Privacy Policy

Contents of the Policy

• Summary of how we use your information
• Treasury Wine Estates and your privacy
• Information you give us
• Information collected by us and our use of cookies
• Our use of your information
• Withdrawing consent or otherwise objecting to direct marketing
• How long we keep your information
• Our disclosure of your information
• Your rights in relation to your information
• Security
• Contact Us
• Your California Privacy Rights
• Your GDPR and Other U.S. State Privacy Rights
• Your Rights under the PRC Laws
• Effective Date of Policy

--------------------------------------------------------------

Summary of how we use your information

• We will use your information in order to comply with your requests, correspond with you, administer our competitions and process any wine orders you make with us or with our related companies.
• This information will be shared with our related companies, who are often located outside the EEA.
• Where we rely on your consent (such as to send you marketing), you can withdraw this consent at any time. More details on how to withdraw consent are set out below.

Treasury Wine Estates and your privacy

Treasury Wine Estates Limited and its related entities and brands (TWE, we or us) are committed to protecting the privacy of individuals’ personal information. We will only collect, use or disclose personal information in accordance with relevant laws and this privacy policy. Please do not provide us with your personal information if you are not of legal age to purchase alcohol in the jurisdiction where you live or if you do not agree to the terms in this policy.

Information you give us

You provide us with information about yourself when corresponding with us, entering our competitions, buying our wines or when using or registering on our websites. This may include:

• when you transact with us online, over the phone or in person;
• when you enter a promotion or competition conducted by us (including via our websites or through social media sites);
• when you visit and/or register to use one of our websites or when you participate in discussion boards or other social media functions on our websites; or
• when you contact us to request information or support in relation our company, products or services (including about our brands, shares in our company, product quality, visiting our sites or employment opportunities).

If you buy wine from us online for example, we will require you to provide us with your name, address and phone number so we can process your order and deliver your wine to you. We will also require your date of birth to verify that you are of legal drinking age, and your credit card number to process the sale.

Information collected by us and our use of cookies

Apart from the information you give us directly, we also automatically collect information about you when you visit our websites, including through the use of cookies. Cookies are small data files that are downloaded onto your computer when you visit a particular website. The information we collect is:

• technical information such as your computer’s IP address, hardware type, browser type, device identifier and screen type/resolution;
• any search terms entered on our website;
• general location data based on your device or IP address;
• any technical errors or exceptions; and
• information about your visit such as the products you viewed or searched for, the length of your visit, page load speed, and the pages that you visited.

Cookies help us gather and store information about visitors to our websites. They help our websites remember what you chose on previous pages (to avoid having to re-enter information) and can help us to identify you as a unique visitor, tailor content based on past visitation and provide you with an optimised experience.

We use the following categories of tracking technologies on our websites:

• Strictly Necessary tracking technology- these technologies are essential in order to enable you to move around our websites and use their features.
• Performance related tracking technology- these technologies collect anonymous information on how people use our websites. For example, we use Google Analytics to help us understand how users arrive at our websites, browse or use our websites and highlight areas where we can improve areas such as navigation, interface experience and marketing campaigns. The data stored by these technologies never shows personal information from which your individual identity can be established.
• Functionality related tracking technology– these technologies remember choices you make such as the country you visit our websites from, your completion of the age verification check, language preferences and search parameters. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant. The information these technologies collect may be anonymised and they cannot track your browsing activity on other sites.
• Targeting or advertising related tracking technology– these technologies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. These technologies are usually placed by third party advertising networks. They remember the sites you visit and that information is shared with other parties such as advertisers. For example, we use third party companies such as Facebook, Quantcast and Google to provide you with more personalised adverts when visiting other websites and social networks. A mix of first party and third party cookies are used.
• Social Media related tracking technologies- these technologies allow you to share content from our websites on social media such as Facebook and Twitter, or use your login to these social networks to verify your age when visiting our websites. These technologies are not within our control. Please refer to the respective privacy policies for how their technologies work.
• Commerce related technologies– these technologies are essential in order to enable a functional online shopping experience across our websites, stores and payment/checkout. They keep track of what products and quantities are in your shopping cart, your membership level, your country / state (if applicable for tax or shipping compliance reasons) and any coupons or discounts you are utilising.

