Milroy's Privacy Policy

Read our privacy policy: This Privacy Policy explains how we will use your personal information when you interact with our Site so, please read it carefully.

SUMMARY

Below is a summary of some key terms of this Privacy Policy. We are committed to protecting your personal information when
you use our Services and we want you to be confident that your personal information is safe and secure with us. This Privacy Policy explains how we use your personal information including the following:

where we collect your personal information from;

  • what personal information we collect;
  • how we use your personal information;
  • who your personal information is shared with; and
  • the rights and choices you have when it comes to your personal information.

Use of our website (our “Site”) is subject to our website Terms and Conditions. If you do not agree to these terms, please stop using the Site immediately.

Where we refer to “personal information” in this Privacy Policy, we mean information which constitutes “personal data” under the UK’s version of the General Data Protection Regulation (the “UK GDPR”).
This can be any information that directly identifies you (such as your name or email address), but also information that identifies you indirectly or would identify you when pieced together with other information (such as your age, gender, demographic information, IP address, and cookie identifiers/other unique online identifiers).

The main reason we process your personal information is to provide you with the Site and the other services that you
request from us (see section 4 below) (together, the “Services”). For certain purposes set out in section 5 below, we may share your personal information with group entities, our product partners, service providers, and regulatory or governmental bodies.  We will only hold your personal information for as long as necessary to fulfil the purposes for which we hold that personal information.  

To make an enquiry or exercise any of your rights as set out in this Privacy Policy, please contact our Data Request Team at: dpo@milroys.co.uk

1. Who are we?

1.1. We are Milroys which is made of several entities, Cask Industries Limited, Milroys.co.uk, milroysofsoho.com and Barrel Industries Limited, together we make up Milroys. We will take your privacy very seriously.

1.2. For the purposes of this Privacy Policy, references to "we", "us", "our" or “Site” are to Milroys

1.3. Cask Industires Limited (company number 11178064)
is a controller in relation to the processing of the personal
information that you provide to us when you use our Services. Its registered address is 44 Russell Square, London, England, WC1B 4JP. If you have any queries relating to our use of your personal information, if you want to contact our data protection officer or if you have any other related data protection questions, please contact our Data Request Team at dpo@milroys.co.uk or write to our Data Protection Officer at 44 Russell Square, London, England, WC1B 4JP.

2. How do we collect personal information?

2.1. From you - Most of the personal information we collect will be directly from you when you use the Services.  We will collect this information from you through the websites, mobile applications, or other similar devices, channels, or applications operated by or on behalf of Milroys.co.uk. 

2.2. From our product partners - If you purchase a product from one of our partners whose products or services are included on our Site (“product partners”) then they may send us the information they hold relating to the product(s) you have purchased.  This allows us to track sales and improve our Services.

2.3. From our suppliers - We will sometimes use other companies to collect and process your personal information on our behalf, for example, we may use IT service providers or market research agencies (see section 5 below for more detail on the categories of these suppliers). Where we use third party suppliers we will make sure that they commit to keeping your information safe.

3. What personal information do we collect?

3.1. The personal information we may collect when you use the Services includes:

3.1.1. your identity information such as name and date of birth;

3.1.2. your contact information such as address, email address and telephone number;

3.1.3. your financial information, for example, bank account or payment details.

3.1.4. in certain scenarios, recordings of the content of your communications with us such as calls, emails and SMSs, in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality control and training (e.g. where you email our customer
services team), to prevent unauthorised use of our telecommunication systems and Site, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime;

3.1.5. feedback you provide to us on your experience of using the Site, which we may have requested from you in order to ensure the Services we provide you continue to meet your needs. Any feedback you provide will only be used as part of our programme of continuous improvement and will not be published on the Site; and

3.1.6. information about how you come to our Site and how you use it, for example, the pages viewed, the website from which you came to visit our Site, changes you make to information you supply to us, details of the orders you request and your transactions.

3.2. We do not knowingly collect or store any personal information about children under the age of 18 years, our site has a legal requirement to only offer services to adults over the age of 18 due to
the nature of the services offered. We do not accept any liability for local or international laws related to the prohibition or sale of products which we offer to adults as deemed applicable under said laws or covenants.

3.3. Note that it is your responsibility to check and ensure that all information, content, material, or personal information you provide on the Site is correctcomplete, accurate, and not misleading and that you disclose all relevant facts.

