Privacy policy

UPDATED: 18 MAY 2018

  1. HOW WE HANDLE YOUR DATA
    1. IF YOU ARE A DIGITAL VISITOR
    2. IF YOU ARE OUR BUSINESS PARTNER
    3. IF YOU ARE A VISITOR TO OUR PREMISES
  2. SHARING OF YOUR INFORMATION
    1. Our affiliates
    2. Third party recipients
    3. Service providers that we may involve for THE PURPOSES described in above sections
    4. Law enforcement or government bodies
  3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
  4. YOUR RIGHTS
  5. VARIATIONS
  6. CHILDREN
  7. RETENTION PERIOD
  8. INFORMATION ABOUT US
  9. CONTACT DETAILS

We are committed to protecting and respecting your privacy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

  1. HOW WE HANDLE YOUR DATA

    This section covers the sources and categories of personal data that we collect and process, why we do so, and the lawful bases for such processing.

    This Privacy Policy covers the processing of the following categories of individuals:

    • Section 1.1 Our Digital visitors
    • Section 1.2 Our Business Partners (this section covers existing and prospective customers, business partners and suppliers collectively called Business Partners. Where these are legal entities, this covers their employees or representatives)
    • Section 1.3 Visitors to our premises
    1. IF YOU ARE A DIGITAL VISITOR

      1. – Sources of personal data
      2. – Personal data that we collect and process
      3. – Why do we collect your personal data and what are our lawful bases for it?
      1. Sources of personal data

        We may obtain your personal data from the following sources:

        1. from you directly (for example, at the time of subscribing to any services offered on our website, mobile applications, events, interactive kiosks or social media including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
        2. from your device or browser; and/or
        3. if you contact us, we may keep a record of that communications.
      2. Personal data that we collect and process

        1. name
        2. username
        3. adress
        4. date of birth
        5. email adress
        6. operating system
        7. browser type
        8. cookie data (for more information please see our Cookie Policy – linked below)
        9. preferences regarding online marketing
        10. IP adress
        11. Location
        12. Information you submit to us when you contact us posting material or requesting our service
        13. Responses you provide as part of our surveys, competitions, games and other interactive services; and/or
        14. Product orders, event invitations sent and tickets bought
      3. Why do we collect your personal data and what are our lawful bases for it?

        We will use personal data in the legitimate interests of our business. In the table below, we explain what specific business interests we pursue when processing your personal data

        We may use your personal data toWhat the legitimate interests of our business are
        Provide our digital services to youWebsite and Application Management

        Promote our goods and services

        Account Management

        Establish and manage our relationshipUnderstand the market in which we operate

        Management Reporting (including at an intra-group level)

        Account Management

        Learn about our digital users’ browsing patterns and the performance of our digital servicesWebsite & Application Management
        SecurityManaging security, risk and crime prevention

        Management Reporting (including at an intra-group level)

        Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationPromote our goods and services

        Management Reporting (including at an intra-group level)

        Learn about how our products or services may be usedUnderstand the market in which we operate

        Management Reporting (including at an intra-group level)

        If you object to us using your personal data for the above purposes, including direct marketing, please contact us using contact details set out in section 9

        Where we use cookies or similar technologies we will seek your prior consent where required to do so by law.

        Where we use your email or other digital means to communicate marketing information to you we will seek your prior consent where required to do so by law.

        We do not sell your personal data to any third party. Your data may only be shared with third parties when you give us your express permission.

        Our website may, from time to time, contain links to and from the websites of our partner networks, creative partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies and that we do not accept any responsibility or liability for how they process your personal data. Please check their privacy notices or policies before you submit any personal data to these websites.

        Please do not submit any information via this website if you are not happy with the way your personal data is processed as described in this Privacy Policy.

    2. IF YOU ARE OUR BUSINESS PARTNER

      This section covers existing and prospective customers, business partners and suppliers, collectively called Business Partners. We may collect personal data related to employees, directors, authorised signatories and other individuals associated with our existing or prospective Business Partners.

      1. Sources of personal data
      2. Personal data that we collect and process
      3. Why do we collect your personal data and what are our lawful bases for it?
      1. Sources of personal data
        We may obtain your personal data from the following sources:

        1. from you directly,
        2. from a company that employs you, if you are an employee of our Business Partner,
        3. from our affiliates, i.e. members of the Bacardi Limited group of companies;
        4. during networking events that we have either hosted, or sponsored, or attended; and/or
        5. from publicly available sources (for example, your company website or social media sites).
      2. Personal data that we collect and processWe may collect the following categories of personal data relating to our Business Partners’ employees, officers, authorised signatories, or other associated individuals:
        1. name
        2. business address
        3. business email address
        4. business telephone number
        5. business fax number
        6. job title or role
        7. business bank account details
        8. date of birth
        9. language of communication
        10. date of first contact
        11. categorisation as a business partner (e.g. supplier, existing or prospective customer); and/or
        12. Bacardi’s system usage details, if suppliers or business partners are permitted access to Bacardi systems
      3. Why do we collect your personal data and what are our lawful bases for it?We will use personal data in the legitimate interests of our business. In the table below, we explain what specific business interests we pursue when processing your personal data
        We may use your personal data to:What the legitimate interests of our business are:
        Provide you with our products or services or receive products or services from youEfficiently fulfil our contractual and legal obligations

