PIG Beer - Online Store Terms &
Conditions of Purchase

Policy Statement
Every day our business will receive, use, and store information about a range of data
subjects, including but limited to customers, suppliers, job applicants, and general enquiries.
This policy sets out how we ensure that this information is processed lawfully and
appropriately, in line with the requirements of the Data Protection Act 2018 and the General
Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously, because we respect your privacy. We will not
sell or otherwise transfer your information to third parties for marketing purposes without
your explicit consent.

About This Policy
Baynhams Brewery Ltd is responsible for ensuring compliance with the Data Protection
Requirements and with this policy. Any questions about the operation of this policy or any
concerns that the policy has not been followed should be referred in the first instance to
Harry Baynham at harry@baynhamsbrewery.com.

What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living
individual who can be identified directly or indirectly from that data (or from that data and
other information in our possession).
Processing is any activity that involves the use of personal data. It includes obtaining,
recording, holding or transferring data; organising, amending, retrieving, using, disclosing,
erasing or destroying it.

Data Protection Principles
As your data controller, we will ensure that your personal data is:
1. Processed fairly, lawfully and in a transparent manner.
2. Collected for specified, explicit and legitimate purposes and any further processing is
completed for a compatible purpose.
3. Adequate, relevant and limited to what is necessary for the intended purposes.
4. Accurate, and where necessary, kept up to date. 

5. Kept in a form which permits identification for no longer than necessary for the
intended purposes.
6. Processed in line with the individual’s rights and in a manner that ensures
appropriate security of the personal data, including protection against unauthorised
or unlawful processing and against accidental loss, destruction or damage, using
appropriate technical or organisational measures.
7. Not transferred to people or organisations situated in countries without adequate
protection and without firstly having advised the individual.

Fair and Lawful Processing
The General Data Protection Requirements are not intended to prevent the processing of
personal data, but to ensure that it is done fairly and without adversely affecting the rights of
the individual.
In accordance with the General Data Protection Requirements, we will only process personal
data where it is required for the following lawful purposes: where the processing is
necessary for performing a contract with the individual, for compliance with a legal
obligation, in the legitimate interests of the business, or where the individual has given their

Processing for Limited Purposes
We have in place detailed policies and procedures for all categories of data subjects. These
will be kept up to date with all Data Protection requirements and are available to data
subjects upon request.

Accurate Data
We will ensure that personal data we hold is accurate and kept up to date. We will check the
accuracy of any personal data at the point of collection and at regular intervals afterwards.
We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.

Timely Processing
We will not keep personal data any longer than is necessary for the purpose or purposes for
which it was collected. We will take all reasonable steps to destroy, or erase from our
systems, all data which is no longer required.

Processing in line with Data Subject’s Rights
We will process all personal data in line with data subjects’ rights, in particular their rights to:
1. Confirmation as to whether or not personal data concerning the individual is being
2. Request access to any data held about them.
3. Request rectification, erasure or restriction on processing of their personal data.
4. Lodge a complaint with a supervisory authority.
5. Data portability.
6. Object to processing, including for direct marketing.
7. Not be subject to automated decision making including profiling in certain

Data Security
We take appropriate and adequate security measures against unlawful or unauthorised
processing of personal data, and against the accidental or unlawful destruction, damage,
loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or
otherwise processed.
We have in place industry-standard procedures and technologies to maintain the security of
all personal data from the point of the determination of the means for processing and point of
data collection to the point of destruction. Additionally, we use a secure connection when
collecting personal financial information from you, which conforms to PCI standards. All
forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol
for encryption.
Wherever possible, we will store all personal data inside the European Economic Area
(EEA). Any time that data is transferred outside the EEA, we ensure that exactly the same
provisions on data security and processing are applied.

Changes to this Policy
Our Privacy Policy may change from time to time. The amended version will be published on
our website and any significant changes will be communicated to you either on the website
or directly. This will replace any previous privacy policy.

  • pigbeeruk
  • pigbeeruk
  • pigbeeruk