Shopping Cart

You have no items in your shopping cart.

Farthinghoe Fine Wine

Privacy Policy

Privacy & Cookies Policy

Farthinghoe Fine Wine Ltd (“FFW”) respects your privacy and is committed to protecting your personal data. This Privacy & Cookies Policy explains how we collect, use, disclose, and safeguard your information when you use our website or services, in accordance with the UK GDPR and relevant data protection laws. It also explains our use of browser cookies and how you can manage them. This policy applies to the website https://www.farthinghoe.com/ (the “Website”) and any other interactions you have with FFW (e.g., email, phone, in person) in the context of our services.

1. Information We Collect

We may collect and process different kinds of personal data about you, which we have grouped as follows:

  • Identity Data: such as your name, username or similar identifier, title, date of birth (for verifying age in alcohol sales).
  • Contact Data: such as billing address, delivery address, email address, and telephone numbers.
  • Account Data: if you register an account on our Website, we collect login credentials (username, password) and account preferences. We also assign you a client account number internally.
  • Transaction Data: details about transactions you’ve made with us, including orders placed, wines purchased or sold, payments to and from you, and other details of products and services you have obtained from us (e.g., storage records, broking sale records).
  • Financial Data: payment card details or bank account details (note: we do not store full card numbers ourselves - if paying online, card processing is handled by accredited payment processors).
  • Marketing and Communications Data: your preferences in receiving marketing from us, your communication preferences, and any feedback or survey responses.
  • Technical/Usage Data: when you visit our Website, we may automatically collect data such as IP address, browser type and version, time zone setting, browser plug-in types, operating system, platform, and other technology on the devices you use. We also track usage data including pages you viewed, how you navigated to and from the site, what products you searched or viewed, and how long you spent on pages. This helps us improve our Website.
  • Cookies Data: as detailed below, our Website uses cookies which may collect information about your browsing activities and preferences.

We typically do not collect Special Categories of Personal Data (such as health, biometrics, etc.) or data about criminal convictions. The only sensitive data we might hold is verification documents if you provide ID for age or fraud checks.

2. How We Collect Data

Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or corresponding with us. This includes when you:

  • Create an account on our Website.
  • Place an order or sell wine via our platform.
  • Subscribe to our newsletter or publications.
  • Request information or marketing to be sent to you.
  • Enter a competition or promotion.
  • Give us feedback or contact us by phone/email.

Automated Technologies: As you interact with our Website, we automatically collect Technical/Usage Data. We collect this data using cookies, server logs, and other similar technologies. (See Cookies section below for details.)

Third Parties: We may receive personal data about you from various third parties, for example:

  • Analytics providers like Google Analytics (outside the EU, but in compliance via standard protections) - providing aggregated info on how users interact with our site.
  • Contact and Transaction data from partners we work with (e.g., if you use a concierge service or app that connects to our shop).
  • Identity and Contact data from third-party verification services or publicly available sources, for example if doing due diligence for high-value transactions or anti-fraud checks.

3. How We Use Your Information

We will only use your personal data where the law allows us to. Common uses include:

To Fulfil Contracts: When you buy or sell wine with us, or use our storage, we process your personal data to perform our contract with you. This includes:

  • Processing and delivering your orders (identity, contact, financial data for payment, delivery address for shipping) and providing services like storage (we use your data to maintain your account and inventory).
  • Communicating with you about orders, pickups, deliveries (e.g., sending order confirmations, delivery notifications).
  • Administering payments, fees, and charges.

Legitimate Interests: We process data as needed for our legitimate business interests, provided those are not overridden by your rights. For example:

  • Customer Service: Keeping records of your purchases and preferences helps us assist you better (like recommending wines or resolving issues with your order history).
  • Marketing: We may send you marketing about similar products or services you’ve shown interest in. We have an interest in promoting our business. (We will always provide an opt-out and honour your preferences.)
  • Improving Our Services: Using analytics to improve our website functionality, product selection, and user experience falls under our interest to operate an efficient and user-friendly business.
  • Preventing Fraud and Misuse: We may use personal data to keep our platform secure, prevent fraud, and enforce our terms (e.g., verifying age to prevent underage purchases, monitoring for suspicious transactions).
  • Asset Management: In the context of fine wine storage and broking, maintaining accurate provenance and ownership records for wine (including linking wines to customer accounts) is in both our and our clients’ interests.

Legal Obligations: In some cases, we need to process data to comply with a legal obligation:

  • We keep transaction records to satisfy tax and accounting laws.
  • We might have to share information for law enforcement requests or HMRC compliance (for example, under bond records).
  • Under UK alcohol sale laws, we must take reasonable steps to verify age (18+) for customers - this might involve checking publicly available data or requesting ID, which is a legal requirement.