        Management Reporting (including at an intra-group level)

        Establish and manage our relationshipEfficiently fulfil our contractual and legal obligations

        Account Management

        Understand the market in which we operate

        Management Reporting (including at an intra-group level)

        Exercise or defend legal claims

        Learn about how our products and services are or may be usedUnderstand the market in which we operate

        Management Reporting (including at an intra-group level)

        SecurityManaging security, risk and fraud prevention

        Management Reporting (including at an intra-group level)

        Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationPromote our goods and services

        Management Reporting (including at an intra-group level)

        If you object to us using your personal data for above purposes, including direct marketing, please let us know using the email address provided in section 9.

        Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

    3. IF YOU ARE A VISITOR TO OUR PREMISES

      1. – Sources of personal data
      2. – Personal data that we collect and process
      3. – Why do we collect your personal data and what are our lawful bases for it?
      1. Sources of personal dataWe may obtain your personal data from you directly and from our systems’ records
      2. Personal data that we collect and process
        1. name
        2. business contact details
        3. organisation
        4. role
        5. time and date of your visit; and/or
        6. image (for example, from CCTV cameras at our premises, where they are used)
      3. Why do we collect your personal data and what are our lawful bases for it?We will use personal data in the legitimate interests of our business. In the table below, we explain what specific business interests we pursue when processing your personal data
        We may use your personal data to:What the legitimate interests of our business are:
        SecurityManaging security, risk and crime prevention
        Maintain records of visitors to our premisesManagement Reporting

        If you object to us using your contact details for these purposes, please let us know using the email address provided in section 9.

  2. SHARING OF YOUR INFORMATION

    We do not sell your personal data to any third party.

    Data we collect may also be processed by staff operating outside the EEA who work with us or for us, or for one of our affiliated companies, suppliers or service providers

    Recipients of your personal data:

    1. OUR AFFILIATES

      We may disclose your personal information with our affiliates, who may use your information for the purposes described in this Privacy Policy. In so doing, they will be data controllers of your information together with us. As data controllers, our affiliates will process your data in compliance with the GDPR and other relevant data protection laws.

    2. THIRD PARTY RECIPIENTS

      We will ensure that any service provider engaged by us is bound to comply with data protection obligations and process your personal data only on documented instructions from us and do not use it for their own purposes.

    3. SERVICE PROVIDERS THAT WE MAY INVOLVE FOR THE PURPOSES DESCRIBED IN ABOVE SECTIONS

      Our advertising and promotional agencies and consultants to carry out marketing campaigns or email mailings on our behalf, or analyse or evaluate our data collection process or customer service fulfilment, and Service providers such as website hosting companies.

    4. LAW ENFORCEMENT OR GOVERNMENT BODIES

      We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

  3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

    If and when transferring your personal data outside the EEA (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

    1. the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
    2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA;
    3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
    4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

    You may request a copy of any relevant document in relation to transfers of your personal data outside the EEA by contacting us using the contact details in section 9 below.

  4. YOUR RIGHTS

    You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can also limit, restrict or object to the processing of your data.

    We do not carry out any decision-making based solely on automated processing, including profiling.

    If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.

    You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.

    If you would like to exercise any of your above rights, contact us using the contact details in section 9 below.

  5. VARIATIONS

    We may revise this Privacy Policy at any time by amending this page. Any changes to our processing will take effect within a reasonable period of time after posting the amended Privacy Policy, so that you would have time to consider if you are ok with the changes.

  6. CHILDREN

    Our website is designed to appeal to adults only. We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites or its products or services to children or people under the legal drinking age.

    If we become aware that a visitor to our websites is a child or under the Legal Drinking Age in the country or other territory in which he or she is located at the relevant time and has registered without verifiable parental consent, we will remove his or her personal information from our files.

  7. RETENTION PERIOD

    We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

  8. INFORMATION ABOUT US

    In the present Privacy Policy, “We” or “us” means Bacardi Global Brands Limited, registered in England and Wales under company number 3651489. Our registered office and main trading address is at 12 Steward Street, London, E1 6FQ, United Kingdom. Our VAT number is GB 222 2530 16. If you have any concerns about material which appears on our website or if you need to communicate with us, please contact us as explained in section 9.

    For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), we will be the data controller responsible for any personal information about you.

  9. CONTACT DETAILS

    Questions, comments, complaints and requests regarding this Privacy Policy, or our privacy practices in general, are welcomed.

    Any queries and requests regarding this Privacy Policy are welcome via the contact points below.

    Who you areViaAddress
    Digital VisitorOnline Formhttp://Contact.BacardiLimited.com
    Business Partners or Visitor to our PremisesEmailDataProtection@bacardi.com

    If you are unhappy with how we dealt with your request or complaint, you have the right to file a complaint with the Information Commissioner’s Office, the UK data protection supervisory authority or your local data protection supervisory authority in the EU.