Privacy Notice
Marketing & End User


Version 1.0
May 2018


Document Control
This document is subject to change control and any amendments will be recorded below.
Version Date Circulation Changes
1.0 17/05/2018 Websites Original


Version Awareness
The audience of this document should be aware that a printed copy may not be the latest available version. The latest available version, which supersedes all previous versions, is available by contacting GDPR.Committee@J.Marr.co.uk.  Those to whom this policy applies are responsible for familiarising themselves periodically with the latest version and for complying with Policy requirements always.

The intellectual property contained within this publication is the property of the J. Marr & Son Limited.
This publication (including its text and illustrations) is protected by copyright. Any unauthorised projection, editing, copying, reselling, rental or distribution of the whole or part of this publication in whatever form (including electronic and magnetic forms) is prohibited.

Table of Contents
Document Control 1
Version Awareness. 1
Table of Contents. 2
1.             Introduction. 3
2.             Purpose. 3
3.             Data Protection Officer (DPO) 3
4.             The Personal Data we hold about you. 3
5.             Special Categories of Personal Data. 3
6.             Why do we collect this information about you and what is the legal basis?. 3
7.             How your Personal Information is collected. 4
8.             How we will use information about you. 4
9.             Mailing List 4
10.           Competitions. 4
11.           Google Analytics. 4
12.           Careers, CVS and Speculative Emails. 5
13.           Lead Forensics. 5
14.           Adimo. 5
15.           Automated Decision Making and Profiling. 5
16.           Cookies. 5
17.           Links to other websites. 5
18.           If you fail to provide personal information. 5
19.           Change of Purpose. 5
20.           Data Security and Storage. 6
21.           Data sharing. 6
22.           Which third party service providers process my personal information. 6
23.           Data retention – how long will you use my information for?. 6
24.           Your duty to inform us of changes. 6
25.           Your rights in connection with personal information (Data Subject Access Request) 7



Introduction
J Marr & Son Limited (and its subsidiary companies) here after known as the Company, is committed to protecting the privacy and security of your personal information.  It is important that you read this notice, together with any privacy notice we may provide on specific occasion when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.  
Purpose
J Marr & Son Limited is a “data controller”.  This means that the Company is responsible for deciding how we hold and use personal information about you.    We are required under data protection legislation to notify you of the information contained in this Privacy Notice.   We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.  If you have any questions about this privacy notice, please contact the Data Protection Officer or the GDPR Committee.

This notice applies to all those who visit one of our group websites and end users of our products and services. 
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice.  The DPO is responsible for the upkeep, amendment and modification of this document.  If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer by emailing GDPR.Committee@j-marr.co.uk.

You also have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues.
The Personal Data we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data). 


We collect, store and use the following categories of personal information about you;
4.1. 
Personal contact details, such as name, title, address, telephone numbers and personal email addresses
4.2. 
CV, application forms and recruitment information as part of the application process.
4.3. 
Date of Birth
4.4. 
Credit card and/or payment details
4.5. 
Proof of age (in relation to alcohol)
4.6. 
IP Address

Special Categories of Personal Data
“Special categories” are more sensitive personal data including information such as race or ethnicity, religious beliefs or sexual orientation, Trade Union Membership, health including any medical conditions, health and sickness records, genetic information or biometric data, or information about criminal convictions.

In the marketing and sales of our products, we do not currently collect and/or store any special categories of personal data.
Why do we collect this information about you and what is the legal basis?
It is necessary for us to collect information about you for our legitimate business needs in order for us to conduct certain business and marketing activity. We only collect the data that is needed, for the purpose intended will only share data where we need to in order to complete activity as outlined in points 21 and 22. The third parties we share data with can be found later in this notice.
We require your consent to using your data. On accepting this privacy policy, you consent to us using your data for the outlined processes. We ask for consent when signing up to our mailing list. When processing sales orders, enquiries, competition entries and complaints it is contractual that we need this personal data to perform the activity. With regards to monitoring website, app and social media usage as well as monitoring reviews it is in the legitimate interest of both Company and individual to improve the performance of both our products and services.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.


