The Pull The Cork Privacy Policy and GDPR compliance

1) Privacy and your personal data

Pull The Cork Limited ethically commits to protecting user privacy and personal data. This privacy policy tells you how we obtain, define, and use your personal information and what your rights are. This privacy policy is written to help you make informed decisions when using our website.

The privacy policy applies to your personal information collected by us or provided by you. It is collected by our website or in other ways, such as telephone or email. We make it clear when we collect personal information, and we ask for your positive consent to this. We explain what we intend to do with it.

It also describes enhanced web security features designed to protect you, such as HTTPS.

The holding and use of your personal information comply with the Data Protection Act. It is also compliant with the GDPR (General Data Protection Regulation) when this comes into force on 25 May 2018. Regular reviews will ensure ongoing compliance.

2) About the GDPR

The GDPR applies throughout the European Union (EU). It strengthens, harmonises, and modernises EU data protection law and enhances individual rights and freedoms. It is consistent with the European understanding that privacy is a fundamental human right. The GDPR regulates how individuals and organisations may obtain, use, store, and destroy your personal data.

The GDPR covers all institutions established in the EU. It also includes all systems outside the EU that process the personal data of EU citizens. For the avoidance of doubt, the intention of the UK to leave the EU (“Brexit”) is immaterial to GDPR compliance. The penalties for non-compliance are stringent.

Pull The Cork, established in the UK, is the Data Controller. James Nathan, Owner and Director, is the Data Protection Officer. Contact him via the website.

3) The Pull The Cork website

When you visit www.pullthecork.co.uk, we use a third-party service, Google Analytics, based in the USA. They collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed anonymously, which does not identify anyone. Neither ourselves or Google Analytics tries to find out the identities of those browsing our website. Google Analytics participates in and has certified its compliance with the Privacy Shield framework. They treat all personal data received from EU member countries under the Privacy Shield framework. Further details about Google Analytics compliance can be seen here.

We use a third-party service, MailPoet, to publish our website, run by Automattic Inc, based in the USA. It is hosted and maintained at Market Jar in the UK. WordPress collects anonymous information about user activity. They report on the effectiveness of the site to help improve it. Market Jar’s privacy policy can also be seen here.

The Pull The Cork site features an embedded Twitter feed. Twitter is based in the USA; their policy can be seen here. There is no sharing of your personal data on Twitter or any other Social Media.

4) Personal Information collected

When you visit the Pull The Cork website, you may provide personal information. This information is the minimum required to operate our services and requires your positive consent. It includes your name and email address and is collected by:

Completing a Contact Us form on the site;
Subscribing to a Newsletter/Update to receive news, promotions, information or updates;
Commenting on published Products, and Blog Posts;
Email, where we may retain your email messages, your email address and our responses;
Digital Information is also sent to the website from your access device. This is on the device used, location and IP address.

Pull The Cork does not and will never collect Sensitive personal data. Examples include health or financial information or information that reveals a person’s racial or ethnic origin. Pull The Cork does not conduct personal data Profiling.

5) Cookies

The Pull The Cork website uses cookies to gather information about site usage. A cookie is a small data file that a web page server adds to your hard drive. Cookies cannot identify you. They enable easier navigation and help us match content to your preferred interests more quickly. Our use of cookies complies with legislation.

Hence by using the Pull The Cork website, you agree to cookie use. If you do not accept this, you can alter your own browser settings. You can turn off cookies or block those which are unacceptable to you. You can also delete existing cookies. All modern browsers allow you to do this and your browser settings have instructions on this.

6) How do we use the information you provide?

We use your information in the following ways:

present content from our website in the most effective manner for you and your device;
notify you of any changes;
provide you with any news, promotions, information or updates using Mailpoet;
update our records;
provide anonymised usage statistics using Google Analytics.

7) Personal information and third parties

We do not sell personal information collected by the website to any third party. Transfer of personal data for data processing is only made to Google Analytics, WordPress or Mailpoet. These third-party data processors are outside the EU as described above. Notwithstanding this, we are under a duty to disclose or share your information to comply with any legal obligations.

8) Your Consent

Consent is the legal basis for processing your personal data according to the GDPR.

The Pull The Cork Newsletter/Update subscription, Contact Me form and Article Comment is optional. They require your positive consent to collect and use your personal data. You may sign up for the Newsletter/Update, use the Contact Me form or leave Comments on published Articles. You must positively give your consent to each of these by ticking a blank box.

The Newsletter/Update is an optional free subscription service which requires your positive consent when first signing up. You may unsubscribe from this subscribed Newsletter/Update service at any time. All Newsletter/Updates sent contain automatic unsubscribe links.

The Contact Me/Article Comment facilities require your positive consent for each usage.

You can refuse consent without detriment.

The Newsletter/Update is constructed, sent and analysed by Mailpoet. Mailpoet is a data processor in the USA. It gathers statistics on email opening, location and clicks using their technologies. Mailpoet participates in and has certified its compliance with the Privacy Shield framework. They treat all personal data received from EU member countries under the Privacy Shield framework.

9) Your rights

You may request access to your personal data that we collect online and maintain by contacting us at any time without charge. Exceptionally, if the application is unfounded, excessive, or repetitive, we may charge a fee based on our administrative costs. We will respond within one calendar month of the request date.

You have the right to ask us not to process information for marketing purposes. Any marketing will cease immediately upon receipt.

You have the right to have any of your personal data held by us securely erased, restricted or rectified. We will respond without undue delay, and in any case within one calendar month.

You may unsubscribe from a subscribed Newsletter/Update at any time.

10) Security and Trust

Instead of HTTP, the Pull The Cork website uses an SSL EV Certificate for enhanced safety and privacy, using HTTPS. Consequently, in your browser, you may see this as:

Our name, as we own the EV certificate;
A distinctive colour, usually green. This is shown in the address bar to indicate a valid EV Certificate;
A lock symbol in the address bar. It varies in colour depending on the website security status. By clicking on the lock symbol, you can obtain more information about the EV certificate.

HTTPS is much more secure than HTTP. However, we cannot guarantee the security of your data during transit to our website. Once we have received it, we use security features to prevent unauthorised access.

Last updated 13th September 2018