4. How do we use your personal information?

We use your personal information for the following purposes:

4.1. For the management of our Site and other Services:

4.1.1. verifying your identity, managing, running and administering your account or use of any mobile applications if you choose to set up a Site account or download mobile applications. You must be aged 18 years and over to create an account on the Site, please see section 3.2 of this Privacy Policy;

4.1.2. to pre-populate fields on the Site when making return visits to the Site. This will make it easier for you to use the Site by storing the personal information you provide to us (for example, your postal address and email address) and by storing personal information of any individuals associated with your account(s) for example a family member or a friend. Sometimes, this involves us placing “cookies” or other tracking technologies on our Site; for more information on
cookies, see section 9;

4.1.3. to process a transaction 

4.1.4. to track sales, which may involve product partners sharing data with us relating to the product(s) you have purchased, this involves us placing “cookies” or other tracking technologies on our Site;

4.1.5. to fulfil offers you are eligible for or have applied for through the Site, for example if you qualify for any rewards. Where we use third parties to help us to fulfil offers, we may also need to share your personal information with them. This will also be detailed in the relevant terms and conditions for that offer;

4.1.8. by matching our data with data from other sources including to validate your information and make our Services easy to use:

4.1.8.1. we may validate and analyse your information and, in some cases, match it against information that has been collected by a third party to ensure that the information we hold about you is accurate, consistent and well-organised and in order to make our Services as easy to use as possible.

4.2. To communicate with you, including some or all of the following:

4.2.1.  sending you information about products and services which we think may be of interest to youWe will contact you (depending on your contact preferences) via email, SMS, or by other electronic means such as via social and digital media. This may include new product launches and, newsletters. You can opt out of receiving marketing communications at any time – see section 9 below.

This won’t affect any communications that we need to send you for the purpose of being able to provide our Services.

4.2.2.  sending you a confirmation email of your order – when you make an order with us, you will automatically be sent confirmation of your order by email or SMS so that you have a record of it;

4.2.3. to communicate with you at your request to offer help and support and to resolve any order issues.

4.3. To personalise and improve aspects of our Services including:

4.3.1. to improve the personalised content and insights on our Site and/or as part of our direct marketing communications. The information we collect helps us tailor our content and improve our suggestions to you and other users about products or services that may interest you or them. 

4.3.2. to improve personalised content and insights on other website (for both you, and others). 

4.4. For research, such as analysing market trends and buying behaviours and marketing improvements and site efficiencies.

4.5. To meet any legal obligation and/or to prevent or detect crime – for example, if a court or regulator, Governmental, compliance or law enforcement agency requires us to disclose your personal information; if it is necessary for us to disclose your personal information in connection with legal proceedings; or in order to prevent fraud and money laundering, which might involve disclosure to a fraud prevention agency. See section 5 for more detail on the parties we might disclose your personal information to for these purposes.

4.6. To enable a sale or potential sale of all or part of our business.

Some of the purposes listed above may involve us placing “cookies” or other tracking technologies on our Site; for more information on cookies and the purposes for which we place them, see Section 7.

5. Who is your personal information shared with?

5.1. When you use any of our Services, we may share
your personal information other entities within the Milroys.co.uk group of companies (as detailed at section 1.1 above).  Milroys.co.uk operates a shared IT infrastructure which includes shared technologies, platforms, systems and tools. Your personal information may be shared with other Milroys.co.uk entities because of this shared infrastructure. We implement shared security measures on this system which comply with data protection law and ensure that there are adequate internal controls to keep the personal information secure. This information might be used and analysed in order to improve products and
services across the Group. However, the different entities will not use your personal information to send you direct marketing or target you with advertising if you’ve opted out of receiving this (see section 4.2.1 above). We’ll never share your personal information with third parties for the purpose of allowing them to send you direct marketing;

5.2. When you use any of our Services, we may also share your personal information with the following third parties:

5.2.1. our product partners whose products or services are included on our Site:

5.2.1.1. Warehousing and order fulfilment partners, any partners and companies related to order fulfilment including but not limited to Delivery, Warehousing and Logistics.

5.2.2. other third party service providers that we engage to help us provide certain services and/or functionality including:

5.2.2.1. Order Fulfilment and Delivery, Logistics and packaging and distribution networks.

5.2.2.2. our service providers who help us to provide customer insight products to enable us to develop and improve our products for you;

5.2.3. Where permitted or required by law or regulation, we may also disclose information about you (including electronic identifiers such as IP addresses) and/or access your account in order to comply with legal or regulatory requirements for example:

5.2.4. if required to do so by any court, or any other applicable regulatory, compliance, Governmental or law enforcement agency;

5.2.4.1. if necessary in connection with legal proceedings or potential legal proceedings, to the applicable court or law enforcement authority, or party to the proceedings;

5.2.4.2. in connection with the sale or potential sale of all or part of our business, to the actual or proposed buyer and their professional service providers/other authorised individuals who are under obligations of confidentiality; and/or

5.2.4.3. if we reasonably believe false or inaccurate information has been provided and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering.

