Privacy Policy

 

 

Privacy Notice

 

Who are we?

 

We are In Good Company a group of companies incorporated in England and Wales that act as Controllers of your data. The companies are: 

 

In Good Company Brewing Ltd, registered at Companies House under number 11065849. 

Magic Rock Brewing Company Ltd, registered at Companies House under number 07371022. 

Fourpure Ltd, registered at Companies House under number 07777184. 

 

 

Our Data Protection Officer can be reached by emailing dpo@icgbrewing.com. 

All the companies listed above act as joint Controllers of your data, with Fourpure Ltd making a majority of the decision about how your data is processed. 

  

Being a Controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We jointly determine the ways and means of processing your data and must therefore be accountable for it. 

Fourpure Ltd is registered with the ICO under number ZA319004 

Magic Rock Brewing Company Ltd is registered with the ICO under number ZA490842 

We have an intercompany Joint Controller agreement in place to ensure all entities process your data in line with our shared policies and processes. 

 

 

Your Rights

 

As a data subject, you have a number of rights over your personal data under the Data Protection Laws. If you wish to exercise any of your rights, please contact us on dpo@icgbrewing.com. 

 

 

If you want to exercise any of these rights, please just contact us on dpo@icgbrewing.com. 

 

You also have the right to lodge a complaint about our processing with a supervisory authority – in the UK that is the ICO whose details are here https://ico.org.uk/global/contact-us/postal-addresses/

 

‍Data Sharing and Transfers
Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. When data is transferred to the EEA, it is on the basis of adequacy (that the EEA has equivalent data protection regimes as the UK).

 

We do not sell your data to anybody and we do not share it with anyone other than our contracted processors, legal advisors or for reasons where we may be required to by law.

Automated decision Making

We do not use your personal data in any automated processes to make decisions about you.

 

What happens if any of the Controllers change hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

 

In the event any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

 

Changes to our Privacy Notice

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

 

Tell me more

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

 

 

I am a potential corporate client (1)
I am a corporate client (2)
I have bought beer or booked a table with you (3)
I am a potential employee of Fourpure or Magic Rock (4)
I am an employee of Fourpure or Magic Rock(5)
I am just browsing your website(6)
I am a supplier or third party (7)
I have signed up to your newsletter (8)

 

1

Potential Corporate Clients

 

Data that we hold and how we use it
As a potential client, we hold your name, job title and corporate contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our product.


‍Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the change to opt-out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt-out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.

‍Retention Periods
We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

 


 

2

Corporate clients

 

Data that we hold and how we use it

As a corporate client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.

‍Lawful basis for processing
‍Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm.

‍Retention Periods
‍We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of any dispute.



 

3

 

Table bookings and buying beer

 

Data that we hold and how we use it

 

If you have booked a table with us, we will process data to facilitate that booking. That will be your contact details, event details and then an important allergy information that we need to know ahead of time.

If you have ordered beverages online, then we hold your contact details, billing and shipping address and order details. We pass you directly to our billing partners (Stripe, ApplePay and Paypal) for the financial transactions.

If you leave feedback for us or contact us on social media then we will have access to your social media handles.

 

Lawful basis for processing

 

Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we you provide data for your booking. If you share allergy information then we are able to process that based on our obligations under health and safety regulations.

We use contract when we process data to fulfil your online order.

Retention Period

We do not hold booking data in our system.

We hold data relating to orders for 7 years.

 

 

4

Job Applicants

 

Data that we hold and how we use it
‍As a potential employee we process information to help us understand if you are the right fit for the role you have applied for. This will include information such as: Name, CV/Resume, Industry qualifications/experience, Salary expectations, Contact details, Interview notes, References, Educational background/qualifications & pre-employment check results.

‍Lawful basis for processing
‍Our lawful basis for processing your data is a combination of contract, legitimate interest, and legal obligation, depending on the process. On the whole, we are processing the data to create and maintain a relationship with you and test your suitability for the role. As the journey towards onboarding progresses, we are obliged by law to do certain checks, such as your eligibility to work in the UK, or for licensing laws in some roles.


