Last updated: June 2026
Person responsible for data protection compliance: Rich Staite, Operations Director.
We collect and process personal data relating to our accounts to manage our customer relationships. We are committed to being transparent about how we collect and use that data to meet our data protection obligations.
We collect and process a range of information about you. This includes:
In accordance with Data Protection laws, our legal basis for collecting and storing such personal information is that such processing is necessary for our legitimate interest in running and promoting our business and portfolio of brands. Whilst Shiner does not routinely obtain consent as the legal basis upon which it stores and processes personal data, it will, if necessary, and to the extent required by Data Protection laws, obtain the consent of the data subject to hold and process personal information. If consent is provided it can be withdrawn by the data subject at any time.
We collect this information when you sign up to for a Shiner account and is updated accordingly each time you make a purchase.
Data will be stored in a range of different places; internally on our ERP (Enterprise Resource Planning), BI (Business Intelligence) and WM (Warehouse Management) systems and externally with our MSP (Mail Service Provider – Mailchimp) and eCom providers (Owtanet) / AWS (Amazon Web Services).
We need to process data in order to notify you regarding B2B purchases and to send you the most relevant and up to date Shiner product mailers. For example, if you have purchased a Protection product, you will be included in any future Protection mailers.
Your information may be shared internally, including with the Company Directors, your account manager, members of the Sales, Marketing and IT teams.
We share your data with third parties such as our eCom provider and AWS to service your B2B account and our MSP (Mailchimp) in order to create, plan and send our Shiner mailers.
They will process your data only under our instructions. Some of this information is securely stored outside of the European Economic Area (EEA). The transfer of your personal data is carried out in compliance with the guarantees provided by law.
Our MSP’s privacy policy can be viewed here – https://mailchimp.com/legal/privacy/
Their EU data processing addendum can be viewed here – https://shiner.co.uk/customer-eu-data-processing-addendum/
We do not share your information with any other third parties.
We take the security of your data seriously. We have internal controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. All data is kept secure, with access limited only to those who require the data for the proper performance of their job roles.
Our current third party MSP and eCom providers are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. They have been selected after a rigorous evaluation process and chosen for their security, reliability and competence.
We will hold your personal data in our MSP for the duration of you being an active Shiner customer. Your account information is stored within our internally on our ERP, BI and WM systems for up to 7 years.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact GDPR@shiner.co.uk
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
Shiner is registered with the ICO, with registration number Z7821339.