The Green Welly Stop Ltd Privacy Policy

Introduction to The Green Welly Stop

This Privacy Notice explains in detail the types of personal data we (The Green Welly Stop Ltd.) may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
There is a lot of information here but we want you to be fully informed about your rights, and how the The Green Welly Stop Ltd. uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.
We may need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

Legal bases we are adhering to

May 25th 2018 GDPR (General Data Protection Regulations) sets our a variety of different reasons for which a company may collect and process your data, these include:

  • Consent: In specific situations we can collect and process your data with your consent.
    eg. When you tick a box to receive email newsletters/updates.
  • Contractual obligations: In certain scenarios, we need your personal data to comply with our contractual oblications
    eg. If you order from us (via Telephone/shop/website) for home delivery, we collect your address details to deliver your purchase and pass them to our courier.
  • Legal requirement: If the law requires us to, we may need to collate and process your data.
    eg. We can pass on details of anyone involved in fraud or other criminal activity affecting The Green Welly Stop to law enforcement.
  • Legitimate interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
    eg. We may combine the shopping history of customers to identify trends and ensure we can keep up with demand, or develop new products/services as and when required.

When do we collect this Personal Data?

  • When you visit our website or place orders over the phone or in the shops and you use your account to buy a product, service or redeem vouchers.
  • When you make an online purchase and checkout as a guest (we just collect the transaction based data - required for fulfilment of your order).
  • When you create an account with us.
  • When you engage/interact with us on social media.
  • When you join our our local discount programme.
  • When you contact us by any means in relation to queries, comments or complaints etc.
  • When you ask a member of our team to email you information regarding a product or service.
  • When you enter any competitions.
  • When you book any events we may run.
  • When you comment or leave a review or comment on our products or business. A member of our team may access your personal data as requested/required.
  • When you fill in any forms within our business - ie you may have an accident on our premises - a member of our team will collect your personal data.
  • When you use our car parks / shops / petrol station which have CCTV installed (for the security of our customers and business). These systems may record your image during your visit.

What do we collect that is personal data?

  • If you have an account with us, we collate the following details: Name, date of birth, billing and delivery address, orders, receipts, email and telephone. For security your login password is stored and encrypted with us.
  • Details/Discussions with us in relation to any interaction with you.
    eg. We take notes during any conversations with you, details of complaints or comments you make, details of purchases you make, viewed or added to your basket, wish list choices, and how and when you contact us.
  • Details of your visits to our website, this can also involve which website you came from to ours.
  • Information gathered by the use of cookies in your web browser.
  • Payment card information.
  • Your comments and product reviews.
  • Your image may be recorded on CCTV when you visit our business/car park/petrol station.
  • Your car number plate may be recorded at our car park/petrol station.
  • Technical information such as Your internet connection and browser, country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
  • Your social media username/name if you interact with us on those channels. (This assists in responding to any queries/comments/feedback).

How and why do we use your personal data?

We want to give you the best possible customer service and experience. Using combined data, this knowledge of you helps us as an independent Family run Scottish business provide a high standard of service/experience. The new GDPR law allows this as part of our legitimate interest in understanding our customers and providing this service.

If you choose not to share your personal data with us, or refuse certain contact permissions we will be unable to provide some services.
eg. If you've requested to know when an item comes back into stock, (we can't do that if you've withdrawn consent).
Here's how we'll use your personal data and why:

  • To process any orders that you make through our websites or in store, or telephone. If we don't collect this information/data during checkout, we won't be able to process your order and comply with our legal obligations.
    eg. Your details may need to be passed to a third party to deliver or supply the product that you ordered. We may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds/guarantees etc.
  • To respond to your queries, refund requests and any complaints. We may also keep a record of these interactions to inform any future communication with us and to demonstrate how we communicated with you. This is on the basis of our contractual obligations to you, our legal obligations and our legitimate interestes in providing our high level of service.
  • To protect our business and your account from fraud and other illegal activities. This may include using your personal data to maintain, update and safeguard your account. We may also monitor your browsing activity with us to quickly identify any problems and protect the integrity of our websites, this is part of our legitimate interest.
    eg. Using monitoring of your IP address to identify possible fraudulent logins from unexpected locations.
  • To protect our customers, premises, asses and employees from crim, we operate CCTV in our store/petrol station and car park which record images for security. We do this on the basis of our legitimate interest.
  • To process payments and preventing fraudulent transactions. We do this on the basis of our legitimate interest. This also helps to protect our customers from fraud.
  • If any criminal activity of alleged criminal activity is discovered through our CCTV or fraud monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activity.
  • With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, telephone & website about relevant products, special offers, discounts, promotions, events etc.
    Your are free to opt out/unsubscribe at any time.
  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
  • To display the most interesting content to you on our websites, we’ll use data we hold about your favourite brands or products etc. We do so on the basis of your consent for our website to place cookies or similar technology on your device.
    eg. We may display your recently viewed products, or recommendations based on your purchase history.
  • To administer any of our prize draws/competitions which you enter, based on your consent given at the time of entering.
  • To develop, test and improve the systems, services and products we provide to you. We'll do this on the basis of our legitimate business interests.
  • To comply with our contractual or legal obligations to share data with law enforcement as required.
    eg. Court order.

