Any personal information processed by IAG Loyalty Retail in connection with this privacy policy is controlled by IAG Loyalty Retail, which is considered the “data controller” of your personal information under European union and UK data protection law. Our company registered details: IAG Loyalty Retail Limited, PO Box 365, Waterside (Hea3), Speedbird Way, Harmondsworth, United Kingdom, UB7 0GB (Company Registration Number 13984706)

IAG Loyalty Retail is part of the IAG and its role as a data controller in the airline partner programmes relates primarily to selling of consumer goods such as Alcoholic and Non-Alcoholic beverages. IAG Loyalty Retail receive, store and process airline partner programme member data to administer parts of the programmes. IAG Loyalty Retail and the airlines partners are independent data controllers each with separate responsibilities for the processing of personal information of programme members.

If you are a member of the British Airways Executive Club programme, they are a separate data controller of your personal information,. The link to their privacy policy is provided here: British Airways Executive Club

Personal information means details which identify you or could be used to identify you, such as your name and contact details or purchase history. It may also include information about how you use our websites.

This privacy policy applies to personal information about you that we collect, use and otherwise process regarding your relationship with us as a partner organisation or customer. This includes when you purchase a product in our website using your British Airways Executive Club account or as a guest or when you subscribe to use our services.

Where we reference that others are data controllers in the section “controller of personal information “or “who do we share your personal information with?” You should consult their privacy policies for further information.

We take great care to protect the personal information you provide to us. Here are some things you can do to keep your information secure.

Keep your registered customer log-in details confidential

To make sure your access to our websites and other online services is secure, you should not share your login details with anyone else. When you finish using the website or online services you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.

Be aware of and protect yourself against internet fraud and “phishing”

There is an internet fraud practice known as "phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.

We collect personal information about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you enquire about or use IAG Loyalty Retail products or services, when you use our website, or interact with us via email or via the phone.

In addition, we may receive personal information about you from third parties, such as:

• Companies that participate in loyalty programmes that are managed (entirely or partially) by IAGL.

• IAG airline partners who we work with to run their loyalty programmes.

This information is only used for the purpose of providing the services to you or for Marketing communications only in the circumstances described in the When will we send you marketing? section.

When you visit thewineflyer.co.uk and use our services, you may provide and we may collect information, such as when you sign up for a subscription or when you check out as a guest. Below is a brief, general description of the types of information we collect through thewineflyer.co.uk:

• Information you provide for IAG Loyalty Retail to register, complete and manage an order.

Example: Your name, email, office/mobile telephone number, city and country, Order, Account and Billing Data this includes information concerning your account and transactions (including payment) with us and information which we need to fulfil your order, such as your name, date of birth, bank account or card details.

• Usage and communication data.

Example: Details of your previous transactions, such as products purchased and your customer feedback.

• Information about other online interactions.

Example: We will retain your information if you have entered a competition, registered for a promotion or interacted with us via social media such as Facebook, YouTube or LinkedIn.

• Information about your use of our websites, contact centres and social media.

For more details of the methods please see the cookie policy below.

Example: To help us to personalise your information and improve our website we collect information about your searches and the content you have viewed on our website using cookies and similar technologies, such as the website you come from, online display advertisements and links which appear on our marketing partner’ websites.

We will use previous web usage data stored within the cookie to personalise and understand you as a customer.

We would be able to understand from your data usage that you have visited iagloyalty.com. We may use this information to contact you to offer more information about our products and services.

• Information about your device if you have been browsing on thewineflyer.co.uk for example your ip address or unique device id. An ip address (i.e., internet protocol address) is a numeric and/or alpha-numeric code (with regard to ipv6) that can act as a unique identifier for your computer or other device – this can be turned off from your device.

Example: Identifying the county from which you are accessing the relevant website which will enable us to provide more relevant content and use an appropriate language.

If we have your permission, we may use the functionality on your device (such as Bluetooth, wi-fi and gps) to determine your location to provide a personalised service (you can access or change this option by amending the location settings on your device).

• Information about your or your device, collected from social media or an interaction with IAG Loyalty Retail in another way.

The main purposes for which we use your personal information are:

• To deliver the services you have asked for.

Example: We will use the data you provide so we can process purchases and take payments

• To send status updates and service communications to you.

Example: We may send a communication informing you of any operational updates about IAG Loyalty Retail services you are using.

• To provide services tailored to your requirements and to treat you in a more personal way.

Example: We may update and share non-personal information with our media agency, in order to serve tailored and relevant advertising from our partners and third parties on our websites and social channels.

• To carry out advertising, analysis and market research.

Example: We will analyse the way in which our sales channels, products and services are being used by customers so that we can understand how to improve the service we offer and encourage customers to use the full range of our products and services.

• To carry out marketing and keep you informed of IAG Loyalty Retail's products and services.

Example: We may send you information about our products and services by email, tailor the content of our websites, emails and other communications to ensure they are as relevant to you as possible.

We may combine / match anonymised customer relationship marketing data with a third party (e.g., google, Facebook) so both companies can understand behavioural activities such as knowing other sites visited.

• To send you status updates and service communications.

Example: Even if you have opted-out of receiving marketing information from us, we may still send you communications about the services you are signed up to use. These communications will help you get the most from the services we provide.

We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem, and we wish to contact you about it proactively in order to resolve it successfully.

• When we have your consent, to participate in our referral marketing programme
  
  Example: We may use your email address and purchase history to provide you with special offers when referring other people.

• To improve our websites, products and services.

Example: We may monitor the way that you and other customers use our website so that we can identify ways to improve the website experience.

• For management and administrative purposes.

