WineSpark Privacy Notice (UK)

WineSpark Privacy Notice

Last updated: November 18th, 2025

This notice is issued by WineSpark UK Limited

Purpose

We respect your privacy and are committed to protecting your personal data. This Privacy Notice describes the types of information we collect and use, how and why we use such information, who we share it with, and tells you about your data protection and legal rights.

When we say “we”, “us” or “our”, we mean WineSpark Limited, a company incorporated in England and Wales with company number 16267188 and its registered office at Unit 146 19 Lever Street, Manchester, England, M1 1AN, the controller of your information.

If you have any questions regarding this Privacy Notice you can contact hello@winespark.com.

We are registered with the Information Commissioner's Office under registration number ZC033669.

Who this policy applies to

This Privacy Notice applies to all visitors and customers who access or use our website, and related services (together, the “Website”), anyone who purchases any products or services from us whether through our Website or by phone or otherwise, and our prospective, current and former customers, (each, “you” or “your”).

This Website is not intended for children and we do not knowingly collect data relating to children. 

So that you are fully aware of how and why we are using your information, it is important that you read this Privacy Notice together with our Cookie Policy and any other policy or notice we may provide on specific occasions when we are using, collecting or processing personal data about you.

Our commitment

We recognise the need to treat your personal data in an appropriate and lawful manner, in accordance with the UK General Data Protection Regulation ("UK GDPR"). The purpose of this privacy policy is to explain to you how we will handle your personal information.

We are committed to ensuring that all personal data is: 

  • processed lawfully, fairly and transparently;
  • processed for specific purposes only, and not in any manner incompatible with those purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate;
  • not kept longer than necessary;
  • processed consistent with your rights, with integrity and confidentially; and
  • kept confidential and secure.

Types of personal data processed

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The categories of personal information we may collect for the purpose of managing your engagement with us includes:

  • Identity Data: includes personal details and contact information such as first name, last name, home address, phone number, email address, fax number, membership and/or account number, unique ID code (which allows us to process your orders and payments). 
  • Contact Data: includes billing address, delivery address, email address and telephone numbers. 
  • Financial Data: this will be collected by our payment provider, Stripe. You can find further information set out in Stripe's Privacy Policy here.
  • Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
  • Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, and publicly available information (such as LinkedIn profiles), feedback and survey responses. 
  • Usage Data: includes information about how you use our Website.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us, and your communications preferences. We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and services may be relevant for you. You may receive marketing communications from us if you have requested information from us. We may also do this if you are a customer or a former customer and you will always have the right to unsubscribe from such communications.
  • Device Data: includes information about your device, web browser, IP address, location data, time zone, and information about your internet activity using cookies. Additionally, as you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website details of your visit to our Website. For more information on how we use cookies, please see our Cookie Policy.
  • Complaints Data: We may collect personal information for dealing with queries, complaints, or claims.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data under data protection legislation as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

We do not collect any special categories of personal data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) unless you volunteer allergen information which is relevant for your purchase order. 

If we need to collect personal data under applicable law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you to provide products to you.

How we collect your personal data

We will collect your personal information in the following ways:

·       Information you give us. This is information (including Identity Data, Contact Data, Financial Data, Transaction Data, Profile Data, Usage Data, Marketing and Communications Data, Device Data, Complaints data) you provide to us by: visiting our website, ordering from us, providing us with your details, entering a competition or prize draw or otherwise communicate to us. We may also get some personal data by you corresponding with us (for example, by email, via social media or by phone).

·       Information we observe. We will gather personal information about you through the monitoring of our Website such as Usage Data and Device Data.

·       Information acquired through automated technologies or interactions. As you interact with our Website, we will automatically collect personal data about you that distinguishes you from other users by using cookies. Please see our Cookie Policy on our Website for more details.

·       Information we create. We will create information about you where we create an account for you and where we keep records of our interactions with you including payments you make.

How we use your personal data

We use your personal data for the purposes outlined below, except where restricted by law.  In doing so, we rely on a number of separate and overlapping legal bases to lawfully process your personal data. We set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We also identify what our legitimate interests are, where appropriate.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you would like more details about the specific legal ground we are relying on to process your personal data. 

The table below sets out the purposes for which we use your personal data and the legal bases we are relying on in the table below: 

Why we use your personal information including type of data

Type of data (please see above list of data types)

Lawful basis for processing (please see below for more information on legal bases)

Managing our contractual relationship with you; 

Identity Data, Contact Data, Financial Data, Transaction Data, Profile Data, Usage Data, Complaints data

 

Contract: the use of your personal information is necessary for the management and administration of your contract with us and our responsibilities to you. We will process your financial data for collection of payment due under our contract with you.

Legitimate interests: it is a legitimate interest of ours to keep various information about you which is in addition to that which we need to fulfil our contractual obligations to you and to deal with our interactions with you and your company.

Customer correspondence and engagement including social media, complaints and feedback;

Contact Data, Identification Data, Complaints Data

Legal obligation: the use of your personal information is necessary so that we can respond to and investigate complaints.

Legitimate interest: it is a legitimate interest of ours to keep various information about you which will allow us to respond to your correspondence, interact with you via various platforms and improve our service for you and others.

Meeting customers' needs and requirements – including management of a customer account;

Contact Data, Identification Data, Transaction Data, Profile Data

Legitimate Interests: it is our legitimate interest to gather data about you and/or your company which is useful for building a complete view of our customers' use of our website and services. This includes understanding our customers' behaviour, activities, preferences and needs. This helps to ensure the effective running of our business through the development, improvement and provision of products and services which meet our customer needs and expectations.

