You provide us with information about yourself when corresponding with us, entering our competitions, buying our wines or when using or registering on our websites. This may include:
If you buy wine from us online for example, we will require you to provide us with your name, address and phone number so we can process your order and deliver your wine to you. We will also require your date of birth to verify that you are of legal drinking age, and your credit card number to process the sale.
Cookies help us gather and store information about visitors to our websites. They help our websites remember what you chose on previous pages (to avoid having to re-enter information) and can help us to identify you as a unique visitor, tailor content based on past visitation and provide you with an optimised experience.
We use the following categories of tracking technologies on our websites:
For California residents, additional information regarding the categories of personal information we collect is found in the “Your California Privacy Rights” Section below.
We will not use your information to carry out electronic marketing unless we have your consent. For example, if you have entered a promotion in relation to our products, we may obtain your consent to send marketing materials about those products. If you receive electronic communications from us, we will always provide you with an opportunity to unsubscribe from receiving further information from us by clicking on the unsubscribe link provided in the communication.
We may use or disclose the personal information we collect for one or more of the following purposes in order to conduct our business and pursue our legitimate business interests (and where required, your consent):
In some instances, the provision of information to us is mandatory. If for example you want to buy wine from us and certain personal information is not provided (such as your age, your contact details and delivery address), then we will not be able to fulfil your order. We will always ensure that we minimise the amount of data we collect and will only ask for data that we need to process your request.
TWE will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, and to object to profiling we carry out for direct marketing purposes, at any time. You can do this by following the instructions in the communication (where this is an electronic message) or by contacting us using the details set out below.
Where we process registration information, we retain this for as long as we consider that you are an active user of our sites and for 2 years after this.
Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your information indefinitely so that we can respect your request in future.
Where we process personal information in connection with performing a contract (such as when you purchase wine from us) or for a competition, we keep the information for 6 years from your last interaction with us.
Where we process personal information for site security and/or fraud management purposes, we retain it for 3 years.
We will not disclose your personal information to third parties except:
We may also transfer personal information to a related company or a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
Our websites sometimes contain links to other websites. With the exception of other sites owned by us, we do not control the privacy practices of sites reached through links from our websites. If you have any questions about the privacy practices of those websites then you should contact the relevant companies directly.
Under applicable law, you may be entitled to ask us for a copy of the personal information we hold about you, including to correct, delete or restrict processing of your personal information. In some jurisdictions, applicable law may also entitle you ask us to transmit your data to another controller where the processing is based on your consent carried out by automated means, or entitle you to object to the processing of your personal information in certain circumstances (in , where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing or profiling). However, these rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.
We take appropriate measures to keep your personal information secure. We have implemented appropriate physical and electronic procedures to protect the personal information we collect. If you have an account with us, you are responsible for maintaining the confidentiality of your account details including your password, and are responsible for any activity under your account. We will not be responsible for any loss arising from your failure to comply with this obligation.
Due to its nature, transmission of information via the internet is not completely secure. Although we will protect your personal data in accordance with this policy, we cannot guarantee the security of any data transmitted to our websites and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorised access.
If you have any questions or concerns about our collection, use or disclosure of personal information, wish to exercise your rights in relation to data protection or you wish to make a complaint in relation to our privacy practices, please visit our privacy portal. If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.
For the purposes of the EU General Data Protection Regulation and the Data Protection Act in the UK, the data controller is Treasury Wine Estates EMEA Ltd of Regal House, 70 London Road, Twickenham, Middlesex, TW1 3QS.
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, TWE's Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
Examples: This category may include: name, postal address, unique personal identifiers, online identifiers, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Under the CCPA, “unique identifiers” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Examples: This category may include: name, signature, Social Security number, physical characteristics, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education or employment information, financial account numbers, medical information, or health insurance information.
C. Protected classification characteristics under California or federal law.
Examples: This category may include: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex and gender information, veteran or military status, or genetic information.
D. Commercial information.
Examples: This category may include: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Examples: This category may include: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
F. Internet or other electronic network activity information.
Examples: This category may include: browsing history, search history, and information regarding interactions with an Internet Web site, application, or advertisement.
