Our Data Protection Compliance Manager is Andrea Murphy (firstname.lastname@example.org).
Please note that links from our website may take you to external websites not covered by this policy. We recommend that you check their privacy policies yourself before submitting any personal information. We will not be responsible for the content, function or information collection policies of these external websites.
What information do we collect about you and how do we collect it?
You are not required (by law or by any contract with us) to provide personal information to us via this website.
Information you provide to us
We may receive personal information about you whenever you contact us, for example, by doing the following:
- Completing our Contact Form
- Using and browsing our website
- Telephoning, texting, writing by post or emailing us
This information may include the following:
- Normal identification information, such as your full name and title
- Contact information, such as your postal address, email address and telephone number
- Your organisation or employer
- Additional information relevant to your use of our site and services, such as your marketing preferences, survey responses and feedback
Information we collect about you on our website
When you visit our website we may collect the following information:
- Which pages you view and which links you follow
- Your IP address and general location
- Details of the hardware and software that you are using to access the site
Our website is not intended for children and we do not knowingly collect data relating to children.
How do we use your personal information?
We take data protection law seriously, so below we have set out exactly how and why we use your information, and what our legal basis is for using your information.
It is necessary for us to process your personal information in order to pursue our legitimate interests, as set out below. For more information about the rights that you have when we process your information on this basis, please see “What rights do you have in respect of your personal information?” below.
Where you contact us (such as through our Contact Form), we may need to use the information that you provide to us in order to interact with you and respond to any communications you send us, and to let you know about any important changes to our business or policies.
Reporting counterfeit issues
Where you contact us via our website to report a counterfeit issue, we may need to use information about you in order to communicate with you and investigate the issue that you have reported.
Making our business better
We always want to offer the best service and experience that we can. Sometimes this means we may use your information to find ways that we can improve what we do, or how we do it.
In this context, we will only use your information where it is necessary so that we can:
- Review and improve our website and services
- Review and improve the performance of our systems, processes and staff (including training)
- Improve our site to ensure that content is presented in the most effective manner for you and for your computer
Verifying your identity
We may use your information where it is necessary for us to do so in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes including in relation to counterfeit products.
Protecting you and others from harm
We may use your information where it is necessary to protect your interests, or the interests of others. This may include in the event of criminality such as identity theft, piracy or fraud.
Who do we share your personal information with?
We share the personal information that you provide to us with our staff so that we can communicate with you effectively, but only with those staff that need to access your information for the purposes set out above.
Where you contact us through our website, we will pass your enquiry to the appropriate person to provide you with a response. In some cases, that person may be based outside the European Economic Area (EEA) and, as such, we cannot guarantee the security of your personal data to the same standards that we adhere to. In such cases, we may ask you if you consent to your details being passed on.
Where you report a counterfeit issue through our website, you have the option to provide us with your contact details. If you do so, we may retain your details on our systems in the EEA, but will not pass your details to any of our Service Providers or Member Brands outside the EEA without your explicit consent.
We will not generally share your personal information with any third parties other than as set out above.
However, there are certain other exceptional circumstances in which we may disclose your information to third parties. This would be where we believe that the disclosure is:
- Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
- Necessary to protect the safety of our employees, our property or the public
- Necessary for the prevention or detection of crime, including in connection with our investigations, and exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.
- Proportionate as part of a merger, business or asset sale, in the event that this happens we will share your information with the prospective seller or buyer involved
How long do we keep your personal information?
Where you get in touch with us using our Contact Form, we will retain your personal information for at least as long as we are in contact with you in connection with the reason for which you contacted us. After that, we may retain your information for a period of 3 years, after which your information will be deleted or anonymised.
Where you use our website to report a counterfeit issue, we may retain your personal information for as long as necessary for the purposes of our investigation of the issue that you have reported, as we may need to contact you further as the investigation progresses. However, where it is possible and where it would not jeopardise our investigation, we will anonymise your personal information so that you can no longer be identified from it (but we will retain the non-identifying information that you provide in your report). In any event, we will not retain your identifiable information in this context for more than a period of 3 years
In all other circumstances, we will keep your information for a period of 3 years, after which we will either delete your information or anonymise it.
How do we protect your personal information?
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
We try to ensure that all information you provide to us is transferred securely via the website (always check for the padlock symbol and “https” at the beginning of the URL). Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website is hosted by GoDaddy in Arizona, USA (which has certified its compliance with the EU-U.S. Privacy Shield) and our database is held on secure servers hosted in Arizona, USA.
We, and our Members Brands and Service Providers, adhere to a robust information security policy to ensure the confidentiality and security of personal data in our day to day operations and use ISO-27001 compliant platforms (such as Office 365) to communicate and transfer information.
What rights do you have in respect of your personal information?
You have the right to be informed
We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about our use of your personal data. We have written this policy to do just that, but if you have any questions or require more specific information, you can get in touch using our Contact Form.
You have the right to access your personal data
You have the right to ask us to confirm whether or not we hold any of your personal data. If we do, you have the right to request a copy of your data as well as information about why we have been using your data, what types of data we hold, who we share your data with and how long we envisage holding your data.
