Tennents NI Direct Data Privacy Notice

This privacy notice explains how we collect, use and store your personal data, and explains your rights under data protection law.

The controller is Tennents NI Limited, 6 Aghnatrisk Road, Culcavy, Hillsborough, Co Down, Northern Ireland, BT26 6JJ.

If you have any questions about this privacy notice, or how your personal data is processed, please contact our Group Data Protection Officer (DPO) at:

C&C Group plc

Wellpark Brewery
161 Duke Street
Glasgow
G31 1JD

Email - gdpr@candcgroup.com

 

This privacy notice was last updated in April 2026. We may amend this notice at any time. The latest version will be made available on this site, and we’ll contact you if we make any significant changes to it.

In some cases, we may be unable to respond to queries, investigate complaints or provide certain services if personal data is not provided. It’s also important that the information we hold about you is accurate and up to date, so please let us know if anything changes during your relationship with us.

 

  1. How we use your personal data

    Providing and managing our services

    • To meet our operational and regulatory obligations, we carry out identity verification and due diligence checks on new and existing customers. This includes confirming your identity (KYC), verifying business ownership (KYB), screening against sanctions and Politically Exposed Persons (PEP) lists, reviewing adverse media coverage and carrying out credit checks if you apply for credit‑related services. We may also consider other individuals associated with your business as part of these checks.  These activities help us prevent fraud, comply with anti‑money laundering and financial crime laws, and provide our services responsibly.

       

    • We use a third party, GBG, to conduct these checks. As part of this service GBG and its wholly owned subsidiaries will collect and combine personal data about you to help us onboard you safely and quickly. GBG will collect the data you provide to us and combine this with your data that you have provided to other organisations you have interacted with. This form of profiling may be used to generate risk scores or create fraud and/ or identity alerts, insights and reports. 

       

    • During the online account opening journey your biometric data will be processed, when face match and ‘liveness tests’ take place. This is Special Category data as defined in data protection law, which means we and GBG will rely on your explicit consent to process such data. If you do not wish your biometric data to be used, an alternative route is available during the account opening journey.

       

    • GBG operate as an independent controller for the activities outlined above. More information on GBG’s processing, including biometric processing, can be found here: https://www.gbgplc.com/en/legal-and-regulatory/products-services-privacy-policy. Although GBG are a controller, they will only process personal data within the terms of the agreement which is in place with us.

       

    • We use your personal data to process orders, deliver goods and services, manage your account, and handle payments. This is necessary to perform our contract with you.

       

    • We also use your data to help detect and prevent fraud, which forms part of our legitimate interests in protecting our business and customers.

       

    • We use your contact details to respond to queries or complaints as part of our contract with you and to provide good customer service. And if you attend our events, we use your information for event administration and planning.

       

      Marketing and promotional communications

      • We only send direct marketing where you have given consent or where the ‘soft opt‑in’ applies. You can unsubscribe at any time by using the link in our marketing emails, or by contacting our DPO at the contact details above.

      • We may track email engagement (e.g. open rates and clicks) using pixels to understand the effectiveness of campaigns.

         

    • Your personal data is used to administer any prize draws or competitions you enter. Some of these competitions use QR codes, to take you to a web-based entry form. Please note that we use a third-party vendor to provide our QR codes, who may conduct their own analysis of code usage. We also monitor QR code performance, but you cannot be identified from this data.

       

      • We carry out limited profiling to help us decide which products or services may be most relevant to customers. This may involve reviewing past purchases and combining this with other information we hold. We do this under our legitimate interests. You have the right to object at any time - see the ‘right to object’ held in the ‘Your Rights’ section below.

         

      • We use market research to enhance our sites, products, services, and relationships with customers and suppliers. We do this under our legitimate interests to provide our customers with the best possible products and service, and more widely inform research and development within our industry. Any research findings or reports do not identify individuals. You can contact us if you don’t want us to use your personal data for this purpose. For more information, see the ‘right to object’ held in the ‘Your rights’ section below.

         

        Our use of social media

         

        We use social media and online advertising to promote our products and events. We may use the advertising tools provided by these platforms to help show our marketing to customers who are more likely to be interested in it. This can include using information we already hold, or sharing limited customer information with the platform, so it can match this against its user base and display our content and adverts to relevant audiences. Any sharing of personal data is done in a controlled way and in line with data protection law. Social media platforms may also use their own data to identify similar audiences.

         

        You can manage some advertising settings on the social media platforms you use. Please refer to your social media platforms for more information.

        Event photography and videography

        We may capture photographs or videos at our events and share them on our social media channels, internal communications and with trade publications. Signage will be in place at events to inform you when photography or videography is taking place.

