Privacy & Cookie Policy

Rathfinny Wine Estate are committed to protecting and respecting your privacy. This Privacy Policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which we collect, use and process personal data relating to users (referred to in this policy as “you”) on the Rathfinny website, www.rathfinnyestate.com (“our website”) and related services. We respect and value the privacy of everyone who visits our website and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Information About Us

We are the data controller for the purposes of the Data Protection Act 2018 (the Act), the EU General Data Protection Regulation (GDPR) and any other data protection legislation applicable in the UK from time to time.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details below:

Address: Rathfinny Wine Estate of Alfriston, East Sussex. BN26 5TU.

VAT number: 365171888.

Data Protection Officer: Jamie Everett

Email address: info@rathfinnyestate.com

Telephone number: 01323 870022

This version was last updated on 21st April 2023. We reserve the right to amend this Policy from time to time and in the event that we buy or sell all or part of our business or assets, to disclose personal data held by us to the prospective seller or buyer of such business or assets.

What Does This Policy Cover?

This Privacy Policy applies only to your use of our website. Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

This Policy applies to anybody who browses our webpages or who provides personal data via our shop portal http://shop.rathfinnyestate.com and website www.rathfinnyestate.com. It also applies to those who request communication via our website, orders products via our website, those who post material on our website, and to personal data processed in pursuit of our own marketing and business development efforts. We may also ask you for personal data when you report a problem on our Website.

This policy does not apply to the personal data of our Job Applicants, Employees, Agents and Contractors. The fair, lawful and secure processing of these types of data is governed by other company policies outside the scope of this Policy.

This website is not intended for children and we do not knowingly collect data relating to children.

Information We May Collect From You

We may collect and process the following data about you:

  • Information you give us voluntarily. You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our website, search for a product, place an order on our website, enter a competition, promotion or survey and when you report a problem with our website. The information you give us may include your name, address, date of birth, e-mail address and phone number, financial and credit card information and other personal information.
  • Information we collect about you. With regard to each of your visits to our website we may automatically collect the following information:
    • technical information, including your IP address, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
    • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time);
    • products you viewed or searched for; and
    • page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we receive from other sources. We may receive information about you if you use any other websites we operate or any other services we provide. We may also work with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
  • Cookies. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. Please see our Cookies Policy below for more information.

What Is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

What Are My Rights?

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us as set out above.
  • The right to access the personal data we hold about you as detailed below.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details above.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details above.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

Name, email address and post code: We will keep this data until we stop producing and sending newsletters or until you opt out.

Mailing lists: After registering subscribers will receive emails about the topics they expressed interest in or relevant related items. Any emails will include details on how to unsubscribe or edit their personal details. Users can choose to unsubscribe from Rathfinny emails at any time. They may do this immediately by clicking the “unsubscribe” button at the bottom of emails or by contacting us with details. If users contact us then their removal from mailing lists may not be immediate.

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. We will retain your information for as long as your account is active or as long as needed to supply our products or services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Terms and Conditions.

How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data within the UK and European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.

Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.

If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We may sometimes contract with the following third parties to supply certain products and services.

How Can I Control My Personal Data?

In addition to your rights under the Data Protection Legislation, set out above, when you submit personal data via our website, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

Can I Withhold Information?

You may access our website without providing any personal data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.

You may restrict our use of Cookies. For more information, our Cookie Policy below.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a ‘subject access request’.

All subject access requests should be made in writing and sent to the email or postal addresses shown above.

There is not normally any charge for a subject access request. If your request is “manifestly unfounded or excessive” (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 14 calendar days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How do we use Cookies?

Our website may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of our website and to provide and improve our products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.

By using our website, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our website for tailored advertising, marketing or analytics services. For more details, please refer to the table below. These Cookies are not integral to the functioning of our website and your use and experience of our website will not be impaired by refusing consent to them.

All Cookies used by and on our website are used in accordance with current Cookie Law.

Before Cookies are placed on your computer or device, you will be shown a pop up at the top of the homepage requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our website may not function fully or as intended.

In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our website more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

You decide which cookies we use – We understand that not everyone wants to see targeted adverts or contribute to statistics on website use, so you can configure cookie settings in your web browser. You can find out more about how to do this at the following links:

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

For more information about cookies generally, visit allaboutcookies.org.

For further detailed information on our Cookies policy please contact us.


