We are committed to protecting your privacy and we comply with data protection laws applicable to the United Kingdom. Our full Privacy Statement is given below and we suggest you take the time to read and understand it.
1. About Us
Still On The Hill Ltd is limited company registered in England under Company Number 9804220. The registered office of Still On The Hill Ltd is c/o Wellers, 8 King Edward Street, Oxford, OX1 4HL. Our trading name is TOAD or The Oxford Artisan Distillery and our trading and correspondence address TOAD, Old Depot, Cheney Lane, Oxford, OX3 7QJ.
TOAD is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the data protection legislation in the UK and the General Data Protection Regulation.
TOAD’s Data Protection Officer will be happy to deal with any queries or requests regarding the data we hold about you. They can be contacted at firstname.lastname@example.org.
2. Information we collect about you
When you place an order on our website, register interest or submit a query, we collect your name and email address. This allows us to process your registration and send you important service messages. We also ask you to provide other contact details, such as phone numbers and addresses, to carry out our commitments to provide services to you.
We do collect some information from cookies, pixels and similar software which allows us to understand how you arrive on our websites, how you use and navigate around them, and how you interact with our email. This information is used to improve our services and communication. We may obtain some information from Google Analytics and Facebook. The Facebook information provided is limited to your email address and only that which you have previously agreed with Facebook that they can share.
Note: By using this site, you are declaring that you are 18 years of age or over if in the UK, or that you are at least the legal age for consuming alcohol in the country /state you are resident. Use of this site is for personal use in countries where the consumption of alcohol beverage is lawful, of persons who are lawfully permitted to consume alcoholic beverages.
Information you provide to us
We may also collect information which may include personal information about you and other people.
We do not collect sensitive information (also known as special categories of information) about you except when you specifically knowingly provide it and have consented to this.
What is personal information?
Personal information is any information relating to an individual who can be identified directly or indirectly, often by name, account number, location, an online identifier or other factors specific to their identity
As a rule, we do not collect “special category data” about visitors to our website or our customers or suppliers. The exception is where we identify suspected criminal activity such as fraudulent claims or the use of stolen payment card details. In this case we will record details of the suspected criminal activity and may take appropriate action, including refusing to accept orders, make payments or give refunds. We may also report the incident to the relevant bank or payment card issuer or to the police or other appropriate authorities.
See below for details of how we may use your personal information.
Customers: The personal information we collect about you and how we use it
- If you purchase products or services from us, we may use your personal information in the following ways.
Enquiries and Information:
- to answer your questions or provide you with information you have requested;
- to keep track of sales and enquiries
- to keep you informed about our products and services
- to notify you about important changes or developments to our site or services;
- to provide a more personalised online experience by showing you the most relevant products and offers
Orders and Account Management:
- to process your order
- to help with any questions if you have started an order but not completed it
- to arrange visits to your home (e.g. to carry out a survey or installation)
- to manage deliveries, returns and refunds
- to manage your account, including carrying out identity checks (if applicable)
- to manage your credit account (if applicable) including carrying out credit checks
- to monitor how our customers, transact with us in store and online, for example by checking who has redeemed vouchers or bought items using our mobile app, website or other facility (for more information see Understanding Our Customers below)
- to contact you for your views on our products and services
- to publish trends and/or to improve usefulness and content of our website
- to track activity on our site and to provide a more personalised online experience
- to link with social media sites and services, for example, for advertising purposes
- for market research purposes, by tracking activity on our site or in store (on an anonymous basis) to identify trends and/or to improve usefulness and content
- for product liability purposes
- to deal with enquiries and complaints
- for claims management and insurance purposes
- for general record keeping purposes
Suppliers: The personal information we collect about you and how we use it
- If you supply products or services to us, we may use your personal information in the following ways:
- for order processing and management;
- to manage deliveries, installations, returns and refunds;
- for product liability purposes;
- to manage your account, including conducting credit and other background checks where applicable;
- for market research purposes;
- to notify you about important changes or developments to our websites or services;
- for supply chain management;
- to deal with enquiries and complaints;
- for claims management and insurance purposes; and
- for record keeping purposes.
- If you are a supplier and you have any questions about how we use your personal information, please contact the Sales Team or your usual business contact.
3. How we use the information
We will use your personal information for a number of purposes including
- To manage the Spirit of TOAD website
- To process orders and provide our services, goods or online content, to provide you with information about them and to deal with your requests and queries.
- For administration purposes. This means we may contact you regarding goods or services ordered or online content you have signed up for, to let you know that a service or online site has been suspended for maintenance.
- To provide advanced website and service offering features to you and others.
- We will use IP addresses and device identifiers to identify the location of users, to establish the number of visits from different members and business partners, to limit/cap adverts of a certain type, and to personalise content and emails.
- For analysis and research to improve our services and goods offered.
- To improve your own website and information search results.
- A certain amount of advertising is tailored to the individual based on viewing and/or purchase habits. This is a common practice known as online behavioural advertising.