6. What are our legal grounds for processing your personal information?

We will only collect and use your personal information in accordance with applicable data protection laws.  Our legal grounds for processing your personal information in the ways described in this Privacy Policy are as follows:

6.1. Performance of a contract – In order to provide you with the Services and manage your account we will: (I) manage, run and administer your account; (ii) send you an automatic confirmation email of your order when you enter your personal information to receive an order on our Site; (iii) to fulfil your order in terms of logistics and delivery of your order. When we do these activities, we are processing your personal information because it is necessary to perform the contract that we have in place with you to provide you with our Services, or to take steps at your request in order to enter into a contract with you.

6.2. Consent – We will use and process your personal information where you have told us you are happy for us to process it for a specific purpose(s), for example: (i) through consenting to cookies placed for certain marketing and/or advertising purposes (for more information on our use of cookies, see section 7);

You are able to withdraw your consent at any time (which will not affect the legal basis for the processing prior to your withdrawal of such consent).

6.3. Legitimate Interests – We may use and process some of your personal information where the benefits of doing it are not overridden by the interests or fundamental rights or freedoms of individuals. Under UK privacy laws, this is called the “legitimate interests” condition for processing your personal information. Our legitimate interests for processing your personal information are:

6.3.1. to monitor and communicate with you about the Services.  It is in our legitimate interest to keep you informed about your use of the Services in order to improve our Services, for example:

informing you of delivery times and dates, changes to order details or fulfilment;

Requesting any additional information related to an order or order fulfilment;

6.3.2.  marketing: to tell you about products, services and insights which we think may be of interest to you, for online advertising, to develop marketing content and enhance our marketing strategies.
We won't send you marketing communications if you tell us not to;

6.3.3. to personalise and improve our products and services, for example, we may undertake analysis and profiling on your personal information to personalise aspects of our service, including to personalise recommendations to you and others on other websites, such as social networks; and to streamline aspects of our service such as personalisation of product offerings and additional products of interest. We constantly aim to improve our Services to you, and using your personal information in this way helps us to do this. We do not consider that these activities would produce legal effects, or have similarly significant effects on you;

6.3.4. for market research, analysis and product improvement, including to produce the customer insights and usage. These activities help us to regularly review and improve the products and services we provide. Where possible data that we use/provide in this way will be in an anonymised or pseudonymised format;

6.3.5. to help facilitate the sale or potential sale of all or part of our business. This enables us to achieve our strategic objectives and to enable the long-term commercial success of our company.

You have the right to object to our use of your personal information for these legitimate interests.  If you raise an objection we will stop processing your personal information unless an exemption under UK data protection law applies, in which case we will let you know why we are continuing to process your personal information.  Please contact our Data Request Team at: dpo@milroys.co.uk if you wish to exercise this right, see section 10 below for further information on your personal information rights. 

6.4. Legal obligation – We may be required to process your personal information in order to comply with a legal obligation on us; for example, an obligation to disclose the information to a court or regulator, Governmental, compliance or law enforcement agency, or in connection with legal proceedings; or in order to prevent fraud and money laundering, which might involve disclosure to a fraud prevention agency. We may also be required to process certain personal information about you in order to respond to (and verify we are able to respond to) a data subject rights request that you have submitted.

7. What cookies do we use?

7.1. A cookie is a small text file placed on your computer or device. Cookies help us to:

  • understand browsing habits on the Site;
  • respond to you as an individual by tailoring our operations to your needs, likes, and dislikes by gathering and remembering information about your preferences;
  • monitor which pages you find useful and which you do not; and
  • understand the number of visitors so that we can analyse data about web traffic which helps us improve our Sites.

7.2. For more information on the cookies we use, please see our Cookie Policy

8. How secure is our Site and what steps do we take to keep you safe?

8.1. Your personal information’s security is very important to us. This is why, where it’s appropriate, our Site uses HTTPS to help keep information about you secure. However, no data transmission over the
internet can be guaranteed to be totally secure. Certain information, for example, your credit card details, is encrypted to minimise the risk of
interception during transit.

8.2. You may complete a registration process when
you sign up to use parts of the Site. This may include the creation of a username, password, and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone. To protect your account, we ask you to choose a strong password to access your information on our Site. A strong password should be lengthy and include a mixture of letters and numbers. Your password can only be reset with access to the email address registered in our system.