Cookie Type Name Purpose
Allow Cookies Functional moove_gdpr_popup This will remember that you are happy to allow cookies on our website. This cookie is set to expire after 7 days if accepted.
ModalPop Functional ModalPop Related to the popup modal (unrelated to the cookie message) located throughout the site, typically found on the homepage. This is hidden on interaction. Expires in 1 day.
Shop Functional woocommerce_cart_hash, woocommerce_items_in_cart Helps WooCommerce determine when cart contents/data changes.
Click here to view WooCommerce privacy policy
Shop Functional wp_woocommerce_session_ Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
Click here to view WooCommerce privacy policy
Shop Functional woocommerce_recently_viewed Powers the Recent Viewed Products widget.
Click here to view WooCommerce privacy policy
Shop Functional __stripe_mid, __stripe_sid, m Stripe is used by the Shops payment system. Utilised for payment processing and fraud protection.
Click here to view Stripe’s privacy policy
Shop Functional store_notice Allows customers to dismiss the Store Notice.
Click here to view WooCommerce privacy policy
Google Analytics Tracking _ga Used to distinguish users and expires in 2 years
Click here to view Google’s privacy policy
Google Analytics Tracking _gid Used to distinguish users and expires in 24 hours
Click here to view Google’s privacy policy
Google Analytics Tracking _gat Used to throttle request rate and expires in 1 minute
Click here to view Google’s privacy policy
Google Analytics Tracking -utma This allows Google Analytics to determine unique visitors to our site. The cookie expires 2 years from initial creation or from update of cookie
Click here to view Google’s privacy policy
Google Analytics Tracking -utmb This cookie is used to establish and continue a user session on our site. The cookie will expire 30 minutes from initial creation of from update of the cookie
Click here to view Google’s privacy policy
Google Analytics Tracking -utmc This is used in conjunction with the -utmb cookie to determine whether or not to establish a new session for the user. This cookie will expire once you have closed your session with our website (once you have closed your browser)
Click here to view Google’s privacy policy
Google Analytics Tracking -utmz This cookie is used by google to store where a visitor came from (search engine, search keyword, link). This cookie will expire 6 months from its initial creation or from update of cookie.
Click here to view Google’s privacy policy
AddThis Functional / Tracking _atuvs / _atuvc This is a third-party cookie from AddThis service and will expire in 2 years. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.
Click to see the Share This privacy policy
AddThis Functional / Tracking s_sq / ouid / notice_gdpr_prefs / s_nr / na_id / loc / s_fid / ssc / na_tc / notice_preferences / mus / gpw_e24 / sshs / s_cc / uvc / uid This is a third-party cookie from AddThis service. Up to 5 years expiry dates, with some session based. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.
Click to see the Share This privacy policy
Litespeed cache Functional _lscache_vary This cookie is used to store whether you are logged into the site and what your user role is. It us used to help improve site performance for logged in users. This cookie will expire after 2 days.
Click to see the Litespeed privacy policy
Vimeo Player Functional / Tracking player / vuid We embed videos from our official Vimeo channel. When you press play (or played automatically) Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals.
Click to see the Vimeo privacy policy
Facebook Pixel Functional / Tracking _fbp Used to distinguish and keep track of your unique users.
Facebook Pixel Functional / Tracking _fbc This is only set when a user arrives at your website from an Ad, and the destination URL includes the click identifier "fbclid"
Google Ads Tracking NID 6 months google.com and local variations, e.g. google.de
Click to see the Google Ads privacy policy
Google Ads Tracking __gads 13 months Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking FPAU 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking ANID 13 months EEA UK / 24 months elsewhere google.com and local variations, e.g. google.de
Click to see the Google Ads privacy policy
Google Ads Tracking AID 13 months EEA UK / 540 days elsewhere google.com/ads, google.com/ads/ measurement, googleadservices.com
Click to see the Google Ads privacy policy
Google Ads Tracking TAID 14 days google.com/ads, google.com/ads/ measurement, googleadservices.com
Click to see the Google Ads privacy policy
Google Ads Tracking FPGCLDC 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking _gcl_dc 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking _gcl_au 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking FLC 10 seconds doubleclick.net
Click to see the Google Ads privacy policy
Google Ads Tracking RUL 12 months doubleclick.net
Click to see the Google Ads privacy policy
Google Ads Tracking FPGCLAW 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking FPGCLGB 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking _gcl_gb 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking _gac_gb_ 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking _gcl_aw 90 days Set from partner domain
Click to see the Google Ads privacy policy
Google Ads Tracking 1P_JAR 30 days google.com and local variations, e.g. google.de
Click to see the Google Ads privacy policy
Google Ads Tracking Conversion 90 days www.googleadservice s.com/pagead/ conversion/
Click to see the Google Ads privacy policy
Google Ads Tracking VISITOR_INFO1_LIVE
Google Ads Tracking VISITOR_INFO1_LIVE_ _k 180 days youtube.com
Click to see the Google Ads privacy policy
Google Ads Tracking VISITOR_INFO1_LIVE_ _default 180 days youtube.com
Click to see the Google Ads privacy policy