- We may show you relevant advertising on third party sites (e.g. Facebook, Google, and Twitter). Some third party sites allow you to request not to see messages from specific advertisers.
- To conduct surveys with you (where you have consented to us contacting you for such purpose).
- To provide personalised communications (more details below).
- Where we provide personalised services, we may analyse the information you supply, as well as your activity on our (and other) services, so we can offer a more relevant, tailored service.
- We may use and disclose information in aggregate (so no individuals are identified) for marketing and strategic development purposes.
We send service emails to you to administer the service. Service emails include registration and payment confirmations and emails that provide useful information about how to use a service or feature when you sign up or start using it. We will also send you a service email if we make a fundamental change to the website, to our service offering or to our terms & conditions that we think we need to make you aware of, or to let you know important information about your account.
Keeping You Informed
If you sign up to receive updates or have bought or enquired about our products or services, we may use the information we collect to let you know about our other products and services which may be of interest to you and to keep you updated with information about promotional offers and what is coming soon.
If you leave items in your shopping basket on our website without completing a purchase, we may send you an email to follow up and ask if you need any help with your order.
We review the products and services you buy and we also analyse your use of our website and the searches you make on this and other websites. We use this information to tailor the marketing you receive from us so it is as relevant as possible.
You can opt out of receiving marketing communications from us at any time by contacting us at email@example.com.
We use your email address to update you on new products, offers and news. We will only contact you with your consent. You are entitled to withhold this consent and refrain from receiving such communications by selecting the appropriate option on the web form that collects your details.
You can opt out of receiving marketing at any time by using the unsubscribe option in the message or by contacting us at firstname.lastname@example.org.
We will always provide you with a way of opting out of receiving future marketing messages from us each time we send them to you.
4. What if you don’t provide some or all of the information requested?
The impact of this will depend on what information you withhold, but the main impacts may be:
- We will not be able to process or fully process your order.
- We will not be able to contact you to let you know of problems regarding your order, tour or the goods/services provided.
- We will not be able to respond fully to requests and queries you may have.
- We cannot personalise the service you receive. So, if you are online you will have to search more for the content type you normally view or for similar/related products.
- We won’t be able to limit online adverts to products or services you have shown interest in and so you may receive adverts that are not related to your interests.
5. The legal basis are we processing the data under?
There are a number of grounds we process your data under. These are:
- Contractual – we need the information to perform the contract for goods or services you have requested/ordered including payment, delivery etc.
- Legal –we may be legally required to contact you concerning a purchase or service.
- Legitimate interest – this means the processing is in TOAD’s interest. It allows us to manage the customer relationship effectively and efficiently and improve the goods and/or services we provide by better understanding how our online and offline provisions are used and which goods are popular with which groups of individuals.
- Consent – where you have given us consent to market to you. When we collect personal information from you we will indicate whether it is mandatory or voluntary – this is done on the website by using asterisks to mark mandatory fields.
6. Information stored online
If you become aware that your personal information has been misused in any other way on the website, please send an email to us at email@example.com with details and we will investigate and, if necessary, remove this information.
7. Sharing your information with third parties
We may from time to time provide your personal information to third parties for the purposes of providing you with our services. These third-party providers include order management (Shopify), payment processors (WorldPay), providers of card validation services, credit referencing providers, booking services (Booking app and Eventbrite) and direct marketin in cases where you have consented to marketing or surveys (e.g. MailChimp). This is necessary for the performance of TOAD’s service offering.
We will not keep a record of your credit or debit card details in our systems. Our payment processors do not decide what is done with your data and only process it on our behalf. These third parties may be located outside the European Economic Area; however, we will only use providers that provide adequate protection for your information at all times.
When transferring and storing any personal information outside the EEA we only do so under one of the legally recognised transfer mechanisms for ensuring the data is safeguarded. These are:
- The country in question has been deemed safe for data transfer by the European Commission. Also known as an adequacy finding.
- The contract for data processing contains the standard contractual clauses laid down by the European Commission to safeguard the transfer of personal data.
- Binding corporate rules – this is where a large company’s own internal processes for international data transfer have been signed off and agreed by the European Commission as safeguarding the data.
- If the data is going to the USA it can be safely transferred to a company that is certified under the EU-US Privacy Shield.
- Appropriate certification schemes
We will disclose your personal data in order to comply with any legal obligation. This includes disclosing information to organisations for the purposes of fraud protection, credit risk reduction, or the order of a court or regulator.
We will not provide your data to other third parties for marketing purposes unless you have specifically consented to this when you first provided your data to us. You are entitled to decline to receive such third-party communications by not selecting the appropriate box on the application form that collects your details or at any subsequent time by adjusting your preferences, by contacting us by email at firstname.lastname@example.org.