How your Personal Information is collected
We collect personal information about customers and end users directly from the data subject or through third party providers such as Google Analytics and Lead Forensics.  


We collect personal information about you in the following ways;
7.1. 
When signing up to our mailing list, either through the website or in writing.
7.2. 
Through the speculative CV and enquiry process on our careers website page.
7.3. 
Through usage of our websites, social media profiles and Cocktail Bar App
7.4. 
Upon entry of a competition, either through social media, our websites or other entry mechanics set out in the competition T&Cs.
7.5. 
Through online orders of our products e.g. through Amazon.com.
7.6. 
Through sales orders, enquiries or complaints through any means of verbal, online or written contact.
7.7. 
By monitoring reviews on retail and review websites.
7.8. 
Through events, trade shows and exhibitions when enquiring about the Company’s products and services.


How we will use information about you
We will only use your personal information when the law allows us to.  Most commonly, we will use your information in the following circumstances;
To process enquiries, sales and complaints
To understand who uses our websites and Cocktail Bar App and monitor the way users navigate and use them.
To allow us to send marketing emails to you with regards our latest news and product information.
To tailor the online marketing content that we share with you, such as social media adverts and online adverts.
To remarket our products to you through other online websites when you have visited them on our website.
To announce winners of competitions and contact them to send prizes.
To send samples and gifts as required.
To contact you with regards recruitment opportunities.
We monitor reviews on retail and review websites to assess quality control and the feedback of our products.
Mailing List
We ask for your explicit consent when signing up to our mailing list, whether this is online or written. We will send a maximum of 2 emails per month informing you of business news and product updates. There will be an option to unsubscribe on the bottom of each email. We use Mailchimp to send emails and this is where our mailing lists are also stored.
Competitions
We run a number of competitions on our website, through social media and on our packaging. When entering we will collect your personal details to announce and notify the winners and send prizes, in some instances we may need proof of age if the prize contains alcohol. We may share your details with the competition agency and digital agency who are assisting with running the competition. Please see terms and conditions of the individual competition for full details of these.
We will only store entrants’ details for a reasonable time after the competition has closed, to inform of winners and to reselect a winner should a prize not be redeemed. The usual retention period for this is a maximum of 6 months.
Competition entries are stored through third party service providers such as on Wordpress, Mailchimp and social media.
Google Analytics
This website uses software to monitor how visitors navigate and use the site. This software is provided by Google Analytics which uses cookies (see point 16) to track visitor usage.  For example, we can see;
Which country and region the visitor is from
Which pages are visited and for how long
The journey through the website
Which device is being used to browse
Although we would not use this information to personally identify you, we can use this to improve the performance of the website and, in some cases, retarget marketing adverts to you that we think you will be interested in from visiting our website. You can read Google’s Privacy Policy here for more information: www.google.com/privacy.html
Careers, CVS and Speculative Emails
If you contact us via our careers page, your CV and associated details sent with this will be held on our internal system. Our HR department will contact you should your application be successful or if a suitable job arises. We will only hold the details we need, and will retain them for a period which we believe is reasonable for the application sent. If you do not want us to hold your details, please make this clear when sending your speculative CV or applying. We will not share your details unless you are then employed by the Company, at which point you will be referred to our Employee Privacy Notice.
Lead Forensics
Some of our websites use Lead Forensics to monitor which businesses visit our website and their usage whilst on our site. A businesses IP address and business details are collected, but no personal information. As the processor of information, the data is stored on Lead Forensics cloud software which we can access. The data is stored with Lead Forensics until we terminate our contract with them.
Adimo
On The Ice Co website and social media pages, Adimo allows visitors to‘add to basket’ our products to their chosen retailer basket (where the product is available), for example, a visitor to The Ice Co website could add Party Ice to their Tesco online shop. To do this, the individual needs to enter their login details for that online retailer. Although The Ice Co does not store this information, the functionality is available through the website.
Automated Decision Making and Profiling
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Cookies
Cookies are small text files that can be used by websites to improve a user’s experience. Our websites uses cookies to analyse our traffic, personalise content and ads and to provide social media features. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
Where applicable, our websites use a cookie control system allowing the user on their first visit to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements. Users can at any time change or withdraw thier consent from the Cookie Declaration on our website or they can take necessary steps within their web browser settings to block all cookies from our website and its external vendors.
See our websites for the Cookies currently being used on that site.
Links to other websites
Throughout our websites we may link to other websites for example, on our blog on The Ice Co website we often work with partners and link to their websites in our blogs. Although we endeavour to put links only to trusted brands and companies, we are not responsible for the way they handle your data once on a third-party website, please refer to the individual privacy policies of the third-party websites when visiting.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the activity we have entered into with you (such as sending you a competition prize), or we may be prevented from complying with our legal obligations (such as obtaining ID for the sale or giving of alcohol).
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.
Data Security and Storage
The Company, third-party service providers and other entities within the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We will put in place appropriate security measures to protect your data proportionate to the size of our operation, the resources available to us and the nature of the data we store. The third-party and cloud based companies we use can be seen in Point 22.
Data sharing
When we require third parties to handle and store your data, we request that they respect the security of your data and to treat it in accordance with the law.  Examples of who we share your data with:
Competition agencies for the successful running of promotions, including collecting data of entries, notifying winners and sending prizes. Please see terms and conditions of individual competitions for more information
Digital agencies to help with monitoring our website usage, competition implementation, retargeting campaigns and social media activity.
Our delivery partners such as APC and My Parcel Delivery for sending samples, prizes, gifts and orders.
Cloud based software such as Mailchimp and Amazon that stores your details to allow us to run activity such as marketing campaigns and send parcels.
See point 22 for a full list of third party service providers who might handle your data.

