Privacy Policy
We are committed to protecting and respecting your privacy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. If you are a California Resident, specific sections (1.4, [5] and 9) apply to you, in addition to other clauses outlined in this Privacy Notice.
1. HOW WE HANDLE YOUR DATA
This section covers the sources and categories of personal data that we collect and process, why we do so, and the lawful bases for such processing.
This Privacy Policy covers the processing of the following categories of individuals:
- Section 1.1 Our Digital visitors
- Section 1.2 Our Business Partners (this section covers existing and prospective customers, business partners and suppliers collectively called Business Partners. Where these are legal entities, this covers their employees or representatives)
- Section 1.3 Visitors to our premises
- Section 1.4 Californian Residents
1.1. IF YOU ARE A DIGITAL VISITOR
- Sources of personal data
- Personal data that we collect and process
- Why do we collect your personal data and what are our lawful bases for it?
A. Sources of personal data
We may obtain your personal data from the following sources:
- from you directly (for example, at the time of subscribing to any services offered on a website, mobile applications, events, interactive kiosks or social media including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
- from your device or browser; and/or
- if you contact us, we may keep a record of that communication.
B. Personal data that we collect and process
- Name
- Username
- Address
- Date of birth
- Email address
- Operating system
- Browser type
- Cookie data (for more information please see our Cookie Policy – linked below)
- Preferences regarding online marketing and tracking
- IP address
- Location
- Information you submit to us when you contact us posting material or requesting our service
- Responses you provide as part of our surveys, competitions, games and other interactive services; and/or
- Product orders, event invitations sent, and tickets bought
- Behavioural information from online, web, apps, email and social media, if we have your permission to do so.
C. Why do we collect your personal data and what are our lawful bases for it?
In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.
| WE MAY USE YOUR PERSONAL DATA TO: | WHAT ARE OUR LEGAL BASIS FOR PROCESSING YOUR DATA? |
|---|---|
| Provide our digital services to you | Our legitimate interest: Website and Application Management Account Management |
| Establish and manage our relationship | Our legitimate interest: Understand the market in which we operate Management Reporting (including at an intra-group level) Account Management |
| Learn about our digital users’ browsing patterns and the performance of our digital services | Our legitimate interest or your consent*: Website & Application Management Understand the market in which we operate |
| Security | Our legitimate interest: Managing security, risk and crime prevention Management Reporting (including at an intra-group level) |
| Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication | Our legitimate interest or your consent*: Promote our goods and services Management Reporting (including at an intra-group level) |
| Learn about how our products or services may be used | Our legitimate interest: Understand the market in which we operate Management Reporting (including at an intra-group level) |
| Sharing information with advertising partners (including Social media platforms, such as Facebook, Instagram, Pinterest, LinkedIn, Tripadvisor, Snapchat) | Your consent: Promote our goods and services Management Reporting (including at an intra-group level) |
| Ad retargeting: Sending you targeted and personal adverts on web sites and social media based on your preferences, purchase history and tracked behaviour. | Your consent: Promote our goods and services Management Reporting (including at an intra-group level) |
*Where we use your email or other digital means to communicate marketing information to you, we will seek your prior consent where required to do so by law.
If you object to us using your personal data for the above purposes, including direct marketing, please contact us using contact details set out in section 9.
Where we use cookies or similar technologies, we will seek your prior consent where required to do so by law.
We do not sell your personal data to any third party.
Our website may, from time to time, contain links to and from the websites of our partner networks, creative partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies. Please check their privacy notices or policies before you submit any personal data to these websites.
Please do not submit any information via this website or application if you are not happy with the way your personal data is processed as described in this Privacy Policy.
1.2. IF YOU ARE OUR BUSINESS PARTNER
This section covers existing and prospective customers, business partners and suppliers, collectively called Business Partners. The information we collect and process in relation to our customers is primarily business information. We may collect personal data related to employees, directors, authorised signatories and other individuals associated with our existing or prospective Business Partners.
- Sources of personal data
- Personal data that we collect and process
- Why do we collect your personal data and what are our lawful bases for it?
A. Sources of personal data
We may obtain your personal data from the following sources:
- from you directly,
- from a company that employs you, if you are an employee of our Business Partner,
- from our affiliates, i.e. members of the Bacardi Limited group of companies;
- during networking events that we have either hosted, or sponsored, or attended; and/or
- from publicly available sources (for example, your company website or social media sites).
B. Personal data that we collect and process
We may collect the following categories of personal data relating to our Business Partners’ employees, officers, authorised signatories, or other associated individuals:
- Name
- Picture (photography) – During our Bacardi events
- Business address
- Business email address
- Business telephone number
- Business fax number
- Job title or role
- Business bank account details
- Date of birth
- Language of communication
- Date of first contact
- Categorisation as a business partner (e.g. supplier, existing or prospective customer); and/or
- Bacardi’s system usage details, if suppliers or business partners are permitted access to Bacardi systems.