If you prefer not to receive cookies you can adjust your Internet browser to refuse cookies or to warn you when cookies are being used. However, some parts of our websites will not function if cookies are turned off. We therefore strongly recommend that you leave cookies fully functional. For more information about cookies please see https://www.allaboutcookies.org/cookies/.For information about how to manage cookies, including how to disable cookies in most Internet browsers, see here. You can also opt-out of targeted ads from Facebook and Google by visiting

www.facebook.com/help/568137493302217

or

https://support.google.com/ads/answer/2662922?hl=en-AU.

For California residents, additional information regarding the categories of personal information we collect is found in the “Your California Privacy Rights” Section below.

For EU or UK residents, or residents of other US states, additional information regarding the purposes of our processing and the data subject rights you may have is found in the “Your GDPR and Other U.S. State Privacy Rights” Section below.

For individuals within the territory of the People's Republic of China (the PRC), additional information regarding the categories of personal information we collect and the details for personal information protection is found in the “Your Rights under the PRC Laws” Section below. If there is any inconsistency between the “Your Rights under the PRC Laws” Section and other sections of this Privacy Policy, the “Your Rights under the PRC Laws” Section shall prevail.

Our use of your information

We will not use your information to carry out electronic marketing unless we have your consent. For example, if you have entered a promotion in relation to our products, we may obtain your consent to send marketing materials about those products. If you receive electronic communications from us, we will always provide you with an opportunity to unsubscribe from receiving further information from us by clicking on the unsubscribe link provided in the communication.

We may use or disclose the personal information we collect for one or more of the following purposes in order to conduct our business and pursue our legitimate business interests (and where required, your consent):

• To fulfill or meet the reason you provided the information. For example, if you provide your personal information to purchase our products, we will use that information to process and manage your order. If you provide your details to apply for a job with TWE, we will use those details to process your application for employment.
• To provide, support, personalize, and develop our Website, products, and services and to help us gain a better understanding of your likes and dislikes in order to improve our websites and the services we offer.
• To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
• To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (where we do not need your consent).
• To allow you to participate in interactive features of our websites and administering our promotions and competitions.
• To verify that you are of legal drinking age in your jurisdiction (if applicable).
• To make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.
• To fulfil a contract we may have with you, such as where you make a purchase from us or enter one of our competitions.
• In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations).
• To produce consumer insights (e.g., general research on our consumers; conduct consumer testing, surveys, and panels; data analytics and modeling).
• As described to you when collecting your personal information or as otherwise set forth in the CCPA or the PRC Personal Information Protection Law.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of TWE's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by TWE about our Website users is among the assets transferred.

In some instances, the provision of information to us is mandatory. If for example you want to buy wine from us and certain personal information is not provided (such as your age, your contact details and delivery address), then we will not be able to fulfil your order. We will always ensure that we minimise the amount of data we collect and will only ask for data that we need to process your request.

TWE will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, and to object to profiling we carry out for direct marketing purposes, at any time. You can do this by following the instructions in the communication (where this is an electronic message) or by contacting us using the details set out below.

How long we keep your information

Generally, we will retain your personal information for the period necessary to fulfil the purposes for which your personal information has been collected (as outlined in this privacy policy) unless a longer retention period is required by law.

Where we process registration information, we retain this for as long as we consider that you are an active user of our sites and for 2 years after this.

Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your information indefinitely so that we can respect your request in future.

Where we process personal information in connection with performing a contract (such as when you purchase wine from us) or for a competition, we keep the information for 6 years from your last interaction with us.

Where we process personal information for site security and/or fraud management purposes, we retain it for 3 years.