How we protect your personal data

We are aware of how much security of data matters to all of our customers, we treat your data with the highest of care and take appropriate steps to protect it.

Our website is FULLY utilised under the 'https' techonology, securing/encrypting data flowing through our website. Transactional areas are again - fully secured using https technology.
Access to your own personal data online is password protected, and sensitive information such as debit/credit card details are secured by SagePay (See our SagePay section below)

SagePay and your personal data

Our Payment Service Provider is SagePay – the largest independent payment service provider (PSP) in the UK and Ireland.

SagePay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is SagePay's utmost priority to ensure that transaction data is handled in a safe and secure way.
SagePay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
SagePay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.
SagePay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.
In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL.
So when buying through our site, you can be sure that you are completely protected.

How long will we keep your personal data?

Where we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
Orders placed with us When you place an order, we will keep the personal data you give us for five years so we can comply with our legal and contractual obligations. In some scenarios, we'll keep the data for 10 years.
Inactive accounts
If you have not used your account for more than five years, it will be flagged as inactive and we will contact you to ask whether you want to keep it open.
Unless you reply to say ‘yes’, we'll close the account and delete or anonymise the personal data associated with it.

Who do we share your personal data with?

We share your personal data with trusted third party companies.
eg. Courier companies, fraud management, complaint handling, IT Support.

Our policy with these organisations to keep your data save and protect your privacy:

  • We only give the information needed to perform the service.
  • They may only use your data for the exact data that we specify in our contract with them.
  • If we stop using their services, any of your data held by them will either be deleted or anonymised.
  • We work closely with these organisations to ensure that your privacy and data is respected and protected, and our policy is adhered to at all times.

Examples of third party companies we work with:

  • IT/Web Development companies who support our website.
  • Delivery/Courier companies.
  • Email marketing companies (for the sole use of The Green Welly Stop).
  • Google/Facebook/Advertising platforms to show you products that might interest you whilst browsing the internet, this is based on the acceptance of cookies on our website.

Data sharing with third parties for their own purpose:

  • We may pass your information on if you have entered a joint competition with a supplier and have opted to receive their promotional information/communication from them.
  • Fraud - we may need to share your information with law enforcement.

Currently used companies who may process your data as part of their contract with us:

Parcelforce Royal Mail World Package Logistics SagePay
Google Facebook Instagram Twitter
Paid On Results Weltpixel Zendesk, Inc.
Where your personal data may be processed

Often, due to an international order, we need to share your data with third parties outwith the EEA (European Economic Area).
Likewise if you are based outwith the UK, your data will be processed in the UK and shared with the appropriate third parties, for example - Couriers.

What are your rights regarding your personal data?

An overview of your different rights.
You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
Please contact - The General Manager, The Green Welly Stop, Tyndrum, FK20 8RY, or email internet@thegreenwellystop.co.uk.
If you require your information updated, please update yourself on our website, or via the profile link within any marketing email, or contact our team on internet@thegreenwellystop.co.uk

If we choose not to action your request, we will explain to you the reasons for refusing.

Your right to withdraw consent
Where you have given us consent, you have the right to change your mind and withdraw that consent.
Where we rely on our legitimate interest
In these cases, where we process your information in a legitimate interest basis, you can ask us to stop for individual reasons. We must then do so, unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct email Marketing
You have the right to stop the use of this personal data through this (or other) selected channel. We must comply with your request.

Identity checking
Before proceeding with any request, we will ask you to verify your identity before proceeding with any request. If you have authorised a third party to submit a request, we will ask them to prove they have your permission to act.

How can you stop the use of personal data for email marketing?

To stop email marketing communications:
Click the unsubscribe link in any email communication that we send you. We will then stop further emails from that particular newsletters.
Please note we have 10 Newsletters, listed as follows:
The Green Welly Stop Newsletter
Spirits & Liqueurs
Speyside News
World Whisky News
Grain News
Campbeltown News
Lowland News
Highland News
Island News
Islay News
Please Note: When you unsubscribe from one of these particular newsletters, it does NOT automatically remove you from the others. If you require removal from all newsletters, please email internet@thegreenwellystop.co.uk
If you email us, you may still receive communication for a short while whilst our systems are being updated manually.

Contacting the regulator

If you feel your data has not been handled correctly, or your are unhappy with our response to requests, you have the right to lodge a complaint with the Information Commissioner's Office.
You can contact them by calling 0303 123 1113
You can go online to www.ico.org.uk/concerns
If you live outside the UK, please speak to your local Information Commissioner/Government.


Policy last updated 24.05.2018.

Copyright © 2018 The Green Welly Stop. All rights reserved.