Privacy & Cookie Policy

The Glenrothes Privacy Policy

Last Updated: 25^th September 2024

Who we are.

The Glenrothes is owned by Highland Distillers Limited, a private limited company (registered in Scotland No. 158731), and our registered office is at 100 Queen Street, Glasgow G1 3DN.  Processing of personal data relating to The Glenrothes as described in this Privacy Policy is also undertaken by other group companies of the Edrington Group Limited (The Glenrothes’s parent company) – details of these companies can be found here.

In this Privacy Policy Highland Distillers Limited and the relevant Edrington group companies are referred to as The Glenrothes, we, us or our.

The Glenrothes is the data controller in relation to the processing of your personal data described in this Privacy Policy. We have a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you are based in South Africa, we have an information officer who is responsible for our compliance with the relevant legislation. If you have any questions about this Privacy Policy, including any requests to exercise your rights in relation to your personal data, please contact us at the details set out below.
hello@theglenrothes.com

Overview

The Glenrothes is committed to protecting and respecting the privacy of its consumers’ personal data.  Looking after the personal data that we collect on our consumers is a priority for us and we want you to be confident that your information is in safe hands.  We’ve developed this Privacy Policy to let you know:

• What types of personal data we collect;
• How we collect personal data;
• The purposes we collect personal data for, including how we use it to make our products better and to offer better services and experiences to our consumers;
• The circumstances in which we may share it with other organisations that support our operations, including the types of organisations involved;
• Where we store your personal data;
• How long we keep personal data for; and
• The rights and choices you have with regards to your personal data.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

What types of Personal Data do we collect about our Consumers?

• Your name, age/date of birth (including for age verification purposes) and home location(s);
• Your contact details: postal addresses, including billing and delivery addresses, contact telephone numbers and email address;
• Details about payments to and from you and other details of purchases, orders made by you, including your purchase history and ballots you have submitted for the purchase of The Glenrothes products;
• Details of any event or experience invitations or bookings you have made, including details you have provided or we may have collected from you in connection with your attendance at any events or experiences we have arranged with you (such as any accessibility or dietary requirements or other interests related to the event or experience);
• Your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website (Technical Data);
• Information about how you use our website, products and services (Usage Data);
• Your correspondence and communications with The Glenrothes;
• Personal data, which you have may be shared via a public platform (such as on The Glenrothes’ Facebook or Instagram feed);
• Your preferences in receiving marketing from us and our third parties and your communication preferences;
• Information which may be collected or generated by our customer engagement personnel and/or representatives, or when you participate in an online experience, such as:
  • preferences regarding our products and offerings including any "wish list" items regarding preferred The Glenrothes products and experiences and how you share your experiences and passion for The Glenrothes with others;
  • lifestyle preferences and interests such as preferred travel destinations, preferred restaurants / cuisines and whisky and drink preferences / collection;
  • social indicators such as your profession and connections;
  • engagement data such as when you open or click on our emails, how long you have been a consumer of The Glenrothes, and how you interact with our personnel /representatives;
  • communication channel preferences (e.g. social media handles and app-based messaging) such as LinkedIn, Facebook, Twitter, WeChat and WhatsApp;
• Information about any experiences, gifts, special invitations or benefits made available to you;
• Your feedback and survey responses; and
• Online browsing activities on The Glenrothes website.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Other than the data listed above, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, biometric data). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (e.g. to provide you with goods or services). In this case, we may have to cancel a purchase or experience you have with us but we will notify you if this is the case at the time.

How do we collect your personal data?

We collect your personal data by different methods, including:

• Direct interactions: This includes personal data you provide when:
  • you subscribe to receive our newsletter;
  • You subscribe to The Glenrothes LINE channel in Taiwan;
  • you create an account on our website or participate in one of our online experiences;
  • you enter a ballot or competition related to The Glenrothes or one of The Glenrothes’ products;
  • you register interest in a product;
  • you attend one of our events, visit one of our sites (e.g. our distillery) or you avail of one of our experiences (e.g. whisky tastings, dining and food, and other bespoke or exclusive experiences);
  • you interact with one of our Private Client Relationship Managers (PCRMs), brand ambassadors or other representatives;
  • you communicate with us through telephone, text messaging, or other app-based or social media direct messaging; and
  • you contact us, for whatever reason.
• Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We may also gather statistical information on emails sent to you (e.g. opens, clicks, delivery rates, unsubscribes and forwards). This helps us to assess and improve email performance and our engagement with you. We collect this personal data by using cookies, pixels and other similar technologies. Please see our Cookies Policy for further details.
• Third party sources of information: We may obtain information about you from following third party sources:
  • where you interact with a third party acting on our behalf (e.g. a representative of one of our distributors or joint venture partners);
  • our professional advisors (e.g. lawyers, accountants and bankers); and
  • publicly available sources (e.g. how you share your experiences and passion for The Glenrothes with others on social media and retailers of The Glenrothes).
• Technical Data: We also collect Technical Data from the following third parties:
  • analytics providers (such as Google based outside the UK and/or EU);
  • advertising networks; and
  • search information providers.