Our disclosure of your information

We will not disclose your personal information to third parties except:

• with your consent;
• where we are required or authorised by law to do so, for example to law enforcement agencies;
• where third parties appointed by us require access to personal information held by us to perform services (in which case we require these third parties to keep that personal information confidential and not to use or disclose it for any purpose other than the purpose of performing those services). The types of third parties we may transfer information to include vendors, service providers, agencies and other partners who globally support our business and help us administer certain activities on our behalf, such as providing technical infrastructure services, marketing services, customer service, data hosting and management services, processing credit card payments services for us, and providing logistics and delivery services to help us deliver our products and services; or
• to our related companies in order to operate our global business and in accordance with the law.

We may also transfer personal information to a related company or a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.

In some cases, undertaking the above activities involves transferring your personal information to other countries (including those outside the European Economic Area) for the purposes of data processing and storage (including if applicable, to fulfil any orders you have placed with us). Depending on the location of the brand, winery or office you engage with or register with, transfers are made to the USA, Australia, Japan, Singapore and other countries where we operate. Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, information is adequately protected by EU Commission approved standard contractual clauses. A copy of the relevant clauses can be provided for your review on request to the contact details provided in the Contact Us section. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy policy.

Our websites sometimes contain links to other websites. With the exception of other sites owned by us, we do not control the privacy practices of sites reached through links from our websites. If you have any questions about the privacy practices of those websites then you should contact the relevant companies directly.

Your rights in relation to your information.

Under applicable law, you may be entitled to ask us for a copy of the personal information we hold about you, including to correct, delete or restrict processing of your personal information. In some jurisdictions, applicable law may also entitle you ask us to transmit your data to another controller where the processing is based on your consent carried out by automated means, or entitle you to object to the processing of your personal information in certain circumstances (in , where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing or profiling). However, these rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

To exercise any of these rights, you can get in touch with us using the details set out below.

Security

We take appropriate measures to keep your personal information secure. We have implemented appropriate physical and electronic procedures to protect the personal information we collect. If you have an account with us, you are responsible for maintaining the confidentiality of your account details including your password, and are responsible for any activity under your account. We will not be responsible for any loss arising from your failure to comply with this obligation.

Due to its nature, transmission of information via the internet is not completely secure. Although we will protect your personal data in accordance with this policy, we cannot guarantee the security of any data transmitted to our websites and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorised access.

Contact Us

If you have any questions or concerns about our collection, use or disclosure of personal information, wish to exercise your rights in relation to data protection or you wish to make a complaint in relation to our privacy practices, please visit our privacy portal. If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.

For the purposes of the EU General Data Protection Regulation and the Data Protection Act in the UK, the data controller is Treasury Wine Estates EMEA Ltd of Regal House, 70 London Road, Twickenham, Middlesex, TW1 3QS.

Your California Privacy Rights

If you are an eligible California resident, the California Consumer Privacy Act (“CCPA”) provides you with specific rights with respect to our collection and use of your personal information over the past twelve months. This California Privacy Rights Section supplements this Privacy Policy and applies solely to eligible residents of California as of January 1, 2020. Any terms not defined in this section have the same meaning as defined in the CCPA.

Information We Collect

Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, TWE's Website has collected the following categories of personal information from its consumers within the last twelve (12) months:

A. Identifiers

Collected: Yes

Examples: This category may include: name, postal address, unique personal identifiers, online identifiers, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Under the CCPA, “unique identifiers” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Collected: Yes

Examples: This category may include: name, signature, Social Security number, physical characteristics, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education or employment information, financial account numbers, medical information, or health insurance information.

C. Protected classification characteristics under California or federal law.

Collected: Yes

Examples: This category may include: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex and gender information, veteran or military status, or genetic information.

D. Commercial information.

Collected: Yes

Examples: This category may include: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

E. Biometric information.

Collected: No

Examples: This category may include: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

F. Internet or other electronic network activity information.

Collected: Yes

Examples: This category may include: browsing history, search history, and information regarding interactions with an Internet Web site, application, or advertisement.

