PRIVACY POLICY

UPDATED: 26 March 2020

This Privacy Policy, which is effective as of 26 March 2020, amends the prior version which was effective as of [25th May 2018]. We have added a new section 1.4 [5], and 9 for Californian residents to this Privacy Policy. We have also clarified our processing practices around data sharing with third party controllers for marketing and advertising purposes in section 1.1 for Digital visitors.

Please read carefully before using this site.

  1. HOW WE HANDLE YOUR DATA
    1. IF YOU ARE A DIGITAL VISITOR
      1. Sources of personal data
      2. Personal data that we may collect and process
      3. Why do we collect your personal data and what are our lawful bases for it?
    2. IF YOU ARE OUR BUSINESS PARTNER
      1. Sources of personal data
      2. Personal data that we may collect and process
      3. Why do we collect your personal data and what are our lawful bases for it?
    3. IF YOU ARE A VISITOR TO OUR PREMISES
      1. Sources of personal data
      2. Personal data that we may collect and process
      3. Why do we collect your personal data and what are our lawful bases for it?
    4. If you are a californian resident
      1. Categories of Personal Information collected (is there no way to merge this with Rest of World??? )
      2. You may exercise the following rights
  2. SHARING OF YOUR INFORMATION
    1. Our affiliates
    2. Third party recipients
    3. Service providers that we may involve for THE PURPOSES described in above sections
    4. Law enforcement or government bodies
  3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA and the UK (EEA)
  4. YOUR RIGHTS
  5. VARIATIONS
  6. CHILDREN
  7. RETENTION PERIOD
  8. INFORMATION ABOUT US
  9. CONTACT DETAILS

We are committed to protecting and respecting your privacy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. If you are a California Resident, specific sections (1.4, [5] and 9) apply to you, in addition to other clauses outlined in this Privacy Notice.

1. HOW WE HANDLE YOUR DATA

This section covers the sources and categories of personal data that we collect and process, why we do so, and the lawful bases for such processing.

This Privacy Policy covers the processing of the following categories of individuals:

  • Section 1.1 Our Digital visitors
  • Section 1.2 Our Business Partners (this section covers existing and prospective customers, business partners and suppliers collectively called Business Partners. Where these are legal entities, this covers their employees or representatives)
  • Section 1.3 Visitors to our premises
  • Section 1.4 Californian Residents

1.1. IF YOU ARE A DIGITAL VISITOR

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?

A. Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly (for example, at the time of subscribing to any services offered on a website, mobile applications, events, interactive kiosks or social media including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
  2. from your device or browser; and/or
  3. if you contact us, we may keep a record of that communication.

B. Personal data that we may collect and process

  1. name
  2. username
  3. address
  4. date of birth
  5. email address
  6. operating system
  7. browser type
  8. cookie data (for more information please see our Cookie Policy – linked below)
  9. preferences regarding online marketing and tracking
  10. IP address
  11. Location
  12. Information you submit to us when you contact us posting material or requesting our service
  13. Responses you provide as part of our surveys, competitions, games and other interactive services; and/or
  14. Product orders, event invitations sent, and tickets bought
  15. Behavioural information from online, web, apps, email and social media, if we have your permission to do so.

C. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.

*Where we use your email or other digital means to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your personal data for the above purposes, including direct marketing, please contact us using contact details set out in section 9.

Where we use cookies or similar technologies, we will seek your prior consent where required to do so by law.

We do not sell your personal data to any third party.

Our website may, from time to time, contain links to and from the websites of our partner networks, creative partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies. Please check their privacy notices or policies before you submit any personal data to these websites.

Please do not submit any information via this website or application if you are not happy with the way your personal data is processed as described in this Privacy Policy.

1.2. IF YOU ARE OUR BUSINESS PARTNER

This section covers existing and prospective customers, business partners and suppliers, collectively called Business Partners. The information we collect and process in relation to our customers is primarily business information. We may collect personal data related to employees, directors, authorised signatories and other individuals associated with our existing or prospective Business Partners.