How do we use your personal data?

The Glenrothes (and trusted partners and service providers acting on our behalf) use your personal data:

• To provide you with information, products or services that you request from us, or which we feel may interest you. This is only done when you’ve given your consent to be contacted by us, or where we are permitted to contact you in accordance with data protection law (such as where you have not opted-out of receiving such information from us at the time of making a purchase from us);  
• We may send you personalised communications based on your preferences, and engagement with The Glenrothes products, services or experiences;
• To verify your identity and your age;
• For crime and fraud prevention, detection and related purposes;
• To enable The Glenrothes to manage any customer service interactions with you;
• To ensure that our web content is presented in the most efficient way for you and your computer;
• To allow you to participate in interactive features on our website, when you choose to do so; and  
• Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

The Spirit of Rothes

By signing up to the Spirit of Rothes community, you will automatically be assigned preferences to receive email communications on topics such as:

• Partnerships
• Product releases
• Events
• Experiences
• Regional communications
• Distillery updates

You can review what types of  communications you have been assigned to receive and update them at any time (e.g. to only receive emails on whisky releases) via the communications preference centre by logging into your account on our website. 

Understanding our consumers better

The Glenrothes will also use the personal data that we receive or collect about certain aspects of our consumers to understand our customer profile better and to engage with our consumers more effectively.

This will involve using this personal data to consider our consumer's preferences, characteristics, interests and activities, purchase habits and engagement with The Glenrothes brand and products. In identifying this information we will use it to better understand the habits, preferences and profiles of our most valued consumers and to identify categories of valued consumers that we can better engage with and better tailor their experience of The Glenrothes product and brand.

Based on this better understanding of our most valued consumers, The Glenrothes will determine how we can improve the products, services and experiences it makes available to its consumers, how we can improve our interactions and engagement with consumers, and to assess eligibility of our most valued consumers for special invitations, experiences, and other benefits. 

This processing may continue so long as you have a relationship with The Glenrothes. This means that the way in which we provide products and services to you, interact and engage with you, or provide any special invitations, experiences and benefits to you, may change over the course of our relationship with you. 

You can ask us at any time to stop sending you marketing communications, or using your personal data for marketing purposes (including profiling) at any time. Please see the section below entitled "What are your rights?" for further details.

What is our legal reason for holding your personal data?

Data Protection Laws require us to state our legal reason for processing your personal data.   

Where we have requested your consent, we will rely on this consent to send you marketing communications about The Glenrothes. We may also send you marketing communications about The Glenrothes where you have requested information from us or made a purchase and you have not opted out of receiving such communications.

You can withdraw your consent to, or opt-out of, receiving these communications at any time by using the unsubscribe button included in the communications we send you, by contacting The Glenrothes representative that you provided your consent to, or by contacting us hello@theglenrothes.com. Where you opt out of receiving marketing communications, this will not remove any personal data provided to us as a result of a purchase that you have made. 

The Glenrothes also collects and uses your personal data because it is necessary for:

• the pursuit of our legitimate interests (as set out below);
• the purposes of complying with our duties and exercising our rights under a contract for the sale of goods or services to a consumer; or
• complying with our legal and regulatory obligations.

Our Legitimate Interests

The normal legal basis for processing consumer data, is that it is necessary for the legitimate interests of The Glenrothes, including:

• selling and supplying goods and services to our consumers;
• protecting consumers, employees and other individuals and maintaining their safety, health and welfare;
• promoting, marketing and advertising our products, services, events, experiences and brand partnerships;
• understanding our consumers’ behaviour, activities, preferences, and needs, including through the use of profiling;
• improving existing products and developing new products;
• providing experiences, special invitations and other benefits to our most valued consumers;
• handling consumer contacts, queries, complaints, or disputes; and
• preventing, investigating and detecting crime, fraud, or anti-social behaviour and prosecuting offenders.

Where we process your personal data in pursuit of our legitimate interests, you have the right to object to us using your personal data for the above purposes. If you wish to object to any of the above processing, please contact us at hello@theglenrothes.com. If we agree and comply with your objection, this may affect our ability to undertake the tasks above for your benefit.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies, we use please see our Cookies Policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require any further information on how the processing for the new purpose is compatible with the original purpose, please contact us using the details below.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

What are your rights?

