This Privacy Policy explains how Indie Brewer Ltd (“Indie Brewer”, “we”, “us”, “our”) collects, uses, and protects personal data when you use our website, apps, or marketplace services (together, the “Platform”). We are committed to respecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

• Indie Brewer Ltd
• Registered in Scotland
• Company number: (to be supplied)
• Registered address: IndieBrewer Ltd, Braeview Farm, California, Falkirk, FK1 2DH, United Kingdom
• Contact: [email protected]

Indie Brewer operates an online marketplace that connects breweries, retailers, hospitality businesses, and consumers. We do not sell alcohol ourselves; all sales occur under the licences of participating breweries and retailers.

2. Data we collect

We collect and process the following categories of personal data:

• Account information – name, business name, email, phone number, address, licence or registration details.
• Transactional data – orders, payments, invoices, and communications with sellers or buyers.
• Technical data – IP address, browser type, device identifiers, and log data.
• Analytics data – gathered via Google Analytics and our internal systems to understand usage and improve services.
• Support and correspondence – records when you contact us for help or report a problem.

We do not store payment card details; payments are processed securely by our payment partner Adyen N.V. under their own privacy policy.

3. How we use your data

We use personal data to:

• Provide and operate the Platform and process your orders.
• Verify business and licensing details (for trade users).
• Communicate with you about orders, support, and updates.
• Improve the Platform through analytics and performance tracking.
• Detect and prevent fraud, misuse, or illegal activity.
• Meet our legal and regulatory obligations.

We process data under lawful bases including contract, legitimate interests, and legal obligation.

4. Analytics and cookies

We use:

• Google Analytics to understand site usage trends.
• Internal analytics to monitor platform performance, troubleshoot issues, and improve user experience.
• Cookies and similar technologies for analytics, security, and session management. You can control cookies via your browser settings.

No data collected through analytics is used for advertising or sold to third parties.

5. Access to your data

• Access to personal data is restricted to authorised employees and contractors who need it for legitimate operational reasons (e.g., debugging, technical support, account management).
• Employees do not have access to user passwords or payment card data.
• All access is logged and limited to the minimum necessary.

6. Data sharing

We share data only when necessary to operate the Platform:

• Payment processing via Adyen N.V.
• Analytics via Google Analytics.
• Partner breweries or retailers receive limited order and delivery information to fulfil purchases.
• Regulators or law enforcement when required by law.

We never sell or rent personal data.

7. Data storage and security

We take reasonable technical and organisational measures to protect your information from loss, misuse, or unauthorised access. This includes encryption in transit (HTTPS), access controls, and secure infrastructure hosting.

While no system is 100% secure, we strive to maintain best-practice standards appropriate to our size and the sensitivity of the data we handle.

8. Data retention

We keep personal data for as long as necessary to fulfil the purposes outlined in this policy, including any legal, accounting, or reporting requirements. When no longer needed, data is securely deleted or anonymised.

9. Your rights

Under the UK GDPR you have the right to access, correct, delete, or restrict the processing of your personal data, request portability, and object to certain processing. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any rights, contact us at [email protected].

10. International data transfers

We may use service providers (e.g., Google, Adyen) that transfer data outside the UK or EEA. Where this happens, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are in place.

11. Updates to this policy

We may update this policy from time to time. The most recent version will always be published on our website with the date shown above.