The Clydeside Cafe is currently closed for refurbishment - reopening Spring 2025.

Open Today:

Privacy Statement

Privacy Statement

This privacy statement sets out how The Clydeside Distillery (“we”, “us” or “our”) uses and protects any information that you give us when you use this website or are in contact with us (whether by email, telephone, via the forms on our website, through any social media platforms or other applications we use or even face to face).

We are committed to ensuring that your privacy is protected. We therefore conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy statement tells you what to expect when we collect and process your personal information. Where you provide us with personal information then you can be assured that it will only be used in accordance with this privacy statement.

The data controller who is responsible for how we handle your personal information is Morrison Glasgow Distillers Limited trading as The Clydeside Distillery of The Old Pumphouse, Queen’s Dock, 100 Stobcross Road, Glasgow G3 8QQ. Any queries you have in relation to the same should be directed to info@theclydeside.com.

Our website and products are not intended for those aged under 18 and we do not knowingly collect data relating to those aged under 18.

What we collect

We may collect the following information:

  • Details in relation to your identity such as your name where you purchase products or services from us or enquire about them or communicate with us in respect of them or become a member of our membership schemes
  • Contact information including email address and phone number (or social media identity when you are communicating with us through any social media platform) and shipping details for purchases including your postal address
  • Transaction details and history about products and services you specifically request or purchase from us
  • Information from customer surveys and feedback forms in respect of any of our products or services you may have purchased including profile details from documents you complete online such as your preferences and interests
  • Information that you provide to use for the purpose of becoming a member of one of our membership schemes, subscribing to our email notifications or newsletters including any preferences on how you want to receive information from us
  • Information that you provide to us in relation to participating in any of our events or activities and which will include contact and identity details
  • Financial details in relation to any services you request from us or products or services you buy from us including addresses for invoicing/billing and bank payment details (including credit card payment details)
  • Details of visits to our website including traffic data, location data, weblogs and other communications data and resources you access or use and details of the technology you use to access our resources

Given the nature of the services we provide it is extremely unlikely that we will require to collect any sensitive data about you. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Where we do require to process such sensitive data to provide services to you we will notify you in advance and will request your express consent in writing to process such sensitive data unless there is some other legal reason which allows us to hold such data. For example, we may request dietary requirements where any event you attend is a catered event but in that case, we will try to ensure where possible that we take details of numbers with special dietary requirements rather than names.

If you do not wish us to collect any of the personal information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information or of providing partial or incomplete information and the effect this may have on our ability to provide our services.

What we do with the information we gather

We are subject to the General Data Protection Regulation and the Data Protection Act 2018 as both are amended by the EU (Withdrawal) Act 2018 and the Data Protection, Privacy & Electronic (Amendments etc) (EU Exit) Regulations 2019 (said amendments being referred to as “UK GDPR”) and any amendments to either the GDPR or UK GDPR from time to time (both of which together with any further amendments from time to time are collectively hereafter called “the Data Protection Laws”).Our legal basis under UK GDPR for processing your personal data will be either performance of a contract with you, legal obligation or that such processing is in our legitimate interests in respect of running our business including developing our services, ensuring security and performance of our website and informing our overall marketing strategy.

By law we can only process your information if we can demonstrate the lawful grounds we have for doing so. Currently there are six potential lawful grounds for processing personal information, namely

  • we have your consent;
  • it is necessary for performance of a contract to which you are a party or to take steps at your request prior to entering into such contract;
  • it is necessary for our compliance with a legal obligation;
  • it is in the public interest;
  • it is necessary to protect your vital interests; or
  • that it is in our legitimate interest to do so but only where that interest does not override your interests or your fundamental rights and freedom.

If none of these grounds apply or ceases to apply we must cease processing your personal information immediately. Generally, we will rely on consent, contract, legal obligation or legitimate interest for processing.

 We therefore use your personal information in the following ways:

  • To register you as a customer (where for example you book a tour on line, or purchase products and services from us), maintain our relationship with you and process and deliver products and services to you including recording payments. This will be done based on either contract or legal obligation.
  • To communicate with you regarding any transactions with you.
  • For credit and identity verification and fraud detection in respect of any transactions with you.
  • To comply with our regulatory and legal obligations
  • To establish, exercise or defend any complaints made by or against you or any claims or litigation process raised by either of us against the other including in respect of us resorting to debt recovery or enforcing our terms of business
  • To administer our website and business (including webhosting and support). As doing so is required to run our business, ensure security and performance of your website, its admin and support and to develop or improve our services this will be done based on legitimate interest.
  • To ensure that content from our website is relevant to you and is presented in the most effective manner for you including seeking your views on our products and services. This will be based on legitimate interest as doing so is required include to review the services we supply to you and to inform our overall marketing strategy.
  • To make suggestions and recommendations to you about products or services that may be of interest to you whether by newsletter, email or otherwise

If you have any questions relating to the retention periods we are relying on for processing your data then please contact us for additional information.

How Long Do We Keep Your Information  

We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.

In working out how long we retain personal data we look the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have. By way of example by law we are required to keep accounting records for six years after end of the year in which the last transaction occurred. This means that we will be required to keep some basic client details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic client details and therefore it is not legitimate to also keep information such as your preferences for that period of time.

