Privacy Policy

1. Who we are

Barrelheads Ltd ("Barrelheads", "we", "our", "us") is a fine wine and spirits merchant and advisory business registered in England and Wales.

Registered address: 31 Albert Bridge Road, London, SW11 4PX. Company number: 08674671. VAT: GB 172 0395 21. AWRS: XDAW00000116967.

For any privacy-related enquiries, please contact us at orders@barrelheads.co.uk or write to the address above.

2. What information we collect

We may collect the following categories of personal information depending on how you interact with us:

Identity and contact information — your name, email address, postal address, telephone number, and date of birth (for age verification purposes).

Account information — login credentials, programme preferences, dietary requirements, and questionnaire responses when you register as a Private Cellar client.

Transaction information — details of wine purchases, order history, payment references, and invoicing records. We do not store your full card details — payments are processed securely by Stripe.

Communications — records of correspondence between you and Barrelheads, including contact form submissions, emails, and tasting session notes.

Technical information — your IP address, browser type, device information, and browsing activity on our website, collected via cookies and similar technologies.

Age verification — we collect your date of birth solely to confirm you are of legal drinking age before browsing our wine selection. This information is stored as a cookie on your device and is not retained on our servers.

3. How we use your information

We use your personal information for the following purposes:

To provide our services — fulfilling wine orders, managing your Private Cellar programme, delivering tasting notes, scheduling sessions, and processing payments.

To personalise your experience — tailoring wine selections and recommendations based on your questionnaire responses, dietary needs, and preferences.

To communicate with you — responding to enquiries, sending order confirmations, programme updates, and service-related correspondence.

To comply with legal obligations — including age verification for alcohol sales, tax reporting, AWRS compliance, and anti-money laundering regulations.

To improve our website and services — analysing usage patterns to enhance functionality and user experience.

4. Legal basis for processing

Under UK GDPR, we process your personal data on the following legal bases:

Contract — processing necessary to fulfil our obligations under a wine purchase or Private Cellar service agreement.

Legal obligation — processing required to comply with UK alcohol licensing, tax, and regulatory requirements.

Legitimate interests — processing for business purposes such as improving our services, preventing fraud, and maintaining the security of our platform, where these interests are not overridden by your rights.

Consent — where you have given explicit consent, for example when opting in to receive marketing communications.

5. Who we share your information with

We may share your personal information with the following third parties:

Payment processors — Stripe processes card payments on our behalf. Stripe's privacy policy governs the handling of payment data. Revolut Business processes bank transfers for advisory service invoicing.

Hosting and infrastructure — our website is hosted on Vercel. User account data is stored on Supabase (EU region). Both providers maintain appropriate data protection standards.

Logistics and warehousing — London City Bond stores and ships wines on our behalf. We share delivery addresses and order details as necessary to fulfil orders.

Professional advisers — our accountants, lawyers, and auditors where necessary for business operations or legal compliance.

We do not sell your personal information to third parties. We do not share your data for marketing purposes without your explicit consent.

6. International transfers

Your data is primarily stored within the European Economic Area (Supabase EU region). Where data is transferred outside the EEA — for example, to service providers based in the United States — we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK Information Commissioner's Office.

7. How long we keep your information

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically:

Transaction records — retained for 7 years to comply with HMRC requirements.

Account and programme data — retained for the duration of your active relationship with us, plus 2 years thereafter.

Marketing preferences — retained until you withdraw consent or request deletion.

Contact form submissions — retained for up to 12 months.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

The right to access your personal data. The right to rectification of inaccurate data. The right to erasure (the “right to be forgotten”). The right to restrict processing. The right to data portability. The right to object to processing. The right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at orders@barrelheads.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

9. Cookies

Our website uses cookies for the following purposes:

Essential cookies — required for the website to function, including authentication session cookies and age verification confirmation.

Functional cookies — to remember your preferences and improve your browsing experience.

We do not currently use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data transmitted between your browser and our servers is encrypted using TLS. Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. Access to personal data within our organisation is restricted to authorised personnel only.

11. Children

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. All users must confirm they are of legal drinking age before accessing our wine catalogue.

12. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Barrelheads Ltd
31 Albert Bridge Road, London, SW11 4PX
orders@barrelheads.co.uk
+44 7920 745750