Privacy policy

Effective Date: 19 Dec 2025

1. Introduction

Welcome to Caskbase. This Privacy Policy explains how CASKBASE LTD ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use the Caskbase website (caskbase.com) and our B2B platform services.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Privacy and Electronic Communications Regulations (PECR).

Data Controller: CASKBASE LTD 272 Bath Street Glasgow, G2 4JR Scotland

Contact Email: info@caskbase.com Website: caskbase.com


2. Scope of This Policy

This Privacy Policy covers:

  • The Caskbase website (caskbase.com)

  • Our B2B platform for distilleries and warehouses

  • Educational content and learning resources

  • Email communications and newsletters

For the Dramfly mobile app, please refer to the separate Dramfly Privacy Policy.


3. Data We Collect


3.1 Website Visitors

When you visit our website, we may collect:

  • Technical data: IP address, browser type, device information, pages visited, time spent on pages

  • Cookie data: As described in our Cookie Policy


3.2 Newsletter Subscribers

When you subscribe to our newsletter or updates, we collect:

  • Your email address

  • Your name (if provided)

  • Your preferences and interests (if provided)


3.3 Contact Form Enquiries

When you contact us, we collect:

  • Your name

  • Your email address

  • Your message content

  • Any other information you choose to provide


3.4 B2B Platform Users (Distilleries and Warehouses)

When you register for our B2B platform, we collect:

  • Business information: Company name, business address, registration details

  • Account information: Name, email address, job title, phone number

  • Cask data: Information about whisky casks you manage through the platform

  • Usage data: How you interact with the platform

  • Payment information: Billing details (processed by our payment provider)


3.5 Cask Owners (Portal Users)

When you use our cask owner portal, we collect:

  • Your name and email address

  • Your cask ownership records

  • Communication preferences


4. How We Collect Your Data

We collect personal data through the following methods:

  • Directly from you: When you fill out forms, subscribe to newsletters, create accounts, or contact us

  • Automatically: Technical and usage data collected via cookies and similar technologies

  • From third parties: Business information from company registries, referrals from distillery partners


5. Legal Basis for Processing

Under the UK GDPR and EU GDPR, we process your personal data on the following legal bases:

Website analytics: Legitimate Interest, Understanding website usage to improve our services
Newsletter subscriptions: Consent, You opt in to receive communications
Contact enquiries: Legitimate Interest, Responding to your requests
B2B platform accounts: Contract, Necessary to provide our platform services
Cask owner portal: Contract, Necessary to provide cask tracking services
Marketing communications: Consent, You opt in to receive marketing
Essential cookies: Legitimate Interest, Necessary for website functionality
Analytics cookies: Consent, You consent via cookie banner

6. How We Use Your Data


6.1 Website and Marketing

We use your data to:

  • Provide and improve our website

  • Send newsletters and updates (with your consent)

  • Respond to your enquiries

  • Analyse website usage to improve user experience

  • Comply with legal obligations


6.2 B2B Platform

We use your data to:

  • Create and manage your business account

  • Provide cask management and tracking services

  • Generate reports and analytics for your business

  • Process payments and billing

  • Communicate about service updates and changes

  • Provide customer support


6.3 Cask Owner Portal

We use your data to:

  • Provide access to your cask information

  • Send updates about your casks

  • Communicate about maturation progress and bottling


7. Data Sharing

We share your personal data only in the following circumstances:


7.1 Service Providers

We use trusted service providers to help deliver our services:

  • Microsoft Azure: Cloud infrastructure and data storage

  • Email service providers: For sending newsletters and communications

  • Payment processors: For handling B2B platform payments

  • Analytics providers: For website analytics (see Cookie Policy)

All service providers are bound by data processing agreements and only process data on our instructions.


7.2 Business Partners (B2B Platform)

For B2B platform users:

  • Distilleries may share cask data with their registered cask owners through our portal

  • We facilitate data sharing between distilleries/warehouses and their customers as instructed


7.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority.


7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner. We will notify you of any such change.


7.5 No Sale of Data

We do not sell, rent, or trade your personal data to any third parties.


8. Data Storage and Security


8.1 Where We Store Your Data

Your data is stored on Microsoft Azure servers located within the United Kingdom and European Union.


8.2 Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit: All data transmitted is encrypted using TLS 1.2 or higher

  • Encryption at rest: Database encryption using industry-standard methods

  • Access controls: Role-based access and multi-factor authentication

  • Regular security audits: Ongoing monitoring and vulnerability assessments

  • Employee training: Staff trained in data protection best practices


9. Data Retention

We retain your personal data according to the following schedule:

Website analytics: 26 months, Newsletter subscribers: Until you unsubscribe, plus 6 months Contact enquiries: 2 years after last communication, B2B platform accounts: Duration of contract plus 7 years (legal requirement), Cask owner portal: Duration of cask ownership plus 7 years Payment records 7 years (legal requirement)


10. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights:


10.1 Right of Access

You have the right to request a copy of the personal data we hold about you.


10.2 Right to Rectification

You have the right to request correction of any inaccurate personal data.


10.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.


10.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data.


10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.


10.6 Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests.


10.7 Right to Withdraw Consent

Where we rely on your consent, you have the right to withdraw it at any time.


10.8 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.


How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@caskbase.com

We will respond to your request within one month.


11. Cookies

Our website uses cookies and similar technologies. For full details, please see our Cookie Policy.


12. Marketing Communications

We may send you marketing communications if:

  • You have given your consent, or

  • You are an existing customer and we are marketing similar products/services

You can opt out of marketing at any time by:

  • Clicking the "unsubscribe" link in any email

  • Contacting us at info@caskbase.com

  • Updating your preferences in your account settings


13. Children's Privacy

Our services are intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us.


14. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Union.

If we transfer your data outside of the UK or EU, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement (IDTA)

  • Adequacy decisions


15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date

  • For significant changes, we will notify you by email or website notice

  • Where required by law, we will seek your consent


16. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority.

For UK residents: Information Commissioner's Office (ICO) Website: ico.org.uk Telephone: 0303 123 1113

For EU residents: You may contact your local Data Protection Authority.


17. Contact Us

If you have any questions about this Privacy Policy, please contact us:

CASKBASE LTD 272 Bath Street Glasgow, G2 4JR Scotland

Email: info@caskbase.com Website: caskbase.com