G. Geolocation data
Examples: This category may include: physical location or movements.
H. Sensory data.
Examples: This category may include: audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Collected: YES (for prospective employees only)
Examples: This category may include: current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Collected: YES (for prospective employees only)
Examples: This category may include: education records directly related to a student maintained by an educational institution or party acting on its behalf (e.g., grades and transcripts).
K. Inferences drawn from other personal information.
Examples: This category may include: inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behavior, attitudes, or similar behavioral information.
Please note that some of the categories of personal information described in the CCPA overlap with each other; for instance, your name is both an Identifier and a type of data described in Cal. Civil Code 1798.80(e).
Personal information does not include publicly available information from government records or any deidentified or aggregated consumer information. In addition, the CCPA excludes the following from its scope: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
TWE obtains the categories of personal information listed above directly from you (for example, from forms you complete or products and services you purchase) and/or indirectly from you (for example, from observing your actions on our Website).
We may use or disclose the personal information we collect for the purposes described in the “How We Use Your Information” Section above.
TWE may disclose your personal information to third parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
TWE shares your personal information with the categories of third parties listed in the “Our Disclosure of Your Information” section listed above. Specifically, in the preceding twelve (12) month period, TWE has disclosed the following categories of personal information for a business purpose: identifiers; California Customer Records personal information categories; protected classification characteristics under California or federal law; commercial information; internet or other similar network activity; geolocation data; professional or employment-related information (for prospective employees only); non-public education information (for prospective employees only); and inferences drawn from other personal information.
In the preceding twelve (12) months, TWE has not sold personal information.
(a) Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide certain information to you about our collection and use of your personal information over the past twelve (12) months. Specifically, you have the right to request disclosure of the categories of personal information and specific pieces of personal information we have collected about you over the last 12 months. Upon the submission of a verifiable consumer request (see Exercising your California Privacy Rights), we will disclose to you:
We will also provide the specific pieces of personal information we collected about you if you also request access to such information (subject to certain exceptions under applicable law). In addition, if we sold or disclosed your personal information for a business purpose, we will also identify: (i) the categories of personal information that we sold about you; (ii) the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom your personal information was sold; and (iii) the categories of personal information that we disclosed about you for a business purpose.
(b) Right to Request Deletion of Personal Information
If you are a California resident, you also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will conduct a reasonable search of our records in order to locate any personal information we have collected about you that is eligible for deletion, and delete such personal information. To the extent we have shared any personal information collected about you with service providers that is eligible for deletion, we will direct those service providers to delete that personal information as well. For the sake of clarity, however, TWE may not be able to comply entirely with your request to delete all of your personal information as set forth under the CCPA. For example, if you placed an order with us, the CCPA allows us to keep records related to these types of transactions in order to complete a transaction for which your personal information was collected. Specifically, we are not required to delete any personal information we have collected about you that is necessary for us and our service provider(s) to:
Following a deletion request, any personal information about you that was not deleted from our systems will only be used for the purposes provided for by the applicable exceptions. Thus, all personal information about you that is not subject to a deletion exception will either be (1) permanently deleted on our existing systems (with the exception of archived or back-up systems maintained for emergency disaster recovery and business continuity purposes); (2) de-identified; or (3) aggregated so as to not be personal to you.
(c) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable law, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
(d) Exercising Your California Privacy Rights
To exercise your access and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. However, you may make a verifiable consumer request on behalf of your minor child. You can designate an authorized agent to submit a verifiable consumer request on your behalf by having the agent submit a request through the online request portal. Additionally, you may only make a verifiable consumer request for access twice within a 12-month period.
Your verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us.
(e) Response Timing and Format
We will make our best effort to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Within ten (10) days of receiving the request, we will confirm receipt and provide information about its verification and processing of the request. TWE will maintain records of consumer requests made pursuant to the CCPA as well as our response to said requests for a period of at least twenty-four (24) months.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
In addition to your rights under the CCPA, California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure, if any, of their personal information to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal information shared and the names and addresses of all third parties that received personal information for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2018 will receive information about 2017 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing to via our privacy portal.