Privacy Policy


1. Introduction

1.1 Gordon & MacPhail is the trading name of Speymalt Whisky Distributors Ltd. Our head office is at: George House, Boroughbriggs Road, Elgin, Moray, Scotland, IV30 1JY.  Gordon & MacPhail are committed to safeguarding the privacy of persons for whom we process Personal Data. In this policy we explain how we will treat your Personal Data processed by us, in accordance with data protection legislation, and with the General Data Protection Regulation (‘GDPR’).

1.2 Personal Data includes any information relating to an identified or identifiable natural person (‘Data Subject’), who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3 Processing, for the purpose of this Privacy Policy, means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4 By consenting to this Privacy Policy you are giving us permission to process your Personal Data specifically for the purposes identified within this Privacy Policy.

1.5 You have a right to withdraw your consent to our processing your Personal Data at any time, and we have outlined the process for such a withdrawal within this Privacy Policy.

  1.     Processing Personal Data

2.1       We will only process such Personal Data which is adequate, relevant and limited to what is necessary for processing.

2.2       We may process the following kinds of Personal Data from your visit to our website:

  • information relating to any purchases you make of our goods, services or

any other transactions that you enter into, through our website, and to implement any contract concluded by you and us for that purpose (including your name, address, telephone number and email address);

  • to administer our site, and for internal operations, including    troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to enable us to provide you with access to specific areas of our site, such as the Customer Area of our Trade Portal;
  • to help us with our own internal research and analysis, which lets us develop our products in the ways we think our customers will want;
  • to measure and understand the effectiveness of advertising we send to you and others and to deliver relevant advertising to you;
  • where you have provided us with your consent, to receive mailings from us, to make suggestions and recommendations to you about other goods and services which may be of interest to you and you may withdraw your consent to this at any time;
  • to ensure that our site is presented in the most effective manner for you and your computer or device;
  • to notify you about changes to our services;
  • if you enter a competition, prize draw or similar contest, to administer the competition in accordance with the rules. If you win the competition, we will publish your name and home town (but not your email or full postal address) on the site;
  • information about your computer and about your visits to, and use of, this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
  • information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address). You can inform us at any time you no longer require our email notifications/ newsletter;
  • information contained in, or relating to, any communication that you send to us or send through our website (including the communication content and metadata associated with the communication), including online job applications;

(m) information necessary so as to send you statements, invoices and payment reminders to you, and to collect payments from you;

(n)   information necessary so as to provide third parties with statistical information about our users;

(o)   information required so as to deal with enquiries and complaints made by, or about, you relating to our website;

(p)   information required so as to keep our website secure and prevent fraud;

(q)   information required so as to verify compliance with the Terms and Conditions governing the use of our website (including monitoring private messages sent through our ‘Contact Us’ page on our website); and

(r)   any other personal information that you choose to send to us.

2.3       Before you disclose to us the Personal Data of another person, you must obtain that person’s consent to both the disclosure and the processing of that Personal Data in accordance with this policy.

2.4       In the event that we need to obtain Special Personal Data from you, other than as required by law, we will always tell you why, and how the information will be used and obtain your consent for this.

2.5       We will process Personal Data for the following lawful purposes:

  • our legitimate interests, which include: the administration of our business, debt recovery, processing accounts and payroll, crime prevention and detection (including the use of CCTV and radio communications), visitor access and monitoring, internal vehicle tracking devices and processing of personal data for the purposes of communicating with parties (where consent is not otherwise required);
  • the performance of a contract, or to enter into pre-contractual negotiations;
  • in order for us to comply with a legal obligation placed upon us;
  • in order to protect the vital interests of either yourself or another person; and / or
  • for any other reasons, with your consent, which can be withdrawn at any time.
  1. Disclosing Personal Data

3.1       We may disclose your Personal Data to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.         

3.2       We may disclose your Personal Data:

  • to the extent that we are required to do so by law;
  • to protect rights, property of the safety of us, our customers, users of our website or other persons;

(c)  in connection with any ongoing or prospective legal proceedings;

(d)  in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

(e)  to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling;

(f)   to another organisation if we enter into a joint venture or merge with another organisation;

(g)  any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

3.3       Any third party who we share your Personal Data with, are obliged to keep your details securely and when no longer needed, to dispose of them securely or to return the Personal Data to us.

3.4       We will not, without your express consent, supply your Personal Data to any third party for the purpose of their, or any other third party’s, marketing.

3.5       Except as provided in this policy, we will not provide your Personal Data to third parties without first obtaining your consent.

3.6       If we wish to pass your Special Personal Data on to a third party, we will only do so once we have obtained your explicit consent, unless we are required to do so by law.

  1.   Retaining Personal Data

4.1       Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

4.2       Unless we advise you otherwise, we will retain your Personal Data in accordance with legal requirements and best practice.