In case of services requiring payment where we request credit card or other payment account information, this will be used solely for processing payments. Your purchase transaction data is stored only for as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the latest security standards as managed by the PCI Security Standards Council.

If you have any questions relating to either retention periods or more require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.

 

Sharing Your Information

We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy statement. We may share your personal information with the following parties:

  • Service providers who provide us with cloud hosting solutions and IT and administration services such as our webhosting company, our CRM database provider and social media and marketing services provider, which includes Shopify as the online ecommerce platform through which we operate our customer sales including gift vouchers. You can read more about how Shopify use your personal data at https://shopify.com/legal/privacy/);
  • Third party outsourced services providers such as contractors transporting or delivering our products but only to the extent necessary for the provision of the services or payment providers such as our preferred payment provider Worldpay;
  • HMRC and other regulatory authorities who require reporting of our activities by law;
  • Professional advisers such as our lawyers, accountants, bankers and insurers;
  • Debt collection agencies for the purposes of credit control or recovery of any sums due; and
  • Third parties to whom we sell, transfer or merge our business or any part of it;

All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that they are GDPR compliant and in particular that: -

  • They have adequate technical and other measures in place to ensure the security of your personal information;
  • That they only use it for specified purposes;
  • That any employees or contractors who have access to the information are adequately trained and deal with it on a need to know basis only;
  • And that they act only in accordance with our instructions.

 

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure or loss of or damage to your personal information, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you. These include robust procedures for dealing with breaches including incident reporting and notifying the Information Commissioner, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.

Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.

 

Overseas Transfers

Countries outside of the UK do not always have similar levels of protection for personal data as those inside the UK. The law provides that transfers of personal data outside of the UK is only permitted where that country has adequate safeguards in place for the protection of personal data.  Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the UK or may use processors who are based overseas.

Where we use cloud-based services or third-party providers of such services and in either or both circumstances the data is processed outside of the UK that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to our own and in particular one of the following permitted safeguards applies: -

  • The country in question is deemed to have adequate safeguards in place as determined by the UK Regulatory Authorities (which is the case in respect of transfers within the EEA); or
  • There is a contract or code of conduct in place which has been approved by the UK Regulator which gives your personal information the same protection it would have had if it was retained within the UK; or
  • If the overseas transfer is to the United States, then we may only use US Providers that are part of a UK Regulator approved framework which obliges them to give your personal information the same degree of protection it would have had if it were retained within the UK and therefore has adequate safeguards..

If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.

 

How we use cookies

When you visit our website we automatically collect certain information about the device you use to do so (“your device”), including information about your web browser, IP address, time zone and some of the cookies that are installed on your device. Additionally, as you browse the website we collect information about the individual webpages or products that you view, what websites or search terms referred you to the website and information about how you interact with the website. We refer to this automatically-collected information as device information.

We collect device information using the following technologies:

“Cookies” are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org.

“Log files” track actions occurring on the website and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons”, “tags” and “pixels” are electronic files on the website used to record information about how you use the website.

Full details on what cookies we use and how to disable them are included in our cookies policy.

 

Controlling your personal information

You have rights as an individual which you can exercise in relation to the information we hold about you. These rights are:

  • the right to restrict processing of your personal data;
  • the right to rectification or correction of your personal data;
  • the right to object to processing of your personal data;
  • the right of erasure of personal data (also referred to the right to be forgotten);
  • the right not to be subject to a decision based solely on automated processing or profiling;
  • the right to transfer your personal data (also referred to as the right of portability)
  • the right to withdraw your consent to processing your personal data; and
  • the right of access to your personal data.

Additional information about these rights can be found on the Information Commissioner’s website at www.ico.org.uk/for-organisation/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you have provided consent and we are relying on that as the legal ground of processing your personal information and wish to exercise your right to withdraw that consent you can do so at any time by contacting us at info@theclydeside.com.

You may request details of personal information which we hold about you. Any request requires to be in writing and is not subject to any charges or fees. If we do hold any personal information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it has or will be disclosed to;
  • the source of the information (if not you);
  • where possible, the period for which it will be stored; and
  • let you have a copy of the information in an intelligible form

We will respond to a subject access request within 30 days. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex we may take longer than this but shall keep you advised as to progress should this be the case.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

 

Marketing Information

We may provide you with information on services and products that we may provide. In order to optimise your customer experience this may include postal mail, SMS and emails to update you on our latest offers and events. We may also show you content via social media platforms and other external applications such as Facebook and Instagram. This is regarded as marketing activity. We will only market to you where you have: - 

  • Specifically requested marketing information from us; or
  • Previously acquired similar services/goods from us; or
  • Consented by way of ticking a box or opting in to receiving marketing from us.

If you have opted out of marketing, we will not send you any future marketing without your consent.

Each time we market to you we will always give you the right to opt out of any future marketing but would point out that you have the right at any time to ask us not to market to you at any time by emailing us at info@theclydeside.com rather than waiting on a specific opt out.

 

Complaints

We would prefer to resolve any issues or concerns you may have direct with you. If you feel you are unable to resolve matters by contacting us direct or are you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the Information Commissioner who is the statutory body which overseas data protection law. They can be contacted through www.ico.org.uk/concerns.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated on 12th February 2024

JOIN THE VOYAGER CLUB

& be the first to hear about exclusive releases, distillery events, and behind-the-scenes updates.
Sign-Up