In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs.
You have the right to correct any inaccurate or incomplete personal data
If you believe that we hold incorrect information about you, you may contact us to ask us to correct our records. If you believe that the information we hold about you is incomplete or requires supplementary information to provide context, you may provide us with further information to complete it. In such cases you can contact us so that we can correct or complete our records.
You have the right to be forgotten
You have the right to request that we delete all personal information we hold about you, in the following situations:
- The information is no longer needed for the original purpose that we collected it for
- You withdraw your consent for us to use the information (and we have no other legal reason to keep using it)
- You object to us using your information for the purpose of pursuing our legitimate interests (as set out above) and we have no overriding reason to keep using it
- We have used your information unlawfully
- We are subject to a legal requirement to delete your information
If one of these situations applies and you want us to delete your information, please get in touch using our Contact Form.
You have the right to Data Portability
Where we use automated means to process your information pursuant to a contract between us, or on the basis of your consent, you have the right to obtain a copy of your personal data (or have it transferred to another organisation) in a commonly-used, machine-readable file format. We do not routinely use your information in this way, but if you believe that this applies to you and you wish to exercise this right, please contact us. There is no charge for you exercising this right.
You have the right to object to us processing your information in certain situations
You may object to us processing your information for the purpose of pursuing our legitimate interests (as set out above). We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we must stop using your personal data for these purposes.
In order to exercise your right to object to our use of your data for the purposes above, please contact us.
You have the right to restrict how we use your personal data
You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
- You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this
- You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection
- We have used your information in an unlawful way, but you do not want us to delete your data
- We no longer need to use the information, but you need it for a legal claim
If you believe any of these situations apply, please contact us.
You have rights related to automated-decision making and profiling
You have the right not to be subject to automated decisions (also known as profiling) which substantially affect you. We do not routinely carry out profiling activities, but if you have any concerns or questions about this right, please contact us.
If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.
IFSP conducts investigations around the world into counterfeit goods and the individuals involved in counterfeiting operations (“Investigation Subjects”).
What information do we collect about Investigation Subjects and how do we collect it?
We collect the following information during the course of our investigations:
- Identity and contact information such as full name, date of birth, age, gender, marital status, postal address (business/work and home/residential), email address and telephone number(s)
- Location data including records of known and/or suspected past, present and future locations, but not including real-time geo-location tracking
- Identification numbers
- Information about vehicles owned by or otherwise associated with the Investigation Subjects, including make, model, colour, registration plate, country of location
- Information about criminal offences, charges, convictions and other enforcement action (confirmed and/or suspected) and information about any actual or suspected involvement in criminal activities (namely in respect of the production and supply of counterfeit goods)
- Special categories of personal data, namely nationality (which may reveal racial or ethnic origin)
- Copies of documentation relating to and/or containing any of the above categories of data, to the extent that such documentation is or may prove to be necessary for the purposes of IFSP’s investigation
We may also collect and process further information where this is necessary in connection with our investigations. Such further information is screened upon collection and is only retained to the extent that is necessary in connection with our investigations.
We may collect and develop the information set out above directly in the course of our investigations. We may also be provided with this information by our Member Brands and third party Service Providers, who act on our behalf to assist with our investigations. We may also be provided with this information by members of the public who notify us of potential counterfeiting operations.
How do we use personal data relating to Investigation Subjects?
We use the information set out above for the purposes of preventing and detecting criminal activities (specifically the production and marketing of counterfeit spirits, dry goods and other related products), bringing, and assisting law enforcement agencies to bring, enforcement action against Investigation Subjects and/or organisations in relation to their involvement in counterfeiting activities, and protecting consumers from the potentially serious health risks associated with counterfeit products.
Our legal basis for processing the personal data set out above is that it is necessary for a task carried out in the public interest (the prevention and detection of crime).
Sometimes, we may collect personal data about Investigation Subjects which is not strictly necessary for the purposes of preventing and detecting crime, but which helps our investigations and may assist us in taking prompt action against individuals involved in criminal activities. We have a legitimate interest in processing this data for the purposes set out above.
Where we process sensitive (“special categories”) personal data, or data relating to criminal convictions and offences, we do so on the condition that the processing is necessary for reasons of substantial public interest.
Who do we share personal data relating to Investigation Subjects with?
During the course of our investigations, we may share personal data relating to Investigation Subjects with:
- Our staff
- Our Member Brands
- Our third party Service Providers, who assist in our investigations
- Law enforcement agencies in the relevant territories
We always ensure that the organisations we share personal data with have appropriate measures in place to protect and keep secure personal data. Personal data is only shared with the parties above where it is necessary in connection with the investigation.
In some cases our staff, Member Brands and Service Providers and other organisations that we work alongside may be based outside the EEA. We may share information about Investigation Subjects and our investigations with these organisations where it is necessary for the purposes set out in this policy.
How long do we keep personal data relating to Investigation Subjects?
Where we obtain personal data relating to Investigation Subjects that we consider is not relevant, useful or necessary in connection with our investigations, we will not retain such information.