Privacy Policy Notice​

This privacy policy notice is for this website; [] and served by Beer Swaps Limited t/a Ninkasi Rentals & Finance, a company registered in England and Wales (CRN 09454655) and whose registered office is Towngate House, 2-8 Parkstone Road, Poole Dorset, BH15 2PW and governs the privacy of those who use it and interact with the business. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information , including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.

Policy key definitions:

  • "I", "our", "us", or "we" refer to the business, Beer Swaps Limited t/a Ninkasi Rentals & Finance.

  • "you", "the user" refer to the person(s) using this website.

  • GDPR means General Data Protection Regulation.

  • PECR means Privacy & Electronic Communications Regulation.

  • ICO means Information Commissioner's Office.

  • Cookies mean small files stored on a user’s computer or device

For the purposes of data protection law, we are a data controller in respect of your personal data. We collect and use your personal data and where applicable this may include information related to your spouse/partner, directors, partners and owners (your “representatives”). We are responsible for ensuring that it uses your personal data in compliance with data protection law. We are registered with the ICO under the Data Protection Register, our registration number is: ZA273202 

This notice applies to any personal data we receive from you, create or obtain from other sources and explains how it will be used by us. It is important that you take the time to read this notice so that you understand how we will use your personal data and your rights in relation to your personal data.

1.0 Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;

  • The right to object to our processing of your personal data where we process your personal data pursuant to our legitimate business interests. Please note that there may be circumstances where you object to our processing of your personal data but we may be legally entitled to refuse that request.

  • The right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you.

  • The right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so.

  • In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.

  • The right to request that we rectify your personal data if it is inaccurate or incomplete.

  • The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it.

  • The right to request that we restrict our processing of your personal data in certain circumstances. Please note that there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request.

  • The right to object to any automated decision making (including profiling) which we conduct based on your personal data, which significantly affects you. Please note that there may be circumstances where you object to us conducting automated decision making but we are legally entitled to refuse that request.

  • The right to object to the processing of your personal data for direct marketing purposes.

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

You can exercise your rights by contacting us using the details set out in section 10.0 below.

2.0 Relevant Legislation

Our business, internal computer system and this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

Compliance with the above legislation, all of which are stringent in nature, means that this site is likely to be compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation, you should contact us.

3.0 Personal data that we collect about you

We will collect and use the following personal data about you and your representatives:

3.1 Information you give us

  • This is information about you and your representatives that you give us by filling in forms or by corresponding with us by telephone, e-mail or otherwise. The information you give us may include your and your representatives’ name, address, e-mail address and telephone number, financial and credit card information, employment history, health information, credit history, identification records, qualifications and vehicle or asset details.

  • You must ensure that in respect of any information you provide us with, which does not relate to you (for example, information about your representatives), you have obtained the necessary consent in order to disclose such information and provided the individual to whom the information relates with a copy of this notice.

  • Should you choose to add a comment to any posts that we have published on our website or submit a message through our enquiry form, the name and email address you enter with your comments will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted. This information is only used to identify you as a contributor / potential customer. Your comments and associated personal data will remain on this site until we see fit to either 1.) remove the comment, 2.) remove the blog post or 3.) remove the data. 

3.2 Information we collect or generate about you and your representatives 

  • Website Usage Information – Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 7.0 below). GA makes use of cookies, details of which can be found on Google’s developer guides. FYI our website uses the analytics.js implementation of GA. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

  • We sometimes record telephone conversations to resolve complaints, improve our service and for training and quality assurance purposes. You will always be informed if a conversation is being recorded and asked to give consent.

  • We generate data for statistical analysis. 


3.3 Cookies

  • We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third-party website. Some cookies are required to enjoy and use the full functionality of this website. We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

3.4 Information we receive from other sources

  • Financial/ Credit Information – We will use information provided by credit reference agencies when assessing your application for finance and to verify your or, if applicable, your representatives identity.  Such information may include some details about other credit you have taken out, any credit arrangements you have met or failed to meet, and any court judgments made against you.

  • Fraud Prevention Agencies – When verifying your identity as part of our application process, we may access information recorded by fraud prevention agencies within and outside the UK. This may include information about any criminal convictions and any allegations regarding criminal activity that relate to you. 

  • Intermediaries – We will receive information from dealers, brokers and introducers including your personal details, contact details and relevant asset or policy details for the purposes of entering in to and administering your agreement.

  • Social Media Profile – Where you have clicked through one of our promotions or event notices posted on a third party social media website such as Twitter or Facebook, we will receive your contact information provided as part of your user profile such as your name, e-mail address and telephone number and any other relevant business information such as your organisation’s name, address and your industry.  Some of this information may be prepopulated based on your social media profile; other parts may be completed by you, as and when requested.

  • Public databases – we may obtain information about individuals from public databases. We use reputable sources including but not limited to the electoral register and Companies House. We employ appropriate measures to assure the quality of information which we collect.