You have a number of rights under Data Protection Laws in relation to how we process your personal data, namely:

• to access your personal data (commonly known as a "data subject access request") – this enables you to access the personal data we hold about you and to receive confirmation of how we are processing it;
• to have your personal data rectified if it is inaccurate or incomplete – this enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us;
• in certain circumstances, to have your personal data deleted or removed – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. Please note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• in certain circumstances, to restrict the processing of your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios:
  • if you want us to establish the personal data's accuracy;
  • where our use of the personal data is unlawful but you don’t want us to erase it;
  • where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your personal data (see below) but we need to verify whether we have overriding legitimate grounds to use it,
• a right of data portability, namely to obtain and reuse your personal data for your own purposes across different services. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you initially provided consent for us to use or where we used the information to perform a contract with you;
• to object to the processing of your data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
• not to be subject to automated decision-making (including profiling), where it produces a legal effect or a similarly significant effect on you;
• the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent and
• to claim compensation for damages caused by a breach of the Data Protection Laws.

If you wish to exercise any of these rights, please contact hello@theglenrothes.com, or The Glenrothes representative with whom you normally deal.

Who do we share your personal data with?

To effectively fulfil our obligations to you, and to provide you with marketing and certain experiences, special invitations and benefits, we use a number of trusted and reliable third parties to carry out functions, which involve the processing of your personal data. These include:

• vendors who will process your personal data on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management vendors marketing service providers, and other cloud-based solutions providers that are used by The Glenrothes in the conduct of its business. We contract with such vendors to ensure that they only process your personal data under our instructions and ensure the security and confidentiality of your personal data by implementing the appropriate technical and organisational measures for such processing;
• vendors that process your personal data in order to assist us to better understand our consumers and how we can improve our consumer engagement, such as HubSpot and Salted Stone;
• marketing service providers that administer services on our behalf, such as sending communications to our consumers, administering any promotions or ballots which we run; and
• translation service providers that administer services on our behalf, such as translating communications received and sent in different languages;
• other agencies and fulfilment partners to administer events, competitions. experiences, brand programmes and other special invitations and benefits.
• our professional advisors (e.g. lawyers, accountants and bankers);
• other entities in The Glenrothes group of companies; and
• The Glenrothes's third party distributors, joint venture partners, or airport boutique operators.

We may provide information to others (such as governmental or law enforcement agencies) in the good faith belief that such action is necessary to: (i) enforce or apply our Terms and Conditions; (ii) comply with any legal claims raised against The Glenrothes; (iii) protect the rights, property or safety of The Glenrothes; or (iv) protect the rights, property or safety of the public.

If The Glenrothes becomes involved in a merger, acquisition, bankruptcy, or other transaction involving the sale of some or all of our business or assets, user information, including personal data collected from you through your use of our website, could be included in the transferred business or assets. Should such an event occur, we will use reasonable means to notify you, either through email and/or a prominent notice on our website. 

Where we store your personal data

We may transfer your personal data outside the United Kingdom and/or EEA. This is primarily to allow us to:

• receive consultancy, marketing and IT services (e.g. cloud storage services, database development and management services, email/webmail services and customer relationship management services) from vendors located in non-UK/EEA jurisdictions, such as the US, South Africa and Australia; and
• provide special invitations, products, services, experiences and other benefits to you, from other The Glenrothes group companies, or selected third party distributors, joint venture partners, or airport boutique operators.

Where your personal data is transferred outside of the UK and/or EEA, we will ensure your personal data is afforded an adequate level of data protections (as required by data protection laws), including:

• by transferring the data to a country that the UK authorities or European Commission have deemed as providing an adequate level of data protection (an "adequacy decision");
• by implementing an appropriate international transfer mechanism under data protection law, such as standard contractual clauses or a data transfer agreement / addendum approved for this purpose by the UK authorities or European Commission;
• by relying on a "transfer derogation" under data protection law (e.g. where the transfer is based on your explicit consent, or is necessary to perform a contract with you); or
• where we are otherwise permitted to make the transfer under data protection law.

Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the UK and/or EEA.

How long do we keep your personal data?

We will not retain your personal data for longer than necessary for the purposes set out in this Privacy Policy, including for the purposes of maintaining our relationship with you as well as satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. 

Different retention periods will apply to different types of data. To determine the appropriate retention period for personal data, we consider any ongoing relationship we have with you, the likelihood you may want to make a further purchase from us in the future, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

When we no longer need to use your personal data, we will remove it from our systems and records, and or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations we are subject to).

In certain circumstances, you can ask us to delete or remove your data (see the section entitled "What rights do you have?" above for further information on your rights).