Example: We may use and retain your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit verification, anti-fraud screening (including the use of credit reference agency searches) and systems testing, maintenance and development.

When we have your permission, we will send you marketing communications from IAG Loyalty Retail. This includes when you have agreed marketing permission from third parties, as part of your British Airways Executive Club Marketing preferences.

If you decide you would no longer like to be sent marketing communications, you can change your mind at any time. The ways to stop being sent marketing communications are described below:

Email your request to our data protection team: Data.Privacy@thewineflyer.co.uk

Each marketing communication we send by email will also have an “unsubscribe” option which will allow you to stop you receiving further marketing emails. We aim to action requests to stop being sent marketing communications within one month of receiving those requests, but it is possible you will receive some marketing in the period prior to that change being made.

Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which don’t contain marketing content and are necessary, for example, operational updates. If you ask us to stop sending marketing communications, please note we will retain your personal information for the purposes of indicating that you do not want to receive marketing communications.

IAG Loyalty Retail will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons IAG Loyalty Retail collected and needs to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:

• Because we need to use your information so that we can fulfil the contract we have with you

• Because it is in IAG Loyalty Retail’s legitimate interests as a loyalty company to use your personal information to operate and improve our business and operations.

• Because IAG Loyalty Retail needs to use your personal information to comply with its legal obligation.

• To protect the vital interests of you or another person.

• Because you have consented to IAG Loyalty Retail using your information for a particular purpose.

More information on each legal basis is provided below.

If processing of your data is subject to any other laws, then the basis of processing your data may be different to that set out above and may in those circumstances be based on your consent in all cases.

Performance of a contract - It will be necessary for IAG Loyalty Retail to use your personal information to fulfil the service arrangements we have with you.

• Legitimate interests - As a loyalty company IAG Loyalty Retail has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.

• Compliance with legal obligations - There are situations where IAG Loyalty Retail is subject to a legal obligation and needs to use your personal information to comply with those obligations.

• Vital interest - There are rare situations where we may need to use your personal information to protect the vital interests of you or another person.

• Consent - Alternatively, we may collect and use your personal information where you have given your specific consent to us doing so.

If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent as described above, or by contacting Data.Privacy@thewineflyer.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.

However, if you withdraw this consent, in some circumstances, it may mean we will not be able to provide all or parts of the service you have requested from us.

We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you buy a product or service with us, we will keep the information related to your booking, so we can fulfil the specific arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your IAG Loyalty Retail experience.

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

Your personal information may be shared with the companies within IAG group, which includes international consolidated airlines group s.a (IAG), Avios Group Limited (AGL), British Airways, Iberia, Iberia Express, Vueling, Aer Lingus, Level, British Airways Holidays, BA Cityflyer, IAG Cargo, IAG Connect and IAG GBS. For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have used the services of one of the companies in the IAG group we may use this information to understand more about the sorts of products and services you are likely to be interested in.

You will only be sent marketing emails from other companies within our group where you have provided your consent to those companies.

We may also disclose your personal information to the following third parties for the purpose described here:

• Our partner airlines and franchisees, for example, to administer benefits because of cooperation between loyalty programmes.

• In response to a valid, legal request from government and law enforcement agencies.

• Third party service providers we are using to provide services that involve data processing, for example, our E-commerce provider or to carry out marketing initiatives or run customer surveys on our behalf.

• Third parties, such as shipping tracking solutions (AfterShip), to efficiently monitor deliveries and optimise the customer experience.

• Third parties, such as law firms and law courts, to enforce or apply any contract with you.

• Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.

• Third party companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared.

• To third parties’ websites we may provide usage information (but not your personal details) to other websites so that they know that you have visited our websites (see more in the cookie policy below).

• If necessary, to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g., our decision to operate to a country or a related decision).

We do not sell personal information to third parties.

The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK. This occurs because our business and the third parties identified in “who do we share your personal information with?” have operations in countries across the world.

In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to you. This may involve sending your data to countries where under their local laws you may have fewer legal rights.

Where your personal information is transferred outside the European Economic Area or the UK, we will implement safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses. If you would like more information on these safeguards, please contact our data protection team: Data.Privacy@thewineflyer.co.uk

Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. As a rule, responses to exercise your rights will be provided within one month. If your request is particularly complicated, we may extend the deadline for responding to three months, but we will let you know if this is the case.

We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.

Details of how to exercise your rights are set out in the section below “how can you exercise your legal rights in relation to your personal information?”

Your rights include the following:

• You may request us to stop sending you direct marketing. To see how to change your permission to market please refer to the section “how can you change what marketing communications you receive and how you receive them?”

• You may request that we stop using, or erase, your personal information, unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.

• You may request us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when your personal data have been unlawfully processed.

• You may access the personal information we hold on you. There are some limited exceptions to this right, such as information relating to others who have not consented to the disclosure of their information and information which is legally privileged.

• You may ask us to correct your personal information (the 'right of rectification’) if that information is inaccurate.

• You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.

If you wish to exercise any of your individual rights set out under the heading 'your individual rights in relation to your personal information' please contact us at the address below.

When you are seeking access to your personal information, please include the following information with your request:

• Your name and postal address.

• How you would prefer to receive the response (email, post).

• Details of your request.

• Any details which may help us locate the information, which is the subject of your request, for example:

• We may ask you to provide:

  • A photocopy of your passport or driving licence, so that we can verify your identity

  • Signed authority from a third party if you are applying on their behalf

Please send your request to:

• Email:

Data.Privacy@thewineflyer.co.uk

• Post:

Data protection team

Avios Group (AGL) limited,

Waterside PO box 365

Harmondsworth

UB7 0GB

If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

We may update and change this policy in the future in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our policy.