The data we hold on you would have come directly from you or from an agency, where you have applied for the role. If we did not source the data directly from you then we will contact you within one month to let you know the details of processing.
We do not carry out automated decision making on your personal data.

‍Retention Periods
‍We hold data on potential employees for various periods, depending on the situation.

If you were not a good fit for the role and not short listed then your data is deleted as soon as it is no longer needed.
If you were shortlisted, but did not get the role then we keep your data until the successful candidate passes their probation period (6 months).
If you did get the role you applied for then you become an employee and the employee privacy notice will apply.

 


5

Employees

 

If you are an employee of Fourpure or Magic Rock please refer to the People Privacy Notice that is stored on SharePoint / DPO documents. If you have trouble locating this folder please contact dpo@icgbrewing.com.  

 

6

Website Browsing/Cookie Notice


The UK Information Commissioner defines cookies as ‘small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.’ Any browser visiting our site will potentially receive cookies from us or cookies from third parties such as our partners or service providers, like our shopping basket provide, Shopify.

We use two types of cookies: persistent cookies and session cookies. A persistent cookie lasts beyond the current session and is used for many purposes, such as recognizing you as an existing user, so any preferences you have added will be available the next time you visit. Session cookies last only as long as the session. Once you close the page, the cookie is deleted

What Cookies Do We Use?

 

The list of cookies being used on our websites can be found here :
https://fourpure.com/pages/cookie-table

https://www.magicrockbrewing.com/pages/cookie-table

 

 

You will see that the cookies are split into the following categories:

 

Category

Definition

Strictly Necessary

These cookies are necessary for the website or application to function. Without them the site will not work. Or, they provide functionality that the user expects to exist. Or, the cookies enable us to adhere to the GDPR security requirements.

Performance Cookies

Performance cookies are used so we can collect information about how people use our website – for example, the number of users on a website, how long they stay on the site for, and what parts of the site they visit.

 

Functional Cookies

These cookies allow us to provide additional functionality, like the ability to have an online chat function, or to be able to show videos.

Advertising Cookies

These cookies are used to deliver adverts more relevant to our website visitors and their interests. They are also used to limit the number of times a visitors will see an advertisement as well as help measure the effectiveness of our advertising campaigns.

Social Media Cookies

Social media cookies allow users to interact more easily with social media, such as Facebook and Instagram. Where we provide social media links or interactions on our website, such as like or share buttons, and you interact with them, the social media organisation may drop cookies and they will be covered by the Privacy Policy of that organisation. We typically do not receive any personal data collected as a result of such interaction, although we may receive aggregated reports

 

 

Consent for Cookies

 

 

When we want to use any cookie category other than “Strictly Necessary”, we will ask for your consent. This is done via our cookie banner. You can edit your consent options at any time by refreshing your browser cache and revisiting the website so as to trigger the cookie banner again where you can customise your cookie preferences. If we make any changes to the list of cookies that we use, then we will automatically show you the cookie banner then next time you visit our site, so you have full control over the consent you provide.

 

Please note that if you decline cookies using our banner, or set your browser to block cookies, some or all of the website and services may not have full functionality and your user experience may be impacted. The website will work, but only in its simplest form.

 

 

 

.

 


 

7

Suppliers

 

Data that we hold and how we use it

As a supplier, we hold the contact and payment details required to manage our relationship and pay you for the services you provide. This data would have been sourced from you directly.

Lawful basis for processing

Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your date to let you know about other services we might require. Our legitimate interest balancing test indicates that this is a legitimate purpose; we are sure you will want to hear from us when we might require additional services, and it is unlikely to cause you risk or harm. We use contract when we process data to manage our relationship with you (e.g. to pay you).

Retention Period

We hold data on our Suppliers for the length of time that we are engaged together, then another 7 years in case of any dispute.


 

 


 

8

Newsletter

 

When you signed up for our newsletter you provided your name and email address, along with your consent to be contacted. Our newsletters have pixels in them that let us know if they are opened or not. If you do not open emails from us for 12 months then we will delete you from our database.

 

We use consent to send you the newsletter and legitimate interest to process your data for marketing purposes.

 

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in the footer of the email.