Privacy Policy

Last updated: 2026-07-02

This Privacy Policy explains how Online Spirits Club ("we", "us", "our") collects, uses and protects your personal data. We are based in Ireland and serve learners primarily across the European Union and the United Kingdom. We comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Who we are

Online Spirits Club operates https://onlinespiritsclub.com and the associated learning tools. For the purposes of GDPR, we are the data controller. Contact: privacy@onlinespiritsclub.com.

2. Data we collect

Data you give us

  • Account details: email, password (bcrypt hash — never plaintext), display name.
  • Profile: country, city, professional role.
  • Newsletter status: whether you opted in. Always optional.
  • Learning activity: lesson progress, flashcard reviews, quiz scores, minutes studied.
  • Comments: anything you post publicly on lesson pages.
  • Support messages: the content of emails you send us.

Data we collect automatically

  • Technical: rough IP (rate-limiting only), browser and basic device info.
  • Session cookie: signed osc_user HTTP-only cookie.

We do not use advertising cookies, third-party trackers, or behavioural profiling.

3. Why we process your data

  • Provide the service and personalise learning with spaced repetition.
  • Security: detect abuse, rate-limit logins, protect accounts.
  • Communicate: transactional emails and — only if you opt in — the newsletter.
  • Improve the platform using aggregate usage patterns.
  • Comply with legal obligations.

4. Legal basis under GDPR

  • Contract (Art. 6(1)(b)): to run your account and deliver the service.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, improvements.
  • Consent (Art. 6(1)(a)): newsletter and other optional comms — withdraw any time.
  • Legal obligation (Art. 6(1)(c)): where required.

5. Sharing your data

We never sell your data. We share only with infrastructure/email processors under contract (SCCs where non-EEA), or with authorities where legally required.

6. Data retention

  • Account, progress, flashcards, quiz results, comments — while your account is active.
  • Newsletter — until you unsubscribe.
  • Security logs — max 30 days.
  • After account deletion — removed within 30 days (except minimal records required by law).

7. Your rights

Under the GDPR you have the right to access, rectification, erasure, portability, objection, restrict processing, withdraw consent, and to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie). See Data Rights for step-by-step instructions. Email privacy@onlinespiritsclub.com — we reply within one month.

8. Cookies

  • osc_user — signed HTTP-only session, 30 days.
  • osc_admin — signed admin session while an admin is logged in.

We do not use analytics, advertising, or third-party tracking cookies. If we add any, we will ask for consent first. See Cookie Policy.

9. Newsletter

Strictly opt-in. Every email includes an unsubscribe link. You can also toggle it off from your profile or email privacy@onlinespiritsclub.com.

10. Security

  • HTTPS/TLS everywhere.
  • Passwords hashed with bcrypt.
  • HTTP-only, SameSite=Lax, Secure signed session cookies (never localStorage).
  • Strict CSP, X-Frame-Options, HSTS and other security headers.
  • Server-side authorisation — session identity never trusted from client input.
  • Rate limiting on login, register, and password endpoints.
  • Strict input validation to prevent injection and XSS.

11. Children

Intended for adults working in or studying hospitality. We do not knowingly collect data from anyone under 16.

12. International users

Provided from Ireland (EU). Non-EEA processors use SCCs.

13. Changes

Material changes will be flagged by updating the date above and, where appropriate, by email.

14. Contact

Email privacy@onlinespiritsclub.com. Data controller: Online Spirits Club, Ireland. Complaint route: dataprotection.ie.