4.0 How we use your personal data

Your personal data may be used by us in the following ways:

4.1 Credit Scoring & Crime Prevention

  • To verify your identity as part of the account opening process for new customers;

  • For making a credit check on you. We may carry out a search with a credit reference agency who will keep a record of our enquiry against your name and which may be linked to your representatives (“associated records”). For the purposes of any application for products or services from us, you may be assessed with reference to “associated records”. Where any search or application is completed or agreement entered into involving joint parties, we may record details at credit reference agencies, as a result an “association” will be created that will link your financial records. Details of which credit reference agency we have used are available on request. We may also add to your or, if applicable, your business’s, record with the credit reference agencies details of your agreement with us, any payments you make under it and any default or failure to keep to its terms. These records will remain on the credit reference agencies’ files for 6 years after our agreement with you is settled or terminated whether settled by you or, if applicable, your business or by way of default. These credit reference agencies may create, or add to, their own record about you, or, if applicable, your business, details of our search and your application. This and other information about you or, if applicable, your business and those with whom you are linked financially may be used to make credit decisions about you or your business; 

  • You can find further information about how credit reference agencies (Experian) may process your personal data at [] or you can contact us to obtain a paper copy of this information;]

  • We may use credit scoring techniques and automated decision making systems to either fully or partially assess your information. These credit scoring techniques and automated decision making systems may take into account any previous applications for finance, defaults or existing debt. The results of this decision may decide whether we provide you with our services or not. If you disagree with the results of an automated decision, you can request a review of your application;

  • To allow us to detect and prevent fraudulent activity including sharing personal data with fraud prevention agencies; and

  • To allow us to detect and prevent money laundering activity or terrorist financing.


4.2 Products & Services

  • To provide you with information, products or services that you may request from us;

  • To carry out our obligations arising from any agreements you enter into with us;

  • To make payments;

  • To recover monies;

  • Where we are permitted to do so, to send promotional information about our products and services via methods such as e-mail, post, telephone, etc.; and 

  • To contact you via post, e-mail or telephone in relation to the administration of your account or to carry out quality control research.

4.3 Email marketing messages & subscription

  • Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in section 3.0 above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third-party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

  • Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

  • If you choose to join our email newsletter, the email address that you submit to us will be forwarded to our EMS provider, MailChimp, who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section 7.0 below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.

  • Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

  • While your email address remains within the MailChimp database, you will receive periodic (approximately one per month) newsletter-style emails from us. Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also  unsubscribe from all MailChimp lists, by following this link, otherwise contact us directly.

4.4 Statistical Analysis

  • As part of our legal and regulatory obligations, to conduct statistical analysis in order to improve our credit risk profile, tackle fraud, and improve our credit decisions. This may include statistical analysis on your personal data even if your application is declined by us or you decide not to complete your application with us; and 

  • In order to identify and offer you tailored products and services that are suitable for you and improve our service.

5.0 Legal basis for processing your personal data

We process your personal data pursuant to the following legal bases:

  • Your consent to share your personal data with third party affiliates who may wish to offer you products and services which may be of interest to you;

  • Taking steps (at your request) prior to entering into an agreement with you, and subsequently for the administration and performance of our agreement with you;

  • To comply with our legal and regulatory obligations;

  • To establish, exercise or defend our legal rights and / or for the purpose of (or in connection with) legal proceedings; and

  • The use of your personal data as described is necessary for our legitimate business interests which are:

- enforcing the terms and conditions of any agreement we have with you; 

- the recovery of outstanding debts existing under an agreement with you;

- for statistical analysis to improve our products and services; or

- to contact you about products and services that may be of interest to you. You may object to this at any time by contacting us at or by mail addressed to: Ninkasi Rentals & Finance, Corporate Asset Solutions, Manor Farm, Chilworth Old Village, Soutahmpton, Hampshire, SO16 7JP.

6.0 Sharing your personal data

We may disclose your personal data to third party service providers in the circumstances described below:

  • To ensure the delivery or maintenance of products or services you have taken out with us;

  • To ensure the safety and security of our data; and

  • As part of our internal research and statistical analysis activity.

We will take steps to ensure that the personal data is accessed only by personnel that have a need to do so for the purposes described in this notice.

We may also share your personal data outside of our organisation:

  • To our professional advisers in order to enforce or apply the terms of use and other agreements you have with us;

  • To an insurer or insurers for administration; 

  • To claims handlers and fraud prevention agencies;

  • To any guarantor;

  • To any funder in order to enable funders to assess the value of our assets; 

  • To any broker or introducer of an agreement with us;

  • To tracing and repossession agents;

  • If we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;

  • If we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer; 

  • To third party agents or contractors (for example, the providers of our electronic data storage services or call centres) for the purposes of providing services to us.

We will not share any of the information you provide with any third parties for marketing purposes.

We may also share your personal data outside of our organisation to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation including but not limited to disclosures made to: 

  • Credit agencies;

  • Companies House

  • Central Credit Register,

  • and to establish, exercise or defend our legal rights.