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?

A. Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly,
  2. from a company that employs you, if you are an employee of our Business Partner,
  3. from our affiliates, i.e. members of the Bacardi Limited group of companies;
  4. during networking events that we have either hosted, or sponsored, or attended; and/or
  5. from publicly available sources (for example, your company website or social media sites).

B. Personal data that we may collect and process

We may collect the following categories of personal data relating to our Business Partners’ employees, officers, authorised signatories, or other associated individuals:

  1. Name
  2. Picture (photography) – During our Bacardi events
  3. business address
  4. business email address
  5. business telephone number
  6. business fax number
  7. job title or role
  8. business bank account details
  9. date of birth
  10. language of communication
  11. date of first contact
  12. categorisation as a business partner (e.g. supplier, existing or prospective customer); and/or
  13. Bacardi’s system usage details, if suppliers or business partners are permitted access to Bacardi systems

C. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.

* We will seek your prior consent where required to do so by law.

If you object to us using your personal data for above purposes, including direct marketing, please let us know using the email address provided in section 9.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

1.3. IF YOU ARE A VISITOR TO OUR PREMISES

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?

A. Sources of personal data

We may obtain your personal data from you directly and from our systems’ records

(If we add events the A B C needs to be copied from digital visitor above)

B. Personal data that we may collect and process

  1. Name
  2. Surname
  3. Data of Birth
  4. Email address
  5. Address
  6. business contact details
  7. organisation
  8. role
  9. time and date of your visit; and/or
  10. image (for example, from CCTV cameras at our premises, where they are used,

C. Why do we collect your personal data and what are our lawful bases for it?

In the table below, we explain what specific business interests we pursue when processing your personal data and what lawful bases we rely on.

* We will seek your prior consent where required to do so by law

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

If you object to us using your contact details for these purposes, please let us know using the methods listed in section 9.

1.4. IF YOU ARE A CALIFORNIAN RESIDENT

The following is applicable to individuals residing in California from whom we collect Personal data, in accordance with the California Consumer Privacy Act (hereinafter “CCPA”).

The chart below outlines the categories of Personal Information (as defined by the CCPA) that we have collected for a business purpose in the preceding twelve months.

WE DO NOT SELL PERSONAL INFORMATION.

A. Categories of Personal Information collected

The examples of Personal Information for each category below are provided by CCPA to describe the information that pertains to each category. CCPA requires us to provide disclosures in regard to each category, even where we collect only one element that pertains to such category. For example, because we may collect “gender” information, we have to disclose that we collect personal information for the category “Characteristics of Protected Classifications under California or Federal Law” even where we do not collect any other element that pertains to that category.

For each category of Personal Information, we collect:

  • We use share the personal information for the business purposes described under sections 1.1, 1.2. and 1.3 above above
  • We share the personal information as explain in section 2 below.

B. You may exercise the following rights.

– Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected. Prior to disclosing the information, we are required to verify that the individual making the request is indeed the individual to whom the information relates. Once we receive a verifiable request, we must disclose to you the information requested for the twelve months preceding your request.

– Right to Delete. Subject to certain exceptions, you have the option to delete Personal data about you that we have collected from you.
Verification. Requests for access to or deletion of Personal data are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations.

Right to Equal Service and Price. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.

Submit Requests. For other requests or to authorize an agent to make a request on your behalf, you can also reach contact us (see Section 9).

2. SHARING OF YOUR INFORMATION

We do not sell your personal data to any third party.

We use secure methods to transmit personal data.

Data we collect may also be processed by staff operating outside the EEA who work with us or for us, or for one of our affiliated companies, suppliers or service providers

Recipients of your personal data: –

2.1 Our affiliates

We may disclose your personal data to our affiliates, who may use your information for the purposes described in this Privacy Policy. In so doing, they will be data controllers of your information together with us. As data controllers, our affiliates will process your data in compliance with the GDPR and other relevant data protection laws.