Consent: Generally we do not rely on consent for most data uses, as the above grounds cover them. However, we will ask for your consent in certain circumstances:

  • Sending marketing communications by email or SMS to a new customer who hasn’t bought anything yet (or similar scenarios where consent is required by e-privacy laws).
  • Placing certain non-essential cookies on your device (see cookie consent section).
    If we are processing based on consent, you have the right to withdraw that consent at any time.

4. Disclosure of Your Information

We share your personal data with third parties only for the purposes described above and with adequate protection. Key examples:

  • Warehousing and Logistics: We share necessary info with Octavian (our warehouse) - e.g., your name and client ID linked to your stored wines, or your address if you’re collecting there. Also, with delivery companies/couriers for shipping (they get your name, address, phone, and maybe email for notifications).
  • Payment Processors: If you pay online, your card details go directly to our payment processor (PCI-DSS compliant) - they only let us know if payment succeeded. If we take card by phone, we enter it into a virtual terminal, and do not record it beyond that transaction.
  • Service Providers: IT companies providing us website hosting, CRM or email newsletter tools, analytics services, etc. We require these providers to respect security of data and use it only per our instructions.
  • Professional Advisors: Our accountants, lawyers, or insurers might need data if, for example, we audit accounts or handle a legal claim. They are bound by confidentiality.
  • Government or Regulatory: If required, we may share data with HMRC (especially regarding bonded goods, AWRS checks), law enforcement, or regulatory bodies. For instance, under the Alcohol Wholesaler Registration Scheme, trade customers buying duty-unpaid might share their AWRS number - we would verify that as required.
  • Business Transfers: If FFW is involved in a merger, sale, or acquisition, your data may be transferred to the new owner under continuity of service. In such case, we’d ensure your rights remain protected and you’re informed.

We do not sell your personal information to third parties for marketing. We may sometimes send marketing on behalf of a partner (like an event by a winery) but that communication would come from us, and your details wouldn’t be handed to the third party without your consent.

5. International Data Transfers

Our operations are UK-based. However, some of our external providers (like cloud services or email platforms) might store data on servers outside the UK or European Economic Area (EEA). Whenever we transfer your data internationally, we ensure a similar degree of protection by:

  • Transferring to countries that have been deemed to provide an adequate level of data protection by the UK (or EU as applicable), or
  • Using specific contracts approved for use in cross-border data transfers (Standard Contractual Clauses) which give personal data the same protection it has in UK/EU.
    We can provide a copy of relevant safeguards if required. (As of the date of this policy, our main website hosting is UK-based, but for example our email newsletter service might be US-based - in that case, SCCs or the UK equivalent are in place.)

6. Data Security

We implement a range of security measures to protect your data:

  • Encryption: Our website uses HTTPS (SSL/TLS encryption) to secure data in transit. Sensitive information (like payment details) is handled via secure forms.
  • Access Control: Personal data is accessible only to those in our team who need it for their job (for example, our sales and support staff can see your order history to help you; our warehouse coordinator sees your storage records). All such staff are trained on confidentiality.
  • Secure Storage: Digital data is stored on secure servers with firewalls. Physical records (if any) are kept in locked cabinets with restricted access.
  • Password Practices: If you create an online account, you are responsible for keeping your password confidential. We encourage using a strong, unique password. We do not have access to your password (it’s stored hashed).
  • Testing: We periodically test and evaluate our security measures, and we have procedures to deal with any suspected data breach. In the unlikely event of a breach that risks your rights, we will notify you and regulators as required.

7. Data Retention

We will keep your personal data only as long as necessary to fulfil the purposes we collected it for, including for satisfying legal, accounting, or reporting requirements.

  • For customers, we typically retain your core account information and transaction history for at least 7 years from your last transaction, because of tax laws and in case of any disputes (the statute of limitations for contract claims can be 6 years in UK).
  • If you simply signed up to our newsletter, we keep your contact details until you unsubscribe or ask us to delete them, with periodic reviews.
  • If you close your account or request deletion, we will remove personal identifiers and stop processing your data, except for retaining whatever is needed for legal compliance (e.g., invoices must be kept in records, but we can detach your name if requested and not needed).
  • We also retain information to prevent fraud or abuse. For instance, if someone was banned for fraud, we may keep their info to ensure they can’t just open a new account.

When we have no ongoing legitimate need to process your personal data, we will either delete or anonymise it. For example, we may anonymise usage data for statistical analysis (so it’s no longer linked to any individual).

