Data protection responsibilities (GDPR)

As of May 25th 2018 the General Data Protection Regulation (GDPR) will take effect.

Replacing the Data Protection Directive the regulation is an update aimed at increasing citizens data privacy, in particular to online applications. As a business we have the responsibility of informing you of how GDPR affects you as a customer at Brew Cavern.

This article covers consumers rights and details how your data is used, as well as our own responsibilities. 

You will notice all agreements to share personal data have consumer consent first, (“opt in”), no longer is it the responsibility of the consumer to request data is not used, (“opt out”). Consumers also have the right to ask for details of any data stored as well as requesting its removal.

Previous data which has been collected with consent like our mailing list, has been kept. Email addresses taken before explicit consent have been destroyed.

Data used for click and collect or mail order is securely stored on our email server and only accessible by staff.

Website Log in details (Name, Billing and Mailing addresses etc) are kept in the back end of our website. This data is password protected and needs to be kept so as a thorough investigation can be made in the event of order related issues. This information can be removed on request but will result in the customer needing to re-register for subsequent orders. This data is not stored in any physical form.

Details are sent to DHL couriers via the InXpress booking system for delivery, where they have their own procedures for storing the data which can be found on their website

Credit/Debit Card details are stored by Stripe and not by our own website. These details are not accessible by any staff at Brew Cavern. Stripe can be contacted for removal of data. They too have their own procedures on GDPR which can be viewed on their website.

Emails taken for receipts in store have been deleted. They will only be taken in store under consent and kept in our in store point of sale, only accessible by staff and password protected.

We have built an action plan in the event of any data breach, available on request.