We collect some information from cookies and similar software that allows us to understand how you arrive on our website and use and navigate around it so we can improve the site. We may obtain some information from Google Analytics and Facebook. The Facebook information provided is limited to your email address and only that which you have previously agreed with Facebook that they can share.
|Cookies Necessary for the Functioning of the Website:|
|__cfduid||This cookie is necessary for our delivery platforms security features.|
|ageCheck||This cookie is necessary to record your age verification when entering our site.|
|Cookies Necessary for the Functioning of the Store:|
|_ab||Used in connection with access to admin.|
|_orig_referrer||Used in connection with shopping cart.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|Cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|Secret||Used in connection with checkout.|
|Secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
|Cookies for Reporting and Analytics:|
|_ga||Used to distinguish users.|
|_gid||Used to distinguish users.|
|_gat||Used to throttle request rate.|
|_gac_<property-id>||Contains campaign related information for the user.|
|_landing_page||Track landing pages.|
|_orig_referrer||Track landing pages.|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
|tracked_start_checkout||Shopify analytics relating to checkout.|
9. How we protect your information / Security
We are committed to safeguarding the personal information you provide to us. We use appropriate measures to protect the information that you submit through our website and the information we collect and store about our customers.
We follow strict security procedures/ rules in the storage and disclosure of information which you have given us, to prevent unauthorised access to, and loss, misuse or alteration of your personal information in accordance with UK data protection legislation. These include firewalls and virus-checking procedures. Internally, we restrict access to personal information. Only employees who need the information in order to do their jobs have access to it.
You are responsible for keeping secret any confidential passwords or other login or access details that you select or which we may allocate to you. While we take steps to ensure the security of your information, there is a risk that any information transmitted over the Internet and stored on a computer may be intercepted or accessed by an unauthorised party and any transmission is at your own risk. If you think that someone has accessed your information held by us without your permission or gained unauthorised access to your login details, you must notify us at email@example.com.
Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
10. Your rights regarding your Personal Information
Under the Data Protection law and the General Data Protection Regulation, you have a number of rights with respect to your personal information, a summary of your rights are laid out below:
Correcting your Information: You are entitled to have your personal information updated to ensure it is up to date and accurate. In order to maintain the accuracy of the information we hold, you can update your personal details by sending us an email to firstname.lastname@example.org.
Withdrawing Consent: You have the right to withdraw your consent to any processing that is currently being done under your consent, such as marketing. Consent can be withdrawn by updating your preferences sending us an email to email@example.com.
Obtaining a copy of your Information: You have the right to receive a copy of the personal information we hold about you. You can do this by contacting firstname.lastname@example.org. Requests need to come from the recorded email address we have and you need to provide your full name.
Deleting your information: You can request that we delete personal information in certain circumstances. These will be specific to each case. You can do this by contacting email@example.com. Requests need to come from the recorded email address we have and you need to provide your full name.
Right to object to Processing: You have the right to request that we stop using your data for marketing purposes and in other limited circumstances such as asking us not to process your data by wholly automated means or not to analyse your information for targeted content etc. (also known as profiling).
You can action any of the above rights by contacting TOAD by email at firstname.lastname@example.org or by post to Data Protection Officer, Still On The Hill Ltd t/a TOAD, Old Depot, Cheney Lane, Oxford, OX3 7QJ.
11. Right of complaint to the Regulator for Data Protection
The data protection laws in the UK are regulated and enforced by the Information Commissioner’s Office (ICO). If you are not satisfied with our use of your personal information or our response to any request made by you in relation to your personal information, you have a right to make a complaint / the right to raise a concern to the ICO.
You can do this via the ICO’s website (https://ico.org.uk/concerns), by calling the ICO helpline on 0303 123 1113 or by emailing email@example.com
The postal address for the ICO is: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
12. Retention / How long we hold your data for
We will retain your personal information for as long as needed for the legitimate business purposes described above
We will keep this information for as long as you remain a registered member or business partner or individual interested party in regard to our website and services and for so long as reasonably necessary.
If you are a visitor to the website, we will retain your information for a limited period in order to respond to your query, provide you with the information you require or to send you updates on our products and services for as long as you indicate that you are happy for us to do so.
If you make a one-off purchase, we normally keep records of the transaction for 7 years. If you are an account customer or a supplier, we normally keep records for 7 years after the closure of your account or the last purchase or sale you made. In all cases, this is for accounting, tax and product liability purposes.
Your information may be retained for longer than this if there are valid legal grounds for us to do so, for example if required by law or court order, or as needed to defend or pursue legal claims.
13. Links to third-party / other websites
Links may be provided on our website to other websites that are not operated by us. If you use these links, you will leave our website. You should note that we are not responsible for the contents of any third-party or partner websites. External sites will have their own privacy policies which you should read carefully.
14. Updates to this policy
15. Contacting TOAD
By email at firstname.lastname@example.org, please mark for the attention of Data Protection Officer
By Phone +44 (0)1865 767918
Or by post please mark for the attention of Data Protection Officer, Still On The Hill Ltd (t/a TOAD), Old Depot, Cheney Lane, Oxford, OX3 7QJ.