Privacy Policy
This page explains how we use your personal data.
Grapevine Local Limited is the data controller in respect to all personal data collected through this website.
We are committed to ensuring the privacy of our clients and other website visitors. In this policy we explain how we hold, process and retain your personal data.
1. How we use your personal data
1.1 This section provides you with information about: (a) what personal data we hold and process; (b) in respect of personal data that we did not collect from you directly, where we obtained that data from, and what types of data we have collected; (c) the purposes for which we may process your personal data; and (d) the legal grounds on which we process your data.
We will not pass on your information to any third party without your explicit consent.
1.2 Contact data / Enquiry data. We may process contact details that you provide to us (“contact data”). This contact data may include your name, address, telephone number, and email address, and may be provided through our website. We may use this contact data to manage your account with us and to contact you to discuss your use of our website, and how our website and content performed and functioned for you.
The legal basis for this processing is our legitimate interest in responding to your enquiries and ensuring the efficient administration and continued function of our website.
1.3 Profile Data. During the course of providing services to you, you may provide us with biographical information about yourself (“profile data”). This profile data may include your contact data, biographical information which you upload and a profile picture.
We may use this data to provide you with services from our web site and to monitor and administer your account with us.
Where you have provided your consent for us to do so, we may also use this data for the purposes of carrying out marketing activities, specifically in order to tailor the offers, advertisements and promotions that we bring to your attention both when we contact you, and through our website.
If you opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information. If at any time you wish to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each e-mail.
1.4 Sensitive Personal Data. We do not require any sensitive personal data from you to enable us to provide our services and we will not ask you to provide any such sensitive data to us. However, during the course of using our services, you may voluntarily provide us with sensitive information about yourself (“sensitive data”). As we do not require this data in order to provide our services to you, we will only process this sensitive data if you consent to us doing so.
1.5 Transaction data. We may process information relating to any payments made by you through our website (“transaction data”). The transaction data may include your contact details, your bank account details, your credit card details, and the transaction details. The transaction data may be processed for the purposes of processing these payments and keeping proper records of those transactions.
The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
1.6 Website data. We may process data about your use of our website and services (“website data”). The website data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the website data is our analytics tracking system. This website data may be processed for the purposes of analysing the use of the website and services.
The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
1.7 Notification data. We may process information that you provide to us for the purpose of subscribing to our newsletters (“notification data”). The notification data may be processed for the purposes of sending you newsletters.
The legal basis for this processing is consent.
1.8 Correspondence data. We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
We will also collect the contents of messages or communications you send to others through the website. When you communicate with other users of the website, whether individuals or otherwise, the people you communicate with will be able to see the content you send to them. We use end-to-end encryption in relation to any private messages you send to other users of the website. This means that we cannot view the content of your message and only you and the recipient of the message can decrypt it and see the content.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
1.9 Other processing activities. In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2. Providing your personal data to others
2.1 Our partner service providers. We may share your data with our partners who manage and support us.
We use third party servers provided by Amazon Web Services (“AWS”) to host our website. A copy of AWS’ Privacy Policy can be viewed at: https://aws.amazon.com/privacy/.
We use Lamway (a division of Blue Lane Holdings Ltd) for website design and support services. A copy of Lamway’s Privacy Policy can be viewed at: http://lam-way.com/privacy.html.
We may also share your data with other companies within our group of companies.
2.2 Our professional advisers. We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice and managing legal disputes.
2.3 Where we provide your personal data to any third party to process it on our behalf. Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
2.4 To comply with legal obligations. In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual.
2.5 Should our company or its business or undertaking be sold or otherwise disposed of, your data will be passed to the purchasing or acquiring company to allow continued service.
3. Transfers of your personal data outside the European Economic Area
Where your personal data is transferred outside the EEA, we will ensure that either (a) The European Commission has made an “adequacy decision” with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside the EEA will be protected by appropriate safeguards.
4. Retaining and deleting personal data
4.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.2 Unless we contact you and obtain your consent for us to retain your personal data for a longer period, we will retain and delete your personal data as follows (unless otherwise specified, all of time limits expressed below run from the date of your last login to the website):
(a) Contact data will be retained for 3 years.
(b) Profile data will be retained for 3 years.
(c) Sensitive data will be retained for 2 years.
(d) Transaction data will be retained for 3 years following the end of the calendar year in which you last entered into a transaction with us, at the end of which period it will be deleted from our systems. Bank account details and credit card are kept until the relevant payment is processed upon completion of which that data is automatically deleted.
(e) Website data will be retained for 2 years.
(f) Notification data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(g) Correspondence data will be retained for 2 years following the date of your last communication to us or communication made through our website, at the end of which period it will be deleted from our systems.
(b) Profile data will be retained for 3 years.
(c) Sensitive data will be retained for 2 years.
(d) Transaction data will be retained for 3 years following the end of the calendar year in which you last entered into a transaction with us, at the end of which period it will be deleted from our systems. Bank account details and credit card are kept until the relevant payment is processed upon completion of which that data is automatically deleted.
(e) Website data will be retained for 2 years.
(f) Notification data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
(g) Correspondence data will be retained for 2 years following the date of your last communication to us or communication made through our website, at the end of which period it will be deleted from our systems.
Once the relevant time limit for retention of data has been reached, the data in question is automatically deleted from our systems. If transactional data is retained for historical or financial reasons beyond 3 years the data will be anonymised rather than deleted.
4.3 We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Amendments
5.1 We may update this policy from time to time by publishing a new version on our website.
5.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
5.3 We may notify you of changes to this policy by email.
6. Your rights
6.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) your request not being found to be unfounded or excessive, in which case a charge may apply; and
(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
6.2 We may withhold personal information that you request to the extent permitted by law.
6.3 The rights you have under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.
6.4 Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data, and to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
6.5 Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
6.6 Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
6.7 Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
6.8 Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
6.9 Your right to object to direct marketing. You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.
6.10 Your right to data portability. Where you have given us consent to process your personal data, or where we are processing your personal data for the performance of a contract, you have a legal right to receive a copy of the personal data we hold about you in a structured, commonly used and computer readable format. When a data request is made of us we will make available all applicable personal data to you in a computer readable format and will transmit your personal data to the appropriate third party pursuant to your instruction. We will not process your data in this way if we believe that it may pose a threat to the security of the data.
6.11 Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.
6.12 Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
6.13 Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
6.14 Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
6.15 Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
7. Cookie Policy
For information about how we use Cookies please see our Cookie Policy.
8. Our details
8.1 This website is owned and operated by Grapevine Local Limited.
8.2 We are registered in England and Wales under registration number 11150735, and our registered office is at Kiln Cottage, Parrots Lane, Tring, Bucks, England, HP23 6NX.
8.3 You can contact us:
(a) by post, using the postal address given above;
(b) using our website contact form;
(c) by telephone, on the contact number published on our website from time to time; or
(d) by email, using the email address published on our website from time to time.
9. Data protection officer
Our data protection officer’s contact details are: Alan Greaney, who can be contacted via email: [email protected].