G. Geolocation data

Collected: Yes

Examples: This category may include: physical location or movements.

H. Sensory data.

Collected: No

Examples: This category may include: audio, electronic, visual, thermal, olfactory, or similar information.

I. Professional or employment-related information.

Collected: YES (for prospective employees only)

Examples: This category may include: current or past job history or performance evaluations.

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Collected: YES (for prospective employees only)

Examples: This category may include: education records directly related to a student maintained by an educational institution or party acting on its behalf (e.g., grades and transcripts).

K. Inferences drawn from other personal information.

Collected: YES

Examples: This category may include: inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behavior, attitudes, or similar behavioral information.

Please note that some of the categories of personal information described in the CCPA overlap with each other; for instance, your name is both an Identifier and a type of data described in Cal. Civil Code 1798.80(e).

Personal information does not include publicly available information from government records or any deidentified or aggregated consumer information. In addition, the CCPA excludes the following from its scope: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

TWE obtains the categories of personal information listed above directly from you (for example, from forms you complete or products and services you purchase) and/or indirectly from you (for example, from observing your actions on our Website).

Use of Personal Information

We may use or disclose the personal information we collect for the purposes described in the “How We Use Your Information” Section above.

Sharing Personal Information

TWE may disclose your personal information to third parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.

TWE shares your personal information with the categories of third parties listed in the “Our Disclosure of Your Information” section listed above. Specifically, in the preceding twelve (12) month period, TWE has disclosed the following categories of personal information for a business purpose: identifiers; California Customer Records personal information categories; protected classification characteristics under California or federal law; commercial information; internet or other similar network activity; geolocation data; professional or employment-related information (for prospective employees only); non-public education information (for prospective employees only); and inferences drawn from other personal information.

Sales of Personal Information

In the preceding twelve (12) months, TWE has not sold personal information.

Sensitive Personal Information

While some of the information you provide may be considered “Sensitive Personal Information” under the California Consumer Privacy Act (“CCPA”), TWE does not collect or process Sensitive Personal Information from consumers to infer characteristics.

Your Rights & Choices

(a) Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we provide certain information to you about our collection and use of your personal information over the past twelve (12) months. Specifically, you have the right to request disclosure of the categories of personal information and specific pieces of personal information we have collected about you over the last 12 months. Upon the submission of a verifiable consumer request (see Exercising your California Privacy Rights), we will disclose to you:

• The categories of personal information we collected about you;
• The categories of sources for the personal information we collected about you;
• Our business or commercial purpose for collecting that personal information;
• Our business or commercial purpose for which we sold or disclosed that personal information; and
• The categories of third parties with whom we share that personal information.

We will also provide the specific pieces of personal information we collected about you if you also request access to such information (subject to certain exceptions under applicable law). In addition, if we sold or disclosed your personal information for a business purpose, we will also identify: (i) the categories of personal information that we sold about you; (ii) the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom your personal information was sold; and (iii) the categories of personal information that we disclosed about you for a business purpose.

(b) Right to Request Deletion of Personal Information

If you are a California resident, you also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will conduct a reasonable search of our records in order to locate any personal information we have collected about you that is eligible for deletion, and delete such personal information. To the extent we have shared any personal information collected about you with service providers that is eligible for deletion, we will direct those service providers to delete that personal information as well. For the sake of clarity, however, TWE may not be able to comply entirely with your request to delete all of your personal information as set forth under the CCPA. For example, if you placed an order with us, the CCPA allows us to keep records related to these types of transactions in order to complete a transaction for which your personal information was collected. Specifically, we are not required to delete any personal information we have collected about you that is necessary for us and our service provider(s) to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between TWE and you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
• Comply with a legal obligation, such as retaining records for a period of time as set out in local, state, or federal laws.
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided your information.

Following a deletion request, any personal information about you that was not deleted from our systems will only be used for the purposes provided for by the applicable exceptions. Thus, all personal information about you that is not subject to a deletion exception will either be (1) permanently deleted on our existing systems (with the exception of archived or back-up systems maintained for emergency disaster recovery and business continuity purposes); (2) de-identified; or (3) aggregated so as to not be personal to you.