8.3. It might sometimes be necessary for us or our suppliers to transfer your personal information outside of the UK either within the European Economic Area (EEA); or outside of the EEA. However, we will only transfer your personal information out of the UK to a jurisdiction which
has not been determined by the UK government as being “adequate” for data protection purposes if we have put in place appropriate safeguards and protections as stated under UK law for example by the use of a data-transfer agreement incorporating either the UK’s international data transfer agreement or addendum which have been approved by the UK government in accordance with the UK GDPR and Data Protection Act 2018.

9. How can you amend your preferences?

9.1. Any electronic marketing or communications from Milroys.co.uk services we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also
amend your marketing preferences by accessing your personal details via YourAccount /Dashboard, via the link received in emails, or by emailing us at dpo@milroys.co.uk

9.2. To turn off communications from Milroys.co.uk, you can go to milroysofsoho.com settings or follow the links included at the bottom of the emails you have received.

9.3. Please bear in mind that it may take a little while for all marketing to stop once you either tell us you’d like to opt out of marketing or withdraw your consent. Marketing may already be in transit to
you, in which case we may not be able to immediately stop it.

9.4. If you would like us to stop processing your personal information with respect to any of the services, we are providing to you, please email us at dpo@milroys.co.uk specifying that you no longer wish us to provide you with the relevant service or to process your personal information as part of such service.

10. Your personal information rights and how to contact us

10.1. You have certain rights under data protection legislation in relation to the personal information that we hold about you including:

10.1.1. Right to access - The right to obtain a copy of the personal information we hold about you. Sometimes this is referred to as a DSAR (data subject access request). We’ll ask you to describe the information you require, as well as letting us know about any
other email addresses you’ve used on our Site, to enable us to trace your personal information. Depending on the nature of your request, we may also ask you for your full name, your date of birth, and your full address and documents to allow us to verify your identity. Requests for copies of your personal information will be dealt with within one calendar month, unless your request is complicated or if you have made a large number of requests.  In these circumstances it may take us longer to deal with your request, in which case we will let you know if we need longer than one month to respond;

10.1.2. Right to correct - The right to have your personal information rectified if it is inaccurate or incomplete. Requests for us to correct your personal information will be dealt with within one month, unless your request is complicated or if you have made a large number of requests.  In these circumstances, it may take us longer to deal with your request, in which case we will let you know if we need longer
than one month to respond. If we believe that your personal information is accurate, we will let you know that we will not be amending your personal information and why. As mentioned above our product partners will be acting as data controller of any of the personal information that they hold, so we will not be able rectify any such information, you should contact them directly;

10.1.3. Right to erasure of your information - The right to request that we delete or remove your personal information from our systems.  Data protection legislation gives exceptions to this right which, if applicable, we will explain in our response to you;

10.1.4. Right to restrict our use of your information - In some circumstances you can  ‘block’ us from using your personal information or limit the way in which we can use it, form example while we investigate a complaint that the personal information we hold about you is inaccurate;

10.1.5. Right to data portability - The right to request that we move, copy or transfer your personal information to a specified third party, or to you, in a machine-readable and structured format (e.g. CSV files). There are exemptions – for example, this only applies to personal information which has been provided directly from you, which is held in digital format, and which we process with your consent or to fulfil a
contract with you;

10.1.6. Right to object - The right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics. If you raise an objection we will stop processing your personal information unless an exemption under UK data protection law applies, in which case we will let you know why we’re continuing to process your personal information;

10.2. To make an enquiry, or exercise any of your rights set out in this Privacy Policy please contact our Data Requests Team, you can email us at dpo@milroys.co.uk

10.3. If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator which in the UK is the Information Commissioner’s Office (ICO).

10.4. This Privacy Policy shall be governed and construed in all respects in accordance with the laws of England and Wales.

11. How long do we keep your personal information?

11.1. We will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted (unless a longer retention
period is required or permitted by law). 

11.2. Generally, you can expect us to keep your personal information while you use the Site or if you have an active account with us.  Where you have applied for or purchased products or services via the Site we will need to keep your personal information for longer for accounting purposes - up to six (6) years following the date on which it is provided to us. 

11.3. If, having registered for any of our Services, you do not use them for a reasonable time (which may vary depending on the Service(s) you’ve registered for) we may contact you to ensure you’re still happy to receive communications from us. 

11.4. If you purchase a product then the service provider will keep your personal information in accordance with their own retention periods and so you should check their own privacy policy for further information. 

11.5. Even if you delete or ask us to delete your personal information it may persist on backup or archival media for legal, tax, or regulatory purposes.

12. Changes to this Privacy Policy

12.1. We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the Site. The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending you an email.  If you do not agree with any changes please do not continue to use the Site.

Last updated September 2023