7.0 Third Party Data Processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. Where third parties are based in the USA, they have been checked to be EU-U.S Privacy Shield compliant. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it and they will only use your personal data as described in this privacy notice. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. 

8.0 Data Storage

As detailed in section 3.1 above, if you submit a comment or an enquiry on this website, some personal information will be stored within this website’s database. This is currently the only occasion where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on. 

This website is hosted by Wix who has servers all over the world. Here is what they do to protect information that they hold on their servers:

  • Wix contracts security consultants to ensure the security of our user information. They perform regular security audits and infiltration testing to maintain our ISO/PCI security certifications. Any issues that are reported to our security team or raised during security audits these are resolved as soon as possible.

  • Wix encrypts databases containing sensitive information, according to PCI standards, to add additional protection of personally identifiable information. Our encryption methods renders this information unreadable without a cryptographic key. 

  • Wix has a multiple layer security architecture to help protect against 0-day security issues. 

  • Wix's signup and login services are completed through a secure server. The information provided to Wix in the signup process is secured via HTTPS/ SSL communication. 

  • Wix uses cryptography hash functions to protect your information. Your password is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from our servers.

Some Data may be taken off this website and stored in our own files on Microsoft's OneDrive. In OneDrive for Business and SharePoint Online, there are two scenarios in which data enters and exits the datacenters.

  • Client communication with the server    Communication to OneDrive for Business across the Internet uses SSL/TLS connections. All SSL connections are established using 2048-bit keys.

  • Data movement between datacenters    The primary reason to move data between datacenters is for geo-replication to enable disaster recovery. For instance, SQL Server transaction logs and blob storage deltas travel along this pipe. While this data is already transmitted by using a private network, it is further protected with best-in-class encryption.

Encryption at rest includes two components: BitLocker disk-level encryption and per-file encryption of customer content. BitLocker is deployed for OneDrive for Business and SharePoint Online across the service. Per-file encryption is also in OneDrive for Business and SharePoint Online in Office 365 multi-tenant and new dedicated environments that are built on multi-tenant technology.


While BitLocker encrypts all data on a disk, per-file encryption goes even further by including a unique encryption key for each file. Further, every update to every file is encrypted using its own encryption key. Before they’re stored, the keys to the encrypted content are stored in a physically separate location from the content. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The encrypted content is distributed across a number of containers throughout the datacenter, and each container has unique credentials. These credentials are stored in a separate physical location from either the content or the content keys.

For additional information about FIPS 140-2 compliance, see FIPS 140-2 Compliance.

File-level encryption at rest takes advantage of blob storage to provide for virtually unlimited storage growth and to enable unprecedented protection. All customer content in OneDrive for Business and SharePoint Onlinewill be migrated to blob storage. Here’s how that data is secured:

  1. All content is encrypted, potentially with multiple keys, and distributed across the datacenter. Each file to be stored is broken into one or more chunks, depending its size. Then, each chunk is encrypted using its own unique key. Updates are handled similarly: the set of changes, or deltas, submitted by a user is broken into chunks, and each is encrypted with its own key.

  2. All of these chunks—files, pieces of files, and update deltas—are stored as blobs in our blob store. They also are randomly distributed across multiple blob containers.

  3. The “map” used to re-assemble the file from its components is stored in the Content Database.

  4. Each blob container has its own unique credentials per access type (read, write, enumerate, and delete). Each set of credentials is held in the secure Key Store and is regularly refreshed.

In other words, there are three different types of stores involved in per-file encryption at rest, each with a distinct function:

  • Content is stored as encrypted blobs in the blob store. The key to each chunk of content is encrypted and stored separately in the content database. The content itself holds no clue as to how it can be decrypted.

  • The Content Database is a SQL Server database. It holds the map required to locate and reassemble all of the content blobs held in the blob store as well as the keys needed to decrypt those blobs.

Each of these three storage components—the blob store, the Content Database, and the Key Store—is physically separate. The information held in any one of the components is unusable on its own. This provides an unprecedented level of security. Without access to all three it is impossible to retrieve the keys to the chunks, decrypt the keys to make them usable, associate the keys with their corresponding chunks, decrypt any chunk, or reconstruct a document from its constituent chunks.

9.0 Changes to our privacy policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

10.0 Contact us 

Beer Swaps Limited t/a Ninkasi Rentals & Finance is registered in the UK, ourregistered address is at Towngate House, 2-8 Parkstone Road, Poole, Dorset, BH15 2PW and our company registration number is 09454655

Please contact us if you have any questions about our privacy policy or personal data we hold about you:

Write to us at the following address: Ninkasi Rentals & Finance, Corporate Asset Solutions, Manor Farm, Chilworth Old Village, Soutahmpton, Hampshire, SO16 7JP

By email:

  • White Facebook Icon
  • White Twitter Icon
  • White Instagram Icon
  • White YouTube Icon