  1.   Security of Personal Information

5.1       We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

5.2       We will store all the personal information you provide on our secure password and firewall protected servers.

5.3       You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

  1.   Amendments

6.1       We may update this policy from time to time by publishing a new version on our website.

6.2       You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3       We may notify you of changes to this policy on this website or by email.

  1.   Your Rights

You have the following rights regarding the Personal Data which we hold about you:

7.1       right of access – you have the right to request a copy of the information that we hold about you;

7.2       right of rectification – you have a right to correct Personal Data that we hold about you that you think is inaccurate or incomplete;

7.3       right to be forgotten – in certain circumstances you can ask for the Personal Data which we hold about you to be erased from our records;

7.4       right to restriction of processing – in certain circumstances you have a right to restrict the processing of Personal Data;

7.5       right of portability – you have a right to have the Personal Data we hold about you transferred to another organisation;

7.6       right to object – you have the right to object to certain types of processing, such as direct marketing; and

7.7       right to object to automated processing, including profiling – you have the right not to be subject to the legal effects of automated processing or profiling.

  1. Complaints Procedure and Right to Legal Redress

8.1       In the event that we refuse your request under rights of access, we will provide you with a reason why.

8.2       If you wish to make a complaint about how your Personal Data is being processed by us, or any third party on our behalf, we would be grateful if you would in the first instance contact our Data Protection Officer, who will endeavour to resolve your issue to your satisfaction.

8.3       You also have the right to complain directly to the Information Commissioner’s Office and seek other legal remedies.

  1. Third Party Websites

9.1       Our website may include hyperlinks to, and details of, third party websites.

9.2       We have no control over, and are not responsible for, the privacy policies and practices of third parties.

  1. Updating Personal Data

You are responsible for letting us know if the Personal Data that we hold about you needs to be corrected or updated.  You can do this by contacting us through email at dataprotection@gordonandmacphail.com or by telephone on: 01343 545 111.

  1. Transfers of Personal Data to Third Countries

If we need to transfer Personal Data for processing to a Third Country (which is to say a country outside of the EEA), we will only do so, where we have either:

            (a)        taken an adequacy decision;

            (b)        lawful binding corporate rules are in place;

            (c)        lawful model contract clauses are in place;

(d)        we have obtained your specific consent to the proposed transfer, and you have been advised of the possible risks of such transfers;

(e)        the transfer is necessary for the performance of a contract between ourselves, or are part of the implementation of pre-contractual measures taken at your requests;

(f)        the transfer is necessary for the conclusion or performance of a contract concluded in the interested of you, and us, and another party;

            (g)        the transfer is necessary for important reasons of public interest;

(h)        the transfer is necessary for the establishment, exercise or defence of legal claims; and / or

(i)         the transfer is necessary in order to protect the vital interests of you or others, where you are physically or legally incapable of giving legal consent.

  1. Cookies

12.1     Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

12.2     A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

12.3     Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie on the other hand, will expire at the end of the user session, when the web browser is closed. The cookies which we use are:

Cookie Name

Expiration Date

Description

Type of Cookie

_ga

2 years

Used to distinguish users

Persistent

_gid

24 hours

Used to distinguish users

Persistent

_gat

10 minutes

Used to throttle request rate

Persistent

_utma

2 years from set / update

Used to distinguish users and sessions. The cookie is created when the JavaScript library executes and no existing _utma cookies exist. The cookie is updated every time data is sent to Google Analytics

Persistent

_utmt

10 minutes

Used to throttle request rate

Persistent

_utmb

30 minutes from set / update

Used to determine new sessions / visits. The cookie is created when the JavaScript library executes and no exiting _utmb cookie exists. The cookie is updated every time data is sent to Google Analytics

Persistent

_utmc

End of browser session

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the _utmb cookie to determine whether the user was in a new session / visit

Session

_utmz

6 months from set / update

Stores the traffic source or campaign that explains how the user reached our site. The cookie is created when the JavaScript library executes and is updated every time data is sent to Google Analytics

Persistent

Age check

3 days

Cookie which captures the details of the age check, which is performed when our website is first loaded

Persistent

 

 

 

12.4     Most browsers allow you to refuse to accept cookies. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you may not be able to use all the features on our website. You can delete cookies already stored on your computer.

12.5     We also use Google Analytics on our website.

13        Our Details    

13.1     We are registered in Scotland under registration number SC037522 as Speymalt Whisky Distributors Limited, trading as Gordon & MacPhail, and our registered office is at George House, Boroughbriggs Road, Elgin, IV30 1JY. Our website address is www.gordonandmacphail.com.

13.2     Our principal place of business is at our registered office.

13.3     You can contact us:

(a)     by post, using the postal address, given above;

(b)     using our website contact form;

(c)     by telephone or 01343 545111

(d)     by email dataprotection@gordonandmacphail.com

  • Our Data Protection Officer is Norman Ross can be contacted using the details referred to in the above clause.