We may also use your personal data collected by recording phone calls for the following purposes:

1. Account management;
2. Prevention, detection, investigation and prosecution of fraud;
3. Complaint handling and resolution;
4. Measuring the quality of the call;
5. Internal training on call handling.

We have a legitimate interest in retaining calls in order to offer our consumers a good service and to protect our business. If you object to the call recording, you may choose to end the call when you are informed that calls may be recorded. You will have the option to contact us through alternative means. All calls will be retained for a period of one year.

How do we protect your personal data?

The Glenrothes is committed to keeping your personal data safe and secure.  To prevent unauthorised access, maintain data accuracy and ensure the correct usage of personal data, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure the personal data we collect online.

Questions

If you have any questions or concerns about the way in which your Personal Data is processed, please contact hello@theglenrothes.com.

Complaints

You have the right to complain about data protection matters to the Information Commissioner’s Office (ICO).   

The ICO is the UK's independent body set up to uphold information rights.  You can find out more about the ICO on its website (https://ico.org.uk/). The ICO can be contacted by calling 0303 123 1113. 

You can also lodge a complaint with a data protection regulator in the EEA member state in which you are based. 

We would however appreciate the chance to discuss and work with you to address your concerns before you approach the ICO or another regulator, so please contact us in the first instance. 

Changes

The Glenrothes may update this Privacy Policy from time to time as our privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you of any significant changes. However, the last update date is given below and The Glenrothes encourages you to review this Privacy Policy periodically so you remain informed of how we uses your personal data.

Appendix:

Note for US Consumers

If you are based in the US, you may know that, while there is not a federal data privacy law framework, some states have passed data privacy laws. 

• California - CCPA (California Consumer Privacy Act) & CPRA California Privacy Rights Act
• Colorado – CPA (The Colorado Privacy Act)
• Nevada – Consumer Opt-Out Privacy Law (SB 220)
• Virginia - Virginia Consumer Data Protection Act (VCDPA)

In these states, covered organisations are required to provide transparent information to consumers/data subjects about how their personal data is managed, protected and how consumers can exercise rights in relation to their data. 

These requirements are covered in this Privacy Notice but, if you have any additional questions relating to your data, please contact us at;

dataprotection@edrington.com  

The most established of the US state privacy laws is the CCPA/CPRA and additional information is provided for Californian consumers in the table at the end of this appendix.

Additional information

• We do not sell personal data
• You will not be discriminated against should you choose to exercise consumer rights related to your personal data, applicable in your state
• This Privacy Notice is reviewed annually

California Privacy Law - table

This table provides additional information to residents of California and supplements the information provided in the Privacy Policy.

To learn more about the categories of personal data we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it, please see the chart below.

Category	What we collect	How we collect it	Why we collect it	With whom we share it	How long we retain it
Identifiers	Name, mailing address, email address, phone number, and other contact information.  For more information please see the What Types of Personal Data Do We Collect About Our Customers section above.	Collected online or offline when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Name, mailing address, email address, phone number, and contact information.  For more information please see the What Types of Personal Data Do We Collect About Our Customers section above.	Collected online or offline when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Protected classification characteristics under California or federal law	Age.  For more information please see the What Types of Personal Data Do We Collect About Our Customers section above.	Collected online or offline when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Commercial information	Payment information and transactional information such as the products or services purchased.  For more information please see the What Types of Personal Data Do We Collect About Our Customers section above.	Collected online or offline when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Biometric information	Not collected.	N/A	N/A	N/A	N/A
Internet or other similar network activity	IP address, browser type and version, browser plug-in types and versions, operating system and platform, device type and device identifiers  For more information please see the What Types of Personal Data Do We Collect About Our Customers section above.	Collected online when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Geolocation data	Not collected.	N/A	N/A	N/A	N/A
Sensory data	Not collected.	N/A	N/A	N/A	N/A
Professional or employment-related information	Not collected.	N/A	N/A	N/A	N/A
Non-public education information	Not collected.	N/A	N/A	N/A	N/A
Inferences drawn from other personal information	Information generated from your use of our website and your interactions with us reflecting your preferences.	Collected online when you provide it to us, through your use of our website, services, or from third parties.  For more information please the How Do We Collect Your Personal Data section above.	We collect this information for the purposes listed in the What Is Our Legal Reason For Holding Your Personal Data section above.	Shared with our affiliates, partners, vendors, and service providers as described in the Who Do We Share Your Personal Data With section above.	We retain information as described in the How Long Do We Keep Your Personal Data section above.
Sensitive personal information	Not collected	N/A	N/A	N/A	N/A

 

Last Updated: 10^th January 2024.