We may share your personal information with other third parties, for example in the context of the possible sale or restructure of the business.  We may also need to share your personal information with a regulator or to otherwise comply with law.

J Marr & Son Limited and its subsidiary companies will never sell your personal information to a third party.
Which third party service providers process my personal information
“Third parties” includes third party service providers (including designated agents) and other entities within our group.  Please see the privacy terms for each provider via their website for more information.


The following third party service providers may handle your data;
22.1.   
Mailchimp (mailing list storage and software)
22.2.   
Lead Forensics (business tracking software on websites)
22.3.   
Amazon (online sales)
22.4.   
Adimo (add to basket feature on The Ice Co website)
22.5.   
Google Analytics (to monitor website usage)
22.6.   
CMS Software(content management software for our websites)
22.7.   
iConnect (to monitor app usage)
22.8.   
Social Media (to advertise products to individuals who have visited out website).
22.9.   
Delivery partners – i.e. APC, My Parcel Delivery, DPD, Royal Mail.



Data retention – how long will you use my information for?
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. 

If you need to know how long we retain your information for with regards to a specific activity, please contact the GDPR Committee.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current.  Please keep us informed if your personal information changes.


Your rights in connection with personal information (Data Subject Access Request)

Under certain circumstances, by law, you have the right to;
25.1.  Request Access to your personal information (commonly known as a “data subject access request” DSAR).  This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
25.2.  Request Correction of the personal information that we hold about you.  This enables you to have any incomplete or inaccurate information we hold about you corrected.
25.3.  Request Erasure of your personal information.  This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below point 25.4).
25.4.  Object to Processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.  You also have the right to object where we are processing your personal information for direct marketing purposes.
25.5.  Request the restriction of processing of your personal information.  This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
25.6.  Request the transfer of your personal information to another party (also known as portability).
25.7.  Right to Withdraw Consent where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (in limited circumstances).  You have the right to withdraw your consent for that specific processing at any time.   Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest for doing so in law.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw consent for specific processing, or request that we transfer a copy of your personal data to another party, please contact the GDPR Committee as explained in point 3.   

You will not have to pay a fee to access your personal data, (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of the other rights).  This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer by emailing GDPR.Committee@j-marr.co.uk.