Pinterest Tracking _pinterest_sess is the Pinterest login cookie. It contains user ID(s), authentication token(s) and timestamps. If the person is logged out, authentication tokens are deleted but we leave the cookie present. We use the logged out user ID(s) to optimise the person’s experience and measurement.
Click to see the Pinterest privacy policy
Pinterest Tracking _pinterest_ct & _pinterest_ct_rt Both are identical. They contain a user ID and the timestamp at which the cookie was created.
Click to see the Pinterest privacy policy
Pinterest Tracking _epik is placed by the JavaScript tag based on information sent from Pinterest with promoted traffic to help identify the user.
Click to see the Pinterest privacy policy
Pinterest Tracking _derived_epik is placed by the Pinterest Tag when a match is identified and no cookies are present, such as Enhanced Match.
Click to see the Pinterest privacy policy
Pinterest Tracking _pin_unauth is a first-party cookie that groups actions for users who cannot be identified by Pinterest.
Click to see the Pinterest privacy policy
Pinterest Tracking _pinterest_ct_ua is identical to _pin_unauth, but as a third-party cookie.
Click to see the Pinterest privacy policy
Pinterest Tracking _routing_id is a first-party cookie that helps ensure our website users are being directed to the latest version of Pinterest.com.
Click to see the Pinterest privacy policy
Hotjar Tracking _hjSessionUser_{site_id} Site id 2092552, 605312 Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjid This is an old cookie that we do not set anymore, but if a user has it unexpired in their browser, we will reuse its value and migrate to _hjSessionUser_{site_id}. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. UUID data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjFirstSeen Identifies a new user’s first session. Used by Recording filters to identify new user sessions. 30 minutes duration, extended on user activity. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjHasCachedUserAttributes Enables us to know whether the data set in _hjUserAttributes Local Storage item is up to date or not. Session duration. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjUserAttributesHash Enables us to know when any User Attribute has changed and needs to be updated. 2 minutes duration, extended every 30 seconds. Content hash data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjUserAttributes Stores User Attributes sent through the Hotjar Identify API. No explicit expiration. Base64 encoded JSON data type.
Click to see the Hotjar privacy policy
Hotjar Tracking hjViewportId Stores user viewport details such as size and dimensions. Session duration. UUID data type.
Click to see the Hotjar privacy policy
Hotjar Tracking hjActiveViewportIds Stores user active viewports IDs. Stores an expirationTimestamp that is used to validate active viewports on script initialization. JSON data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjSession_{site_id} Site id 2092552, 605312 Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. 30 minutes duration, extended on user activity. JSON data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjSessionTooLarge Causes Hotjar to stop collecting data if a session becomes too large. Determined automatically by a signal from the server if the session size exceeds the limit. 1h duration. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjSessionResumed Set when a session/recording is reconnected to Hotjar servers after a break in connection. Session duration. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjCookieTest Checks to see if the Hotjar Tracking Code can use cookies. If it can, a value of 1 is set. Deleted almost immediately after it is created. Under 100ms duration, cookie expiration time set to session duration. Boolean true/false data type.
Hotjar Tracking _hjLocalStorageTest Checks if the Hotjar Tracking Code can use Local Storage. If it can, a value of 1 is set. Data stored in _hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. Under 100ms duration. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjSessionStorageTest Checks if the Hotjar Tracking Code can use Session Storage. If it can, a value of 1 is set. Data stored in _hjSessionStorageTest has no expiration time, but it is deleted almost immediately after it is created. Under 100ms duration. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjIncludedInPageviewSample Set to determine if a user is included in the data sampling defined by your site's pageview limit. 2 minutes duration, extended every 30 seconds. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjIncludedInSessionSample_{site_id} Site id 2092552, 605312. Set to determine if a user is included in the data sampling defined by your site's daily session limit. 2 minutes duration, extended every 30 seconds. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjAbsoluteSessionInProgress Used to detect the first pageview session of a user. 30 minutes duration, extended on user activity. Boolean true/false data type.
Click to see the Hotjar privacy policy
Hotjar Tracking _hjTLDTest We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. Enables us to try to determine the most generic cookie path to use, instead of page hostname. It means that cookies can be shared across subdomains (where applicable). After this check, the cookie is removed. Session duration. Boolean true/false data type.
Click to see the Hotjar privacy policy

Changes to this Privacy Policy

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our website following the alterations. We recommend that you check this page regularly to keep up-to-date.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Jamie Everett):

Email address: info@rathfinnyestate.com.

Telephone number: +44 1323 870022.

Postal Address: Cellar Door, Rathfinny Wine Estate, Alfriston. East Sussex. BN26 5TU.