Data analytics to improve our website, products/services, marketing, customer relationships and experiences;

Identification Data

Consent: we rely on consent to analyse the data we hold about you to improve our website and services and to enable us to deliver content to you which takes account of your likes and dislikes. We obtain your consent through the cookie consent notice.

Marketing purposes;

Contact Data, Identification Data, Marketing and Communications Data

Consent: If you have ticked the opt in box, we will send you electronic marketing information via your email address and via letter based on the marketing preferences you've given to us. This would include information about current services and offerings or direct contact from our representatives.

Legitimate interests: it is in our legitimate interest to keep various information about you which will allow us to market our products to you in order to make new sales, or distribution of our newsletter and allow our representatives to contact you with information relevant to you. Where we have already obtained or have sought consent, we will not rely on legitimate interests.

To enable you to take part in a prize draw or competition

Identity data, Contact data, Transaction data, Profile data, Marketing and communications data

Contract: If you have entered into a competition we will process your personal data to allow us to fulfil our contractual obligations to you in respect of that competition.

Insurance and claims, to procure insurance policies and to respond to and defend legal claims.

Contact Data, Identification Data, Video surveillance Data, Attendance Data

Legitimate interests: it is in our legitimate interests to use your personal information where necessary in the purchase of insurance policies and to respond to and defend legal claims.


Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we share your personal data

We may share your personal data with the parties set out below for the lawful purposes referred to above:

  • To service providers and commercial partners to help us provide our services and communicate with you. For example, providers of delivery and warehousing services, payment processing service providers, companies assisting with our IT systems, marketing services, debt collection agencies (where applicable), companies providing hosting services, records-storage companies, auditing services and our other business partners.
  • To third parties in the case of business re-organisation. For example to third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice. 

Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.

We may also share your personal data for legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our terms and conditions or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.

If we outsource the processing of personal data to third parties or provide personal data to third party service providers, we require those third parties to protect the personal data they are provided with appropriate security measures and only use it to provide their service to us prohibit and restrict them from using the personal data for their own purposes.

Data security

We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. These include adhering to various security standards, including physical and technological protection, data encryption, patching and software update management, management of access rights, vulnerability scanning and penetration testing, network configuration and monitoring. We will ensure your personal information is only accessible by those who need to see your information for their specific role. We will only transfer personal information to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.

Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal information.   

Transferring your personal information outside the United Kingdom

We will not transfer your personal information outside the UK unless such transfer is compliant with the UK GDPR. This means that we cannot transfer any of your personal information outside the UK unless:

·       the UK government has decided that another country or international organisation ensures an adequate level of protection for your personal information; or

 

·       the transfer of your personal information is subject to appropriate safeguards, which may include:

 

o   binding corporate rules; or

o   the International Data Transfer Agreement or the UK Addendum.

 

·       one of the derogations in the UK GDPR applies (including if you explicitly consent to the proposed transfer).

Direct marketing

When you sign up to a subscription, we will get your consent to send you direct marketing communications via email or text message (except for marketing communications which relate to your membership or products previously purchased by you). You have the right to opt-out of marketing communications at any time by contacting us or clicking the ‘unsubscribe’ link.

Third party links

Our Website may include links to websites, services, plug-ins and applications that are managed and controlled by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their data protection policies. Please note that this Privacy Notice does not apply in those cases. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

Data retention

We will only retain your personal data only for as long as is necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax and accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect of our relationship with you, or we are otherwise permitted to continue storing such data.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Your rights

You have several rights in relation to your personal data.  You have a right to:

  • Request access a copy of your personal data held by us. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.;
  • Request rectification of your personal data if it is inaccurate or incomplete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.;
  • Request restriction of our use of your personal data in certain circumstances. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:

o   If you want us to establish the data's accuracy;

o   Where our use of the data is unlawful but you do not want us to erase it;

o   Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

o   You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Move (or port) personal data which you have given us to process; and
  • Object to the processing of your data where our legal basis for processing your data is our legitimate interests. 

If you provided your consent to any of the processing of your personal information, you have the right to withdraw your consent to that processing at any time by contacting hello@winespark.com

Cookies

We use cookies and related technology on our Website. In relation to limiting or disabling tracking technology, please see the opt-out mechanism in our Cookie Policy.  

Changes to the Privacy Notice

We may update this Privacy Notice from time to time in order to reflect, for example, changes to our business, our practices, or for other operational, legal or regulatory reasons, so please review it frequently. We will notify you of any changes by posting the updated policy on this page with its effective date.

Contact information and your right to lodge a complaint

If you have any questions about this Privacy Notice, or if you require further information about our use of your personal data or you wish to avail of any of your rights, you may contact us at hello@winespark.com

You have a right to complain if you feel we have processed your personal data in a way that is not compliant with the law. This can be, for example, because you're not happy about how we handled a subject access request or a personal data breach, or you have some other concern about the way we've processed your personal data.

You can complain to us either by filling out our complaint form [insert link to a complaint form], by emailing us at [insert email address that can be used for complaints], by calling us on [insert telephone number to which complaints can be made] or by writing to us at [insert address for complaints].

We will respond to you to acknowledge your complaint within 30 days of receipt.

We will handle your complaint in accordance with our complaints procedure [insert link].

Once we receive your complaint we will investigate it. We will aim to do this as soon as possible and where possible within 30 days of receipt. In any event we will keep you informed of progress and let you know of any particular factors which will delay our response (such as if the request is particularly complex).

We will let you know the outcome of the complaint as soon as we have finished our investigation and made our conclusions. We will let you know what we've done to resolve your complaint and, where appropriate, any action we've taken as a result. We will provide you with sufficient information to enable you to understand why we have come to the conclusion we have reached.

If you are unhappy with the results of the complaint, you can complain to the Information Commissioner's Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AFC.