8. Your Rights

You have various rights under data protection law regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you (commonly known as a “Subject Access Request”). This will be provided free of charge, without undue delay (within one month, extensible to two if complex).
  • Rectification: You can ask us to correct any incomplete or inaccurate information we hold about you. We encourage you to keep your account info up to date.
  • Erasure: You can ask us to delete or remove personal data in certain circumstances (“right to be forgotten”). For example, if you withdraw consent from marketing, or if data is no longer necessary for the purpose. We will assess each request—sometimes we must retain certain data (e.g., for a live contract or legal obligation).
  • Restriction: You can ask us to suspend processing of your data, for example if you contest its accuracy or you object to us processing it (pending our review).
  • Data Portability: For data you provided to us and which we process by automated means based on consent or contract, you have the right to request that data in a structured, commonly used, machine-readable format, or ask for it to be sent to another party if technically feasible.
  • Object: You can object to our processing of your data where we rely on legitimate interests (including profiling) or where we process for direct marketing. If you object to direct marketing, we will stop immediately. If you object to processing based on other grounds, we will consider your objection and see if our legitimate grounds override your rights.
  • Automated Decision-Making: We do not generally make decisions about you solely by automated means that have legal or similarly significant effects. (For example, we do not have automatic order rejection without human involvement. If this changes, we will inform you and your rights.)
  • Withdraw Consent: If we are processing your data based on consent (e.g., sending promotional emails), you can withdraw consent at any time. This will not affect the lawfulness of processing done before withdrawal.

To exercise any of these rights, please contact us using the contact details in Section 10. We may need to verify your identity before fulfilling certain requests (for your protection).

9. Cookies Policy

What are Cookies? Cookies are small text files that are placed on your device (computer, smartphone, etc.) when you visit a website. They allow the website to recognise your device and store some information about your preferences or past actions.

We use cookies to enhance your experience on our Website - for example, keeping you logged in, remembering what’s in your shopping cart, and understanding how users navigate through our site.

Types of Cookies We Use:

  • Strictly Necessary Cookies: These are essential for the website to function properly. They include, for instance, cookies that enable you to log into secure areas of our site, use a shopping cart, or make use of e-billing services. Without these cookies, services you have asked for (like adding items to your basket) cannot be provided.
  • Functional Cookies: These cookies allow our site to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. For example, we might use a cookie to remember your preferences like sorting order on product listings, or to remember you’ve seen a notification so it doesn’t show every time.
  • Analytical/Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often, and if they get error messages. We use this information to improve how our website works. We might use Google Analytics or similar tools that set cookies to gather anonymised data (e.g., Google Analytics cookies may track page hits, traffic sources). We use these solely to analyze website traffic and user behavior in aggregate - no personally identifiable info is stored in these cookies.
  • Targeting/Advertising Cookies: Currently, our site does not heavily use third-party advertising networks. However, if we do run promotional campaigns or retargeting (e.g., showing you our ads on other sites after you visited ours), cookies would be used to track that. These cookies can record your visit to our site, pages visited, and links followed, and may be used to tailor advertising to you. We might also use cookies to measure the effectiveness of ad campaigns. Any such cookies will only be set if you have given consent through our cookie banner, as they are not strictly necessary.

Third-Party Cookies: Some cookies on our site may be set by third parties:

  • For example, if we embed a YouTube video or an Instagram feed on our site, those platforms might set their own cookies.
  • Social media sharing plugins (like a Facebook “share” button) might set cookies to allow you to share content.
  • Our analytics provider (e.g., Google) sets cookies as mentioned.

We do not have control over third-party cookies, so we recommend checking those third-parties’ cookie and privacy policies for information about their cookies.

Cookie Consent: When you first visit our Website, you will see a banner or pop-up requesting your consent for non-essential cookies (like analytics or advertising cookies). You can choose to accept all, reject non-essential, or customise your preferences. Strictly necessary cookies are exempt from consent (since the site won’t work without them), but you can still block them via browser settings if you really want (though things may break).

If you consented to cookies but later change your mind, you can clear cookies from your browser and adjust your cookie settings on our site (we provide a link or mechanism to change cookie preferences, usually in the footer or account settings).

Managing Cookies: Most web browsers allow you to control cookies through their settings preferences. You can usually set your browser to notify you when a cookie is being set or updated, or to block cookies altogether. For more information on how to manage or delete cookies, visit allaboutcookies.org. However, please note that if you block or delete cookies, our Website might not function as intended - for example, you might not be able to log in or add items to your cart.

Do Not Track Signals: Our Website does not currently respond to ‘Do Not Track’ signals. If a uniform standard is established in the future, we will update our approach.

10. Contact Information

If you have any questions about this Privacy & Cookies Policy or about how we handle your data generally, please contact us:

Data Protection Officer / Privacy Manager
Farthinghoe Fine Wine Ltd
21 Whittall Street, King’s Sutton, Oxfordshire, OX17 3RD

We will do our best to address your inquiry promptly and thoroughly.

11. Updates to This Policy

We may update this Privacy & Cookies Policy from time to time to reflect changes in law or our data practices. When we make changes, we will update the “Last Updated” date at the end of this document. If changes are significant, we may also notify you by email or via a notice on our Website. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Last Updated: August 22nd, 2025.

By using our Website or services after this date, you acknowledge that you have read and understood this Privacy & Cookies Policy. If you do not agree with it, please discontinue use of our services. Your continued use signifies acceptance of this Policy and any updates.