(c) Right to Correct Inaccurate Personal Information

If you are a California resident, you also have the right to request that we correct inaccurate personal information we hold about you, subject to certain exceptions.

(d) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable law, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

(e) Exercising Your California Privacy Rights

To exercise your access and deletion rights described above, please submit a verifiable consumer request to us by either:

• calling us at +01 (800) 974 9916;
• following this link to our online request portal;

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. However, you may make a verifiable consumer request on behalf of your minor child. You can designate an authorized agent to submit a verifiable consumer request on your behalf by having the agent submit a request through the online request portal. Additionally, you may only make a verifiable consumer request for access twice within a 12-month period.

Your verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us.

(e) Response Timing and Format

We will make our best effort to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Within ten (10) days of receiving the request, we will confirm receipt and provide information about its verification and processing of the request. TWE will maintain records of consumer requests made pursuant to the CCPA as well as our response to said requests for a period of at least twenty-four (24) months.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Your Rights Under “Shine the Light”

California's “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing or via our privacy portal.

Children's Privacy

TWE does not knowingly collect, sell or share any personal information from children under the age of 16. If TWE learns that a child under the age of 16 has submitted personal information without parental consent, we will take reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where required or allowed by law. If you believe a child under the age of 16 has provided us with personal information, please contact us as described in Your Rights & Choices, above.

Your GDPR and Other U.S. State Privacy Rights

If another US State privacy law, the European Union’s General Data Protection Regulation (GDPR) or similar laws apply to our collection and use of your personal information, you may have the following rights, subject to any applicable exemptions or limitations:

• The right to access your personal information;
• The right to rectification of inaccurate personal information;
• The right to erasure of your personal information under specific circumstances;
• The right to object, on grounds relating to your particular situation, to your personal information being processed on the basis of legitimate interests;
• The right to request the restriction of processing of your personal information;
• The right to data portability;
• The right to withdraw your consent; and
• The right to lodge a complaint with the relevant data protection supervisory authority.

To exercise your rights described above, please submit a verifiable consumer request to us by either:

• calling us at +01 (800) 974 9916;
• following this link to our online request portal;

Where applicable, you can find contact information for your data protection supervisory authority on the European Data Protection Board's website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.

Legal Basis for Processing

Where applicable under the GDPR or similar laws, the legal basis for our collection and use of your personal information may include any of the following:

• Performance of a contract. We process your personal information as necessary to perform our obligations under any contract with you, such as to complete transactions with you.
• Consent. We may ask for your consent to use your personal information, including if we need your consent to process certain sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing, you may withdraw your consent at any time.
• Legitimate Interests. We have a legitimate interest in using your personal information for our business purposes, including operating, improving and marketing our business, websites and products.
• Compliance with a legal obligation. We may need to use your personal information to comply with applicable legal requirements.

Your Rights under the PRC Laws

About Us

"Your Rights under the PRC Laws" Section shall be applicable to the processing of personal information collected within the territory of the PRC by Treasury Wine Estates (Shanghai) Trading Co. Ltd. and its affiliates ("we"). The “affiliates” refer to the affiliated companies disclosed in the latest annual report of Treasury Wine Estates.

Information We Collect

Under the PRC Personal Information Protection Law, personal information refers to all kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding the information processed anonymously. Sensitive personal information refers to the personal information that is likely to result in damage to the personal dignity of any natural person or damage to his or her personal or property safety once disclosed or illegally used.

Based on the principles of lawfulness, legitimacy and minimum necessity, we collect and use the following of your information through websites, Apps, H5 pages, consumer hotlines, offline written documents and other channels for the sole purpose of this Privacy Policy:

A. Personal information

Collected: Yes

Examples: This category may include:

• Basic information: your WeChat nickname, WeChat profile picture, location, username, name, gender, nationality, date of birth;
• Contact Information: email address, phone number;
• Information required for logistics distribution: postal address;
• Your preferences and interests;
• Information you may disclose when you contact us;
• Login data such as your IP address, your terminal specificities and your logs.

