This policy is in relation to how we collect, store and process personal data on our website. It covers the following areas,
- Contact Forms
- About Cookies
- Online ordering
- NHS Test and Trace
- Website Backups & Maintenance
- Links to other websites
- Contact Us
The website is kept up to date and uses a secure socket layer encryption (SSL) to ensure all data transmitted across the internet is encrypted. The database and website files are held on a server in a secure datacentre protected both physically and electronically by security process.
In all instances we do not share your data with any third party (unless otherwise stated) and only use it in direct relevance to the reason it was given to us in the first place.
In all instances we are happy to share with you what personal data we might have and you can contact us by phone or in writing at the details above.
We use contact forms on our website, this means that if you wish to contact us you can use the forms.
The form(s) will ask you for your name and email address. In some cases more information is collected which is relevant to the nature of the enquiry.
This is how we process your information:
You will be asked if this is OK to process this information before you submit the form. Because we need this information to effectively respond we will not process the form without your permission.
Once you have submitted the information it will send an email to us where we will respond to you appropriately. We will delete the email when the enquiry has reached an end.
This is how we store your information:
In some cases, we keep a version of the contact form in our website database so that we can ensure we have a copy of your original contact.
This is how we use your information:
We only use your data in conjunction with the enquiry you made.
Your right to control your personal information
You may choose to restrict the collection or use of your personal information.
You have the right to ask us to change or remove your personal information from our database at any time. You also have the right to request a copy of the information we hold about you in an easily accessible format and to have any inaccuracies corrected or removed.
To do this, please write to us at Briarbank Brewing Company, 70 Fore Street, Ipswich IP4 1LB or email office@Isaaclord.org.
When you purchase something from our webstore, which is powered by Woocommerce, we collect billing and shipping information which includes personal information, in some cases we also provide the option to create an account.
This is how we process your information:
Your personal information is transmitted to us in an email order form which we use to process your order and enter onto our financial systems. Your payment information is held within PayPal and/or Payment Sense or equivalent and not used anywhere else. We do not do anything with account information if an account has been made.
This is how we store your information:
Your order information is stored in the website database and is kept there securely, an email version of the order is kept on our computer and is stored there.
Because we need your personal information to be able to comply with distance selling regulations, tax requirements and warranties we do store your data. We will only store this information for the length of time required under the appropriate regulation. Here is some more detail.
We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for Legally permissible number of years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfil orders, process refunds and support you.
What we share with others
We share information with third parties who help us provide our orders and store services to you; for example —
We accept payments through Paymentsense. When processing payments, some of your data will be passed to Paymentsense, including information required to process or support the payment, such as the purchase total and billing information.
We use Google analytics to track the number of visitors to our site. We have ensured that the data collected using Google Analytics is anonymous and that IP anonymization is employed.
This is how we process your data
Under the definitions outlined in the GDPR regulations we are the controller of data and not the processor of data. Google have the obligation to conform to the GDPR regulation.
This is how we store your data
For information about how to disable cookies in your browser please visit www.allaboutcookies.org.
Please note, there are some cookies which are essential to the website, which allows us to provide you with the services available through the website, such as the webstore.
NHS TEST AND TRACE
NHS Covid-19 App is up and running; customers can use this method to check in. Our official NHS QR Code is clearly displayed by the entrance.
Unless a customer has checked in via the NHS Covid-19 app, it is mandatory that we obtain basic contact details of all customers over 16 years of age in your group for the purposes of NHS Test and Trace. All data is GDPR compliant and is only used for this purpose and is purged automatically after one month.
CCTV is used throughout our venue to ensure the safety of our staff and customers. Signs are displayed throughout the venue to inform our customers of this.
CCTV images are securely stored, and only authorised staff members have access to these. We keep CCTV footage for 28 days, after which they are deleted. We only share CCTV footage with third parties when we are legally obliged to do so.
We use multiple firewall solutions that asks for your IP address before allowing access to our website. The firewall providers are the processor of this data and we can provide you with their contact information on request.
WEBSITE BACKUP AND MAINTENANCE
We backup the website on a regular basis, each of these backups will have a complete replica of the website, including the data stored within it.
The backups are managed by Octopress which use third party software to make the backups. Backups are done and stored remotely. Backups are a key element to business continuity and as such are a legitimate interest reason for processing and storing the data. We therefore do not need explicit permission to store process and store this data. We run full backups daily, which are kept for 90 days. Therefore, any request to remove personal data for any archived version can take up to 90 days to be processed.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites. Such sites are not governed by this privacy statement and we cannot be responsible for the protection and privacy of any information that you provide to that site. Please review the privacy statement applicable to every website and mobile app you visit.