Fynoderee Privacy Policy

1. Introduction

Fynoderee Limited (trading as The Fynoderee Distillery) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

This privacy notice aims to give you information on how Fynoderee Limited collects and processes your personal data. It is important that you read this privacy notice so that you are fully aware of how and why we are using your data. 


2. Who We Are

Fynoderee Limited is a data controller and responsible for your personal data (collectively referred to as “Fynoderee”, “we”, “us” or “our” in this privacy notice).

We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Manager using the details set out below.


Our full contact details are:

Company Name: Fynoderee Limited

Company Number: 131320C

Postal Address: First Floor, Bourne Concourse, Peel Street, Ramsey, Isle of Man, IM8 1JJ

Data Privacy Manager: Edward Paul Kerruish

Email: paul@fynoderee.com

Telephone: +44 (0)1624 812756


 3. Personal Data We Collect About You

 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different types of personal data about you which is provided by you or which we learn about you from your use of our  services which we have grouped together as follows:


4. Purposes For Which We Will Use Your Personal Data

We require your personal data for the following purposes:

For the processing of your personal data to be lawful we rely upon the following legal bases:

Contract: whereby the processing of your personal data is necessary for the performance of contract we have with you or because you have asked us to take specific steps prior to entering in to a contract

Legal obligation: whereby the processing of your personal data is necessary for us to comply with the law (not including contractual obligations). For example where we are required to provide information to the authorities pursuant to Anti-Money Laundering and Countering the Financing of Terrorism legislation, Licensing legislation or other applicable legislation from time to time

Legitimate interests: legitimate interests of Fynoderee as a business - for example providing you with details of our new products, offers, promotions and newsletters or calculating the demographics of our client base


5. Disclosures of Your Personal Data

We may from time to time have to share your personal data with the third party categories set out below for the purposes set out at section 4 above:

 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. 


6. International Transfers

We should not generally need to transfer your personal data outside the European Economic Area (“EEA”). Should this become necessary, however, for the purposes set out at section 4 above, we will ensure a similar degree of protection is afforded to it by ensuring that we only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.


7. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

We are required to retain certain information for six (6) years from the date that the business relationship has ceased for the purposes of prudent record keeping purposes.

In certain circumstances you can ask us to delete your data - please refer to section 8 below for further information.


8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Further information about these rights are listed below:

You have the right to ask us for information about the personal data that we hold about you and the rationale for the processing of your personal data.

You have the right to request access to your personal data. This is known as a “Subject Access Request” and enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 

We are required by law to respond to Subject Access Requests without undue delay and in any event within one month of the date of the request. Please note that we may extend this period by two further months for complex or numerous requests, provided that we have informed you of the extension and reason for the delay. 

Generally speaking we will not charge you a fee for complying with your Subject Access Request. We are however permitted by law to charge a reasonable fee or refuse to comply with unfounded or excessive requests and where we do not comply with a Subject Access Request we must inform you why this is the case.

You have the right to ask for the rectification of personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although please note that we may need to verify the accuracy of the new data that you provide to us.

In certain circumstances you have the right to ask for the deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to its processing (see “The right to object” below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with the law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

 You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  1. If you want us to establish the accuracy of the personal data
  2. Where our use of the personal data is unlawful but you do not want us to erase it
  3. Where you require us to hold your personal data even if we no longer require it as you

need it to establish, exercise or defend legal claims

  1. Where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to process it

You have the right to ask for your personal data to be transferred to you in a structured, commonly used, machine-readable format to reuse it for your own purposes or to transfer it upon your request to another data controller. This right only applies to personal data which you have provided to us and where our processing of your personal data is based upon the performance of a contract with you (see section 4 above) and is processed by automated means (i.e. electronically). 

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some instances we may demonstrate that we have compelling legitimate grounds to process your personal data which overrides your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.  

We do not use automated decision making or profiling (i.e. any form of automated processing for evaluating individuals). 

We reserve the right to go about age verification of all new customers using their identity data via an online compliance portal for customer due diligence purposes to comply with the law regarding the restriction of the sale of alcohol to person under the age of 18 years.

For further information or to discuss any of your legal rights, or should you wish to make a complaint or a Subject Access Request, please contact the Data Privacy Manager in the first instance via the details set out at section 2 above. 

If you are not satisfied with our response, or you believe that we are processing your personal data not in accordance with the law, you also have the right to make a complaint to the Isle of Man Information Commissioner. Their contact details are set out below:

Postal address: PO Box 69, Douglas, Isle of Man, IM99 1EQ

Email address: ask@inforights.im

Telephone number: 01624 693260

Website: www.inforights.im


9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

If an email communication relates to a matter of significance on which you wish to rely and you are concerned about the possible effects of electronic transmission, you should request a hard copy of such transmission from us. If you wish us to encrypt or password protect all or certain documents that we will transmit to you electronically, you should discuss this with us and we will make appropriate arrangements.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.