B. Sensitive personal information

Collected: Yes

Examples: This category may include: your credit card number, payment account information, ID Number.

Use of Personal Information

We may use or disclose the personal information we collect for the purposes described in the “Our use of your information” Section above.

Entrustment

To ensure the smooth performance of the services we provide to you, we may entrust third parties such as our business partners to process your personal information. Based on the principles of lawfulness, legitimacy, necessity, specificity and clarity, we will only entrust the third parties to process the personal information necessary to provide the services. The third parties are not authorized to use the personal information for any other purpose.

Transfer of Personal Information

We will not transfer your personal information to any company, organization or individual, except for the following circumstances:

• Obtaining your express consent or authorization;
• In the case of merger, acquisition or liquidation. If personal information is transferred in such cases, the company or organization that newly receives your personal information will continuously be bound by this Privacy Policy. Meanwhile, we will inform you of the name and contact information of such company or organization in a reasonable manner. Otherwise, we will request such company or organization to obtain your consent again.

Public Disclosure of Personal Information

Except as necessary to display the relevant desensitization information when announcing the winning account, or with your separate consent, we will not make public disclosure of your personal information.

Cross-border Transfer of Personal Information

In principle, the personal information that we collect or generate within the territory of the PRC will be stored within the territory of the PRC.

For the need of unified management of TWE, we will share your personal information to third parties located in countries or regions outside of the PRC (such as Australia) to provide relevant services. The privacy-related laws of these countries or regions may differ from those of the PRC. We will comply with the personal information protection laws of the PRC and endeavour to ensure that these third parties who obtain your personal information will provide similar and/or comparable personal information protection measures.

Overseas recipients of cross-border transfer of personal information include:

Name of Overseas Recipient

Treasury Wine Estates Vintners Limited

Contact Information

Privacy@tweglobal.com

Purpose of Processing

Secure backup

Method of Processing

Storage of personal information

Type of Cross-border Personal Information 

Personal information: 

• Basic information: your WeChat nickname, WeChat profile picture, location, username, name, gender, nationality, date of birth;
• Contact Information: email address, phone number;
• Information required for logistics distribution: postal address; 
• Your preferences and interests; 
• Information you may disclose when you contact us; 
• Login data such as your IP address, your terminal specificities and your logs.

Sensitive personal information: your credit card number, payment account information, ID Number.

Name of Overseas Recipient

Authentix, Inc

Contact Information

kent.mansfield@authentix.com

Purpose of Processing

Verify the authenticity of wine

Method of Processing

Storage of personal information

Type of Cross-border Personal Information 

Geolocation information that presents your device location

TWE and Authentix

TWE would be collecting geolocation information (Personal Information) that presents your device location and entrust the processing of such Personal Information to a third-party service provider Authentix, Inc (kent.mansfield@authentix.com) located in the United States of America to process of Personal Information for verifying the authenticity of Wines. Processing methods include collection, storage, use, processing, transmission, deletion, etc. of Personal Information. TWE should not use the above collected Personal Information for other purpose or activity scope than that set forth in this clause, and will not unlawfully disclose, alter, sell, or provide your Personal Information to unrelated parties. TWE will retain your relevant Personal Information within the shortest necessary period (2 months) for the processing purpose unless a longer retention period is required by law.

Security

We have implemented appropriate physical and electronic procedures to protect the personal information we collect as described in the “Security” Section above.

Your Rights & Choices

(a) Accessing, Copying, Correcting or Modifying Your Personal Information

You have the right to access, copy, correct and modify your personal information, unless otherwise provided for by laws and administrative regulations.

