Privacy Policy

Introduction Five Rivers Vineyards | Vineyard Consultant ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and protect personal information when you visit our website, use our services, or interact with us. By using our website or providing personal information to us, you accept the practices described in this policy.

Controller Five Rivers Vineyards | Vineyard Consultant is the data controller for the personal data collected via this website. Contact details for data protection enquiries are available on our website.

Information we collect We may collect the following categories of personal data:

  • Identity and contact information: name, job title, company, email address, postal address, telephone number.

  • Transactional information: details of services you request, bookings, purchases, invoices and payment information (note: payment card details are processed by third‑party payment providers; we do not store full card details on our servers).

  • Technical and usage data: IP address, browser and device type, operating system, pages visited, referrer URL, time and date stamps, cookies and similar tracking technologies.

  • Communications: correspondence, enquiries, feedback and any other information you send us by email, contact form or other means.

  • Marketing preferences and consent status.

How we obtain information We obtain personal data directly from you when you:

  • register for or use our services;

  • contact us by email, telephone or via the website contact forms;

  • subscribe to our newsletters or marketing communications;

  • make bookings, purchases or enquiries.

We may also collect information automatically when you use the website (for example via cookies) and, in some cases, receive information from third parties such as analytics providers, advertising networks, or publicly available sources.

Purpose and legal basis for processing We process personal data for the following purposes and legal bases:

  • To provide services, process bookings and manage transactions: necessary for contract performance.

  • To respond to enquiries, provide customer support and manage relationships: legitimate interests and contract performance.

  • To send administrative communications (e.g. booking confirmations, service updates): necessary for performing our contract or to take steps at your request prior to entering into a contract.

  • To send marketing communications where you have given consent or where we have a permitted legitimate interest and you have not opted out: consent or legitimate interests.

  • To improve and personalise our website and services, analyse usage and maintain security: legitimate interests.

  • To comply with legal obligations, enforce our terms and protect rights and safety: compliance with legal obligations and legitimate interests.

If we rely on consent for any processing, you may withdraw consent at any time. Withdrawal will not affect processing already carried out.

Sharing and disclosure of personal data We may share personal data with:

  • Service providers and suppliers who perform services on our behalf (payment processors, hosting providers, email and marketing platform providers, analytics and CRM providers).

  • Professional advisers, auditors and insurers where necessary to obtain advice or manage risk.

  • Authorities, regulators or law enforcement where required by law or to comply with legal processes.

  • Third parties in connection with a sale, merger, reorganisation, financing or acquisition of any part of our business or assets (you will be notified where required by law).

We require third parties to treat personal data securely and only to process it for the purposes we specify.

International transfers Personal data may be transferred to and stored in countries outside the UK and European Economic Area (EEA). Where transfers occur, we will ensure appropriate safeguards are in place such as standard contractual clauses or other mechanisms permitted by applicable law to provide an adequate level of protection.

Data retention We will retain personal data only as long as necessary for the purposes set out in this policy, to satisfy legal, accounting or reporting requirements, and to resolve disputes. Retention periods vary depending on the nature of the data and the purpose of processing; specific retention periods may be provided on request.

Cookies and tracking technologies We use cookies and similar technologies to personalise content, provide social media features, understand how visitors use our website and improve user experience. You can control cookies through your browser settings and many tracking tools provide opt‑out mechanisms. Please refer to our Cookie Notice (if available) for more detail on the types of cookies used and how to manage them.

Security We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. While we strive to protect your data, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

Your rights Depending on applicable law, you may have the following rights in relation to your personal data:

  • Right of access to the personal data we hold about you.

  • Right to correct inaccurate or incomplete data.

  • Right to request erasure of your personal data (right to be forgotten) in certain