C. Why do we collect your personal data and what are our lawful bases for it?
In the table below, we explain what specific business interests we pursue when processing your personal data and the lawful bases we rely on.
| WE MAY USE YOUR PERSONAL DATA TO: | WHAT ARE OUR LEGAL BASIS FOR PROCESSING YOUR DATA? |
|---|---|
| Provide you with our products or services or receive products or services from you | Our Contractual Obligation (if you act in your personal capacity or a sole trader): Efficiently fulfil our contractual and legal obligations Our Legitimate Interest: Management Reporting (including at an intra-group level) Efficiently fulfil our contractual and legal obligations (if you are an incorporated entity) |
| Establish and manage our relationship | Our Contractual Obligations (if you act in your personal capacity or a sole trader): Efficiently fulfil our contractual and legal obligations Our Legitimate interest: Understand the market in which we operate Management Reporting (including at an intra-group level) Exercise or defend legal claims Efficiently fulfil our contractual and legal obligations (if you are an incorporated entity) |
| Learn about how our products and services are or may be used | Our legitimate interest or Your Consent * : Understand the market in which we operate Management Reporting (including at an intra-group level) |
| Security | Our Legitimate interest: Managing security, risk and fraud prevention Management Reporting (including at an intra-group level) |
| Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication | Your Consent: Promote our goods and services Our Legitimate interest: Management Reporting (including at an intra-group level) |
| Your image (film or photos) at events to be used to support our communication and promotional campaign | Our legitimate interest or your consent * : Promote our goods and services |
| Checking your age at Bacardi events to ensure compliance with age limitations for alcohol consumption | Our Legitimate interest: Compliance with laws |
* We will seek your prior consent where required to do so by law.
If you object to us using your personal data for above purposes, including direct marketing, please let us know using the email address provided in section 9.
Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.
1.3. IF YOU ARE A VISITOR TO OUR PREMISES
- Sources of personal data
- Personal data that we collect and process
- Why do we collect your personal data and what are our lawful bases for it?>
A. Sources of personal data
We may obtain your personal data from you directly and from our systems’ records
(If we add events the A B C needs to be copied from digital visitor above)
B. Personal data that we collect and process
- Name
- Surname
- Data of birth
- Email address
- Address
- Business contact details
- Organisation
- Role
- Time and date of your visit; and/or
- Image (for example, from CCTV cameras at our premises, where they are used,
C. Why do we collect your personal data and what are our lawful bases for it?
In the table below, we explain what specific business interests we pursue when processing your personal data and what lawful bases we rely on.
| WE MAY USE YOUR PERSONAL DATA TO: | WHAT THE LEGITIMATE INTERESTS OF OUR BUSINESS ARE: |
|---|---|
| Security | Our legitimate interest: Managing security, risk and crime prevention |
| Maintain records of visitors to our premises | Our legitimate interest: Management Reporting |
| Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication | Our legitimate interest or your consent *: Promote our goods and services Management Reporting (including at an intra-group level) |
* We will seek your prior consent where required to do so by law
Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.
If you object to us using your contact details for these purposes, please let us know using the methods listed in section 9.
1.4. IF YOU ARE A CALIFORNIAN RESIDENT
The following is applicable to individuals residing in California from whom we collect Personal data, in accordance with the California Consumer Privacy Act (hereinafter “CCPA”).
The chart below outlines the categories of Personal Information (as defined by the CCPA) that we have collected for a business purpose in the preceding twelve months.
WE DO NOT SELL PERSONAL INFORMATION.
A. Categories of Personal Information collected
The examples of Personal Information for each category below are provided by CCPA to describe the information that pertains to each category. CCPA requires us to provide disclosures in regard to each category, even where we collect only one element that pertains to such category. For example, because we may collect “gender” information, we have to disclose that we collect personal information for the category “Characteristics of Protected Classifications under California or Federal Law” even where we do not collect any other element that pertains to that category.
For each category of Personal Information, we collect:
- We use share the personal information for the business purposes described under sections 1.1, 1.2. and 1.3 above above
- We share the personal information as explain in section 2 below.
| CATEGORY | WHAT DOES THE CATEGORY INCLUDE? | WE COLLECT | WE SELL |
|---|---|---|---|
| Identifiers | Name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | Yes | No |
| Categories of Personal data in Cal. Civ. Code 1798.80(e) | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | Yes | No |
| Characteristics of Protected Classifications under California or Federal Law | Race or colour, ancestry or national origin, religion or creed, age (over 40), mental or physical disability, sex (including gender and pregnancy, childbirth etc..), sexual orientation, gender identity or expression, medical condition, genetic information, marital status, military and veteran status. | Yes gender | No |
| Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | Yes | No |
| Biometric Information | Physiological, biological, or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, ( imagery of the iris, retina, fingerprint, face, hand, palm, voice recordings sleep, health, or exercise data that contain identifying information | No | No |
| Internet or Other Electronic Network Activity Information | Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement | Yes | No |
| Geolocation Data | Precise physical location | Yes | No |
| Sensory Information | Audio, electronic, visual, thermal, olfactory, or similar information | Yes | No |
| Professional or employment-related information | Resume information related to education such as completion of degrees and educational institutions attended, information on educational certifications, job application or resume information, past and current job history, and job performance information. | Yes | No |
| Inferences Drawn from Personal data | Consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes | No |
B. You may exercise the following rights.
- Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected. Prior to disclosing the information, we are required to verify that the individual making the request is indeed the individual to whom the information relates. Once we receive a verifiable request, we must disclose to you the information requested for the twelve months preceding your request.