(b) Deleting Your Personal Information

You have the right to request us to delete your personal information in the following situations:

• If our purpose of processing has been fulfilled, is unable or no longer necessary to be fulfilled;
• If we cease to provide products or services, or the storage period has expired;
• If you withdraw your consent; and
• If we process personal information in violation of laws, administrative regulations or the agreement.

(c) Obtaining a Copy of Your Personal Information

You have the right to obtain a copy of your personal information. Where technically feasible, for example the data interface can be matched, we may also transfer a copy of your personal information directly to a third party designated by you at your request.

(d) Changing the Scope of Your Consent or Withdrawing Your Authorization

You have the right to change the scope of your consent for us to continue processing your personal information or withdraw your authorization at any time by contacting us.

Please understand that after you withdraw your consent or authorization, we may not be able to continue to provide part or all services related to such consent or authorization and will no longer process your corresponding personal information. However, your decision to withdraw your consent or authorization will not affect the processing of personal information already carried out based on your previous consent or authorization.

(e) Exercising Your PRC Rights Related to Personal Information Protection

To exercise your rights described above, please submit a verifiable consumer request to us by either:

• calling us at +86 21 23130300
• sending us an email to Privacy@tweglobal.com

(f) Response Time and Format

For security purposes, we may require you to provide a written request or otherwise prove your identity. We will respond to your request within 15 working days after we have received your feedback and verified your identity.

In principle, we do not charge any fees for your reasonable requests. However, we will charge certain fees, depending on the circumstances, for repetitive requests that exceed reasonable limits. We may refuse requests that are unwarrantedly repetitive, require excessive technical measures (for example, require the development of new systems or fundamental changes to existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical (for example, involve the backup of information stored on tapes).

Rules for Processing Sensitive Personal Information

We may collect your sensitive personal information, and we will obtain your separate consent before collecting your sensitive personal information.

(a) Necessity of Processing Sensitive Personal Information

The sensitive personal information we may collect includes: your credit card number, payment account information, ID Number. In product sales and other activities, such sensitive personal information will be used for identity verification, transaction confirmation, payment and settlement, delivery, order enquiry, customer service consultation and after-sales service. To protect your transaction security, we will also use it to determine whether there is any abnormality in your transaction.

(b) Impact on Your Rights and Interests

If your sensitive personal information is disclosed or illegally used, it may result in damage to your personal dignity or damage to your personal or property safety.

Please be aware that we have taken strict measures to protect your sensitive personal information from disclosure or illegal use.

In case of security incidents such as personal information disclosure, we will initiate the emergency plan in accordance with the law, and inform you of the relevant situation, impact and measures to be taken by pushing notices, announcements or otherwise.

Protection of Personal Information of Minors

TWE does not collect any data or information concerning persons who are under the age of 18, which is the threshold for legally alcohol drinking and/or purchasing in the PRC. We will try to delete the relevant information as soon as we are expressly aware that the user is under the age of 18.

Please do not provide us with your personal information if you are under the age of 18. Please consciously comply with this integrity obligation so that we can better protect your personal information.

Retention of Personal Information

Generally, we will retain your personal information for the period necessary to fulfil the purposes for which your personal information has been collected (as outlined in this Privacy Policy) unless a longer retention period is required by law.

Where we process registration information, we retain this for as long as we consider that you are an active user of our sites and for 2 years after this.

Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to process your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your information indefinitely so that we can respect your request in future.

Where we process personal information in connection with performing a contract (such as when you purchase wine from us) or for a competition, we keep the information for 3 years from your last interaction with us.

Where we process personal information for site security and/or fraud management purposes, we retain it for 3 years.

After the retention period of personal information expires, we will delete, anonymize the personal information, or process it in other alternative manners approved by laws and regulations.

Scope of Application

“Your Rights under the PRC Laws” shall be applicable to processing of personal information within the territory of the PRC. If there is any inconsistency between the “Your Rights under the PRC Laws” Section and other sections of this Privacy Policy, the “Your Rights under the PRC Laws” Section shall prevail.

Effective Date of Policy

This Privacy Policy is effective and was last updated in December 2022.