rectification. You are entitled to have personal data rectified if it is inaccurate or incomplete.  We will respond within one month to your request.  In the unlikely event that we do not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.
    • Right of Erasure.  You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’.  However, you do have a right to have personal data erased and prevent processing in specific circumstances:
      • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
      • When you withdraw consent (where applicable)
      • When you object to the processing and there is no overriding legitimate interest for continuing the processing
      • The personal data was unlawfully processed
      • The personal data has to be erased in order to comply with a legal obligation
    • Right to Restrict Processing. Under the GDPR you have the right to ‘block’ or suppress processing of personal data.  When processing is restricted, we are permitted to store the personal data, but not further process it.  In this event exactly what is held and why will be explained to you.
    • Right to Data Portability.
      • You may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.  The Right to Data Portability only applies:
        • To personal data you have provided to us
        • Where the processing is based on your consent or for the performance of a contract
        • When processing is carried out by automated means
      • In these circumstance we will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month. If there is a delay to this, you will be informed.
    • Right to Object. You have the right to object to:
      • Processing based on legitimate interests or the performance of a task in the public interest/excise of official authority (including profiling)
      • Direct marketing (including profiling)
      • Processing for purposes of scientific research/historical research and statistics.
  13. Automated decision making and profiling. We do not employ any automated decision-making or conduct profiling of Data Subjects.
  14. Contact us. Questions, comments and requests regarding our use of your personal data are welcomed and should be addressed to: The Worshipful Company of Brewers, Brewers’ Hall, Aldermanbury Square, London, EC2V 7HR.