- Right to Delete. Subject to certain exceptions, you have the option to delete Personal data about you that we have collected from you.
Verification. Requests for access to or deletion of Personal data are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations.
Right to Equal Service and Price. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.
Submit Requests. For other requests or to authorize an agent to make a request on your behalf, you can also reach contact us (see Section 9).
2. SHARING OF YOUR INFORMATION
We do not sell your personal data to any third party.
We use secure methods to transmit personal data.
Data we collect may also be processed by staff operating outside the EEA who work with us or for us, or for one of our affiliated companies, suppliers or service providers.
Recipients of your personal data:
2.1. OUR AFFILIATES
We may disclose your personal data to our affiliates, who may use your information for the purposes described in this Privacy Policy. In so doing, they will be data controllers of your information together with us. As data controllers, our affiliates will process your data in compliance with the GDPR and other relevant data protection laws.
2.2. THIRD PARTY RECIPIENTS
We may share your personal data with third parties who are controllers of your personal data as follows:
- Where required by law and similar mandatory disclosures.
- In connection with a merger, sale, or asset transfer.
- Other third parties for whom we have obtained your permission or consent to disclose your Personal data.
2.3. SERVICE PROVIDERS THAT WE MAY INVOLVE FOR THE PURPOSES DESCRIBED IN ABOVE SECTIONS
Our service providers process your personal data for data analytics/ marketing and advertising of our products and services to you. Our advertising and promotional agencies and consultants carry out marketing campaigns or email mailings on our behalf, or analyse or evaluate our data collection process or customer service fulfilment, such as website hosting companies. We will ensure that any service provider engaged by us is bound to comply with data protection obligations and process your personal data only on documented instructions from us and do not use it for their own purposes.
2.4. LAW ENFORCEMENT OR GOVERNMENT BODIES
We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.
3. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA AND THE UK (EEA)
If and when transferring your personal data outside the EEA and the UK, (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:
- the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
- the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA and the UK;
- the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
- the transfer is to an organisation in the US that is EU-US Privacy Shield certified.
You may request a copy of any relevant document in relation to transfers of your personal data outside the EEA and the UK by contacting us using the contact details in section 9 below.
4. YOUR RIGHTS
When prescribed by local regulations, you are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems.
You can also ask us to transfer a copy of your personal data that you provided to us, limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.
If you gave us your consent to use your data, e.g. so that we can use your electronic contact details to send you marketing communications, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.
You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.
If you would like to exercise any of your above rights, contact us using the contact details in section 9 below.
5. VARIATIONS
We may revise this Privacy Policy at any time by amending this page. Any changes to our processing will take effect within a reasonable period of time after posting the amended Privacy Policy, so that you would have time to consider if you are ok with the changes.
6. CHILDREN
Our website is designed to appeal to adults only. We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites or its products or services to children or people under the legal drinking age.
If we become aware that a visitor to our websites is a child or under the Legal Drinking Age in the country or other territory in which he or she is located at the relevant time and has registered without verifiable parental consent, we will remove his or her personal data from our files.
7. RETENTION PERIOD
We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
8. INFORMATION ABOUT US
For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), Bacardi Martini B.V., Weena 505, 3013 AL Rotterdam, The Netherlands will be the data controller responsible for any personal data about you.
Our EU entities are subsidiaries/affiliates of or are otherwise associated with Bacardi BMBV. These are listed in Annex 1 to this Privacy Notice. If you are a visitor to our websites, the relevant data controller is Bacardi Martini B.V., registered in The Netherlands under company number 33164385. Our registered office and main trading address is at (Building 1962), Stadionplein 6, 1076 CM Amsterdam, The Netherlands. Our VAT number is NL 0059.70.441.B01.
If you are a customer or a potential customer of one or more of our EU entities, or an individual related to one of our existing or potential customers, the relevant data controller is the Bacardi entity which has contractual or business relations with our customer. If you contract with our EU entities in any other capacity (for example, to provide your services), your data controller will be the Bacardi entity with which you contract. If you are a visitor to our premises or events, the relevant controller is the EU entity that is located in that office or hosting the event.
For cross-border matters, and in relation to personal data shared by several of our EU entities, the relevant entities may operate as joint controllers that will collaborate with one another, as necessary, to comply with our obligations under the GDPR, including to address requests by data subjects to exercise their rights under the GDPR, as set out in Section 4 above. The main establishment for all of our EU entities for purposes of compliance with the GDPR is Bacardi Martini B.V., at (Building 1962), Stadionplein 6, 1076 CM Amsterdam, The Netherlands.
If you need to communicate with us, please contact us as explained in section 9.
9. CONTACT DETAILS
Questions, comments, complaints and requests regarding this Privacy Policy, or our privacy practices in general, are welcomed.
Any queries and requests regarding this Privacy Policy are welcome via the contact points below:
- Email us at: info@xtaz.com
- Phone: 0879/ 272 244
- Get in touch with us from here.