2.2 Third party recipients

We may share your personal data with third parties who are controllers of your personal data as follows:

  • Where required by law and similar mandatory disclosures.
  • In connection with a merger, sale, or asset transfer.
  • Other third parties for whom we have obtained your permission or consent to disclose your Personal data.

2.3 Service providers that we may involve for THE PURPOSES described in above sections

Our service providers process your personal data for data analytics/ marketing and advertising of our products and services to you. Our advertising and promotional agencies and consultants carry out marketing campaigns or email mailings on our behalf, or analyse or evaluate our data collection process or customer service fulfilment, such as website hosting companies. We will ensure that any service provider engaged by us is bound to comply with data protection obligations and process your personal data only on documented instructions from us and do not use it for their own purposes.

2.4 Law enforcement or government bodies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA AND THE UK (EEA)

If and when transferring your personal data outside the EEA and the UK, (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

  1. the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
  2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA and the UK;
  3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
  4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

You may request a copy of any relevant document in relation to transfers of your personal data outside the EEA and the UK by contacting us using the contact details in section 9 below.

4. YOUR RIGHTS

When prescribed by local regulations, you are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems.

You can also ask us to transfer a copy of your personal data that you provided to us, limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.

If you gave us your consent to use your data, e.g. so that we can use your electronic contact details to send you marketing communications, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.

You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.

If you would like to exercise any of your above rights, contact us using the contact details in section 9 below.

5. VARIATIONS

We may revise this Privacy Policy at any time by amending this page. Any changes to our processing will take effect within a reasonable period of time after posting the amended Privacy Policy, so that you would have time to consider if you are ok with the changes.

6. CHILDREN

Our website is designed to appeal to adults only. We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites or its products or services to children or people under the legal drinking age.

If we become aware that a visitor to our websites is a child or under the Legal Drinking Age in the country or other territory in which he or she is located at the relevant time and has registered without verifiable parental consent, we will remove his or her personal data from our files.

7. RETENTION PERIOD

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

8. INFORMATION ABOUT US

Our EU entities are subsidiaries/affiliates of or are otherwise associated with Bacardi BMBV. These are listed in Annex 1 to this Privacy Notice. If you are a visitor to our websites, the relevant data controller is Bacardi Martini B.V., registered in The Netherlands under company number 33164385. Our registered office and main trading address is at (Building 1962), Stadionplein 6, 1076 CM Amsterdam, The Netherlands. Our VAT number is NL 0059.70.441.B01.

If you are a customer or a potential customer of one or more of our EU entities, or an individual related to one of our existing or potential customers, the relevant data controller is the Bacardi entity which has contractual or business relations with our customer. If you contract with our EU entities in any other capacity (for example, to provide your services), your data controller will be the Bacardi entity with which you contract. If you are a visitor to our premises or events, the relevant controller is the EU entity that is located in that office or hosting the event.

For cross-border matters, and in relation to personal data shared by several of our EU entities, the relevant entities may operate as joint controllers that will collaborate with one another, as necessary, to comply with our obligations under the GDPR, including to address requests by data subjects to exercise their rights under the GDPR, as set out in Section 4 above. The main establishment for all of our EU entities for purposes of compliance with the GDPR is Bacardi Martini B.V., at (Building 1962), Stadionplein 6, 1076 CM Amsterdam, The Netherlands.

If you need to communicate with us, please contact us as explained in section 9.

For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), Bacardi Martini B.V., (Building 1962), Stadionplein 6, 1076 CM Amsterdam, The Netherlands will be the data controller responsible for any personal data about you.

9. CONTACT DETAILS

Questions, comments, complaints and requests regarding this Privacy Policy, or our privacy practices in general, are welcomed.

Any queries and requests regarding this Privacy Policy are welcome via the contact points below.

Digital visitors may opt out from our marketing communication by simply clicking on the “opt Out” function at the bottom of the email received by us.

As UK resident, if you are unhappy with how we dealt with your request or complaint in relation to how we handle your personal data, you have the right to file a complaint with the Information Commissioner’s Office.

ANNEX 1