Who we are and what we do
We are the global private client office in the rare whisky industry and provide discreet, bespoke services to our international clients. We are based in Edinburgh, Scotland.
Our small team work directly with our clients and act as a Data Controller for the personal information we hold, always acting in line with stated purpose for which it was collected.
What is the purpose of this policy?
This policy describes how we as an organisation ensure that we are safeguarding the personal information entrusted to us. The protection of personal information is extremely important. Failure to safeguard the personal information we hold could result in fines and damage to both our own and our clients’ reputation.
What is personal information and what is our role?
In order to deliver excellent service to our clients and to fulfil our responsibilities to our staff we need to collect and use some limited personal information. Any information we use or we share with a 3rd party that can identify a living person is personal information and we must ensure that the privacy of the individuals is protected.
We use a layered approach to detailing how we protect personal information. We securely hold a register of the personal information we use to allow us to protect it. For our clients and our staff there are supplementary privacy notices with additional specific details and we have this policy that sets out the principles we all follow in everything we do.
What are the principles we follow to protect this personal information?
1) We always handle personal data in a fair, lawful and transparent way
- We always tell individuals or organisations how and why their data is processed in a clear, understandable and open way
- We only ever collect personal information directly from the people involved and only collect information that we need
- We always use the information to treat people fairly and never use it in a way that would be detrimental to the individual
- We are clear that we are allowed to collect and process the information
- We will never sell information to anyone
- We understand that individuals have rights relating to the information we hold about them and will do what we can to help them exercise these rights
2) We always have a specific purpose for any information we use and never go beyond this
- We are clear on why we have collected information and only process data in line with that purpose
- We will only share information with our partners in order to achieve the purpose we have collected it for and if we use partners to help us, they will have in place appropriate technical and organisational measures to protect privacy
- We don’t share our clients’ information
3) We only ever collect the right amount of information to achieve the purpose at hand
- We understand the importance of limiting the amount of personal information we use so we don’t collect it unless we really need it
- By being clear on the purpose of the information we collect, we never collect excessive amounts of information
- We understand that we shouldn’t create a burden on those who supply us with information so we collect enough to achieve the purpose first time in order to avoid needing to go back and ask for more
4) We actively work to ensure the information we hold is accurate
- We make reasonable efforts to ensure information is correct at the point of collection
- We understand information can become out-of-date and replace or remove it over time
- We understand the importance of both the availability and integrity of data alongside confidentiality; we understand that information must be used correctly or it can’t achieve its purpose.
5) We keep information only for as long as we need it for the purpose it was collected
- We are clear when we collect information how long it will be kept for
- We are transparent about our retention policy with our clients and staff
- We have processes in place to securely and permanently delete or destroy information
6) We have appropriate technical and organisational measures in place to ensure information is secure
- We use a mixture of suitable technical, physical and governance measures to secure the information we hold
- We all understand that security is everyone’s responsibility and we all regularly renew our data protection training
- We secure both our electronic and paper information
- We secure our information both at rest with us and on mobile devices
- We understand the relationships and responsibilities between data controllers and processors and ensure anyone processing information for us meets standards equivalent to our own
- We manage any changes to processes or infrastructure to ensure we maintain security of information
How do we store and share information?
We work with a number of partners to deliver our business but we never share any client information.
When we receive data we always store it securely and dispose of it in a way that is secure and consistent with the original purpose. We understand the importance of limiting the time we hold information to allow us to provide service to our clients.
We understand that individuals retain rights associated with the information we hold about them. Not all rights apply in all cases and the details of which data rights apply are included in the privacy notice we supply for the particular data provided to us.
If you would like to exercise any of your personal data rights or if you have any questions about this policy or any data related matter you should contact
Easter Society House,