Privacy Policy for TennentsOfScotland.com
TennentsOfScotland.com (“we”, “us”, or “our”) is committed to safeguarding the privacy and personal data of all users visiting or interacting with our website. This Privacy Policy outlines how we collect, process, and protect personal data in accordance with applicable data privacy laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). We uphold a privacy-first ethos and are fully committed to respectful, transparent, and secure handling of all personal data entrusted to us.
1. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of the website tennentsofscotland.com and governs the processing of personal data collected through our digital platforms, services, and related interactions. TennentsOfScotland.com is the data controller for all personal data processed under this Policy, meaning we determine the purposes and means of processing such data.
2. Categories of Personal Data Processed
We may collect and process the following categories of personal data, depending on how you interact with our website or services:
a. Usage Data
Information automatically collected about your interaction with our website, including IP address, browser type, time zone, referring URLs, pages viewed, access timestamps, and session duration.
b. Account Data
Details you provide when creating an account or placing an order, such as your full name, billing and shipping address, email address, and phone number.
c. Profile Data
Information derived from your interactions with us, including product preferences, order history, on-site behavior, and responses to marketing communications.
d. Communication Data
Records of communications you’ve had with us, including support inquiries, email exchanges, and feedback provided via the website.
e. Technical Data
Device-specific data such as device type, operating system, platform, browser settings, screen resolution, and language preferences.
f. Transaction Data
Details regarding purchases, including payment card data (processed securely by third-party payment providers), transaction timestamps, delivery addresses, and purchase history.
g. Preference Data
Information regarding your communication preferences, consent statuses for marketing, and stated interests in specific product categories.
3. Legal Bases for Processing Personal Data
We process your personal data based on the following lawful grounds, as provided under the GDPR:
– Consent: Where legally required, we obtain your explicit consent for activities such as email marketing or cookie tracking.
– Contractual Necessity: To fulfill orders, manage contracts, deliver services, or provide customer support.
– Legal Obligation: To comply with any applicable laws, regulatory obligations, or valid legal requests.
– Legitimate Interests: For purposes such as improving our website, conducting analytics, preventing fraud, and ensuring website security. We ensure that our legitimate interests do not override your fundamental rights and freedoms.
4. Your Rights Under Data Protection Law
You have the following rights regarding the personal data we hold about you, subject to applicable limitations:
– Right of Access: You may request access to your personal data.
– Right to Rectification: You may correct any inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to legal retention obligations.
– Right to Restriction: You may request limited use of your data in certain instances.
– Right to Data Portability: You may request a copy of your data in a portable format and have it transmitted to another data controller.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing.
– Rights Under CCPA: California residents may also opt out of the sale or sharing of their personal data and request to know, access, or delete the personal information we have collected about them.
To exercise any of these rights, you may contact us at [email protected]. We will respond promptly within the timeframes required by applicable law.
5. Security Measures
We implement industry-standard security practices to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:
– SSL/TLS encryption for data transmissions
– Secure storage of sensitive information
– Role-based access controls and internal authentication mechanisms
– Routine data backups and system redundancy
– Ongoing employee training on data privacy and cybersecurity practices
6. International Data Transfers
Where personal data is transferred outside the UK, European Economic Area (EEA), or other jurisdictions with data protection equivalency, we ensure appropriate safeguards are in place. We rely on approved mechanisms such as Standard Contractual Clauses and other lawful data transfer arrangements to maintain compliance and safeguard your personal information.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes stated in this Policy, or as required by law. Specific retention periods include:
– Usage & Technical Data: Retained for up to 24 months for security and analytics.
– Account & Transaction Data: Retained for up to 7 years for contractual and tax obligations.
– Communication Data: Retained for up to 3 years from the last correspondence.
– Profile & Preference Data: Retained while your account is active or until you withdraw consent.
Upon expiration of the applicable retention period, data is securely deleted or anonymized.
8. Cookie Policy
Our website uses cookies and similar technology to enhance your experience. Cookies are small files placed on your device that help us:
– Essential Cookies: Operate secure features and core website functions.
– Functional Cookies: Remember choices you make (e.g., language, location).
– Analytics Cookies: Collect aggregated data on site usage to improve performance.
– Performance Cookies: Monitor site stability and resolve technical errors.
Some cookies are deployed by third-party services such as Google Analytics. These providers may process information outside your jurisdiction, and we ensure appropriate safeguards are in place.
9. Cookie Management & Compliance
When you visit tennentsofscotland.com, a cookie consent banner is presented. Where required, we obtain your explicit consent before placing non-essential cookies on your device.
You may manage your cookie preferences at any time through browser settings or via our cookie management tools accessible on the website footer. Under GDPR and CCPA, you have the right to opt-out of cookie tracking and withdraw consent at any time.
10. Children’s Privacy
Our website and services are not intended for children under the age of 13, and we do not knowingly collect personal data from individuals in this age group. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such data promptly. Parents or legal guardians who believe their child has submitted personal data without proper consent may contact us at [email protected].
11. Updates to This Policy
We reserve the right to update this Privacy Policy as legal, technical, or operational needs evolve. Any material changes will be communicated via notification on the website or other appropriate channels, and your continued use of tennentsofscotland.com will constitute acceptance of those updates.
12. Contacting Us
If you have any questions about this Privacy Policy, your data rights, or wish to lodge a complaint, you are encouraged to contact our privacy team at:
Email: [email protected]
We are committed to ensuring full transparency and protecting your privacy with the utmost care. For further information regarding our compliance with GDPR, CCPA, and related regulations, please don’t hesitate to get in touch.