        If you ask us to remove social media content that includes your personal data, we will delete or stop using that content where it is under our control. However, where content has been reposted by others or indexed by search engines, we may not be able to remove all copies as these are outside our control.

         

        Running and improving our business

        The purposes outlined in this section are primarily carried out under the lawful basis of our legitimate interests.

         

        • We use your personal data to make sure we give you and other customers the best possible service, and to run effective and efficient systems and processes. This includes developing, testing and improving our systems, sites and services.
        • It’s used for business management, decision-making and planning purposes, to effectively run and protect our business.
        • Your data will be used to help train our staff. For example, through recording the calls made to our customer contact centres.
        • We may send you survey and feedback requests to help improve our products and services. You’re under no obligation to respond or take part if you receive these from us.
        • We monitor our network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
        • We maintain and monitor this website including, but not limited to, traffic data, location data, web logs and other communication data.

          • Legal, safety and regulatory purposes

          • Your personal data will be used to manage service issues or legal disputes involving you, other customers and suppliers, or our own employees, workers and contractors.
          • It’ll be used to help prevent and detect crime, and support the health and safety of our workforce or others. For example, through CCTV systems in place at our sites and on our fleet vehicles. Signage will be in place to tell you where CCTV is operating.
          • We may use it during our accounting and auditing processes and for any regulatory or legal reporting purposes which we must comply with.

            •  

      • Sharing your personal data

        To operate effectively, we sometimes need to share personal data with trusted third parties. We require these third parties to respect the security of your data and to use it legally. Where a third-party is acting as a ‘data processor’, they’ll act solely on our instructions and will only use your information for that specific purpose.

        We may share your data:

         

        • With the other entities within our Group (C&C Group plc), as part of our regular reporting activities on company performance, as part of research findings conducted about our brands and products, in the context of a business reorganisation or group restructuring exercise, or for system maintenance support and hosting of data.

           

        • With companies that help us provide our products and services, for example companies that help us process payments, or fulfil orders and deliver products to you.

           

        • With marketing and media agencies who help us with our promotional activities, such as competitions and prize fulfilment.

           

        • With IT system providers, including data storage providers and their technical support teams, if necessary.

           

        • Governmental bodies, regulators, law enforcement agencies, insurers, our accountants, auditors, legal advisors, debt collection agencies, or court or tribunal services where we must do so to comply with legal obligations, exercise or defend our legal rights, to prevent and detect crime or prosecute offenders, or to safeguard and protect our employees, customers or other individuals.

           

        • If we sell or buy any business or assets, we may disclose your information to the prospective seller or buyer of such business or assets. If we’re acquired by a third party, customer information will be one of the transferred assets so they can continue to provide services to you.

           

           

      • International data transfers

        Your personal data may be transferred to and stored in locations outside the UK and the European Economic Area (EEA). This will typically occur when we use service providers located outside of these areas. Where personal data is transferred, we ensure appropriate safeguards are in place, such as adequacy decisions or contractual protections.

         

        Please contact our DPO if you want to find out more about where personal data is transferred to, or the safeguards we have in place.

         

         

      • How long we keep your personal data

         

        Your personal data is only kept for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any operational, legal or reporting requirements, and in order to defend our legal rights. To decide the right retention period, we consider the purposes for which the data is processed, the amount, nature, and sensitivity of it, the potential risk of harm from unauthorized use or disclosure, and any applicable legal requirements.  

         

        Your personal data is deleted once it’s no longer needed for these purposes.

         

         

         

      • Your data protection rights

      Under data protection law you have a number of rights, which you can exercise by contacting GDPR@candcgroup.com:

      • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
      • Request the correction of incomplete or inaccurate personal information that we hold about you.
      • Request erasure of your personal information in certain circumstances. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
      • Object to processing of your personal information in certain circumstances. You also have the right to object where we are processing your personal information for direct marketing purposes.
      • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
      • Request the transfer of your personal information to another party, known as data portability.
      • Withdraw your consent. In circumstances where your consent is the lawful basis for the processing, you have the right to withdraw your consent at any time.
      • Complain to us about how we’ve handled your personal data or your data rights. You can fill out our complaints form here. This form should not be used for general service complaints relating to C&C Group or its trading entities, nor for general enquiries.

       

      Your right to complain to a data protection regulator

      We aim to collect, use and safeguard your personal information in line with data protection laws and guidance. While we hope that we can resolve your concerns through the complaints process outlined above, you can also raise a concern to a data protection regulator:

      Please note that in due course and as part of the UK Data (Use and Access) Act 2025, individuals are generally expected to raise complaints with us as the data controller before escalating them to the Information Commissioner’s Office (ICO).

      You can find further information and contact details at https://ico.org.uk.