PRIVACY POLICY

 Latest update: 02-05-2023

(English Version is for your understanding only, the official legal one is German and to be accessed by switching the languages at the bottom right corner)

 

Welcome to our Privacy Policy, Wyrd-Wine loves good wine as much as it cares for its customers’ privacy. In fact, we at Wyrd-Wine believe that personal data is like fine wine, it should be handled with care and only shared with those who can appreciate its value. Just like our fine wine, your personal data is stored by us in a secure place, respected, and treated with the attention it deserves.

In this section, you’ll find out how our processing of your personal data through the website www.wyrd-wine.com (in following: “our website”) and in the performance of our services to you, complies with the requirements of EU Law on the processing of personal data, specifically Regulation 2016/679 (GDPR).

Data Controller and contact details

If your personal data is the wine, the Data Controller is the owner of the winery, the one responsible for ensuring that it is stored and handled in a manner that maintains its quality and value.

VINUM SABBATI UG (haftungsbeschränkt) is the Data Controller of the personal data collected, or otherwise processed by our website and in the performance of our services. The Data Controller can be reached at this address: Rosenheimer Str. 8, 83139 Söchtenau / Germany, or through the e-mail address info@vinum-sabbati.com.

Purposes of the processing and Legal Basis

When you shop on our websites, we collect and store information such as your name, mailing address, e-mail address, and payment information. This information is processed for specific purposes, and each of these purposes is legitimate, having a specific legal ground. We do not process personal data without a purpose and a legal basis, as much as we do not open a good bottle of wine without a reason and the right occasion.

The following table shows purposes and legal basis for processing your personal data:

 

Purpose

Legal Basis

Registration on our website – the information and personal data requested in order to register to our website will be used to allow the access to your personal area on the website, where you can see the history of your purchases, as well as to allow you to take advantage of the benefits offered to registered users.

Processing is necessary for the performance of a service requested by the data subject or in order to take steps at the request of the data subject prior to entering into a contract [Art. 6(1)(b) GDPR].

Purchase and online shopping – the data is necessary to allow the conclusion of the purchasing contract, as well as the legitimate processing activities connected to the contract, including, but not limited to fiscal requirements.

Processing is necessary for the performance of a service requested by the data subject or in order to take steps at the request of the data subject prior to entering into a contract [Art. 6(1)(b) GDPR].

Marketing purposes – sharing advertising material, including our newsletter, with you concerning products and/or services offered by us. Your consent will be separately requested if we intend to share your personal data with third parties for marketing purposes.

The data subject has given consent to the processing of his or her personal data for one or more specific purposes [Art. 6(1)(a) GDPR].

Profiling – analysis of your preferences and choices in order to tailor our suggestions and recommendations to you.

The data subject has given consent to the processing of his or her personal data for one or more specific purposes [Art. 6(1)(a) GDPR].

Recommending wine similar to the one previously bought by you (i.e., soft spam) – provided that you have not objected to the use of your information for such purpose, we may use the email contact information made available by our existing customers to recommend them products which are similar to the one previously purchased. In any case, customers will be able to object to this processing in every moment and in each individual communication with them.

Processing is made legitimate by a legal obligation [Art. 6(1)(c) GDPR].

Applicable only where allowed by Member States law

Germany – Section 7(3) of the German Act Against Unfair Competition UWG;

Italy – Guidelines on Marketing and against Spam - 4 July 2013

 

 
Customer care (i.e., answering to your requests via web or telephone) in order to answer to your requests though our customer care service we will need to process some of your personal data, based on your request. An objection to such processing won’t allow us to answer to your questions. Processing is necessary for the purposes of the legitimate interests pursued by the controller [Art. 6(1)(f) GDPR].

 

Wyrd-Wine is a family-owned, ethically oriented business. We do not want to bother our clients and prospects with intrusive advertising and aseptic marketing material, for this reason, the consent to the use of your personal data for marketing and profiling purposes is completely free and unconditional. This means, also, that you can always revoke it at any time by following the instruction in the paragraph “Your rights as data subject” of this policy. In case you won’t prefer to have your personal data processed for the purposes that require your consent you won’t receive any advertising from us, nor we will be able to perform marketing analyses that concern your purchases, nor we will share with you our newsletters. Where requested, in case you won’t consent to our profiling processing activities, we won’t be able to share with you marketing material that is tailored to your specific taste. In addition, if you are located in specific EU Member States (e.g., Italy, Germany), and provided that you are effectively our client (which means you have previously bought wine from us), we will be able to recommend you wine that is similar to the one previously bought by you. You will always be able to object to this kind of marketing communication in each one of our e-mails, as well as by contacting us at info@vinum-sabbati.com.

Finally, we may process your personal data in order to comply with legal obligations to which we are subject.

Categories of processed personal data and means of processing

We believe in data minimization as much as we believe in SO2 minimization, this is why we will process only the information about you that is strictly necessary for us in order to provide you with our services (e.g., e-mail, name, surname, address, telephone number).

We won’t process any form of special category or personal data (so called, “sensitive data”) nor judicial data about you.

In order to allow you to conclude your purchase, you will be required to insert your credit card/debit card data that will be securely processed by our payment service provider (Data Controller of this information for the performance of its services). This data won’t, in any way, be processed by us or our servers.

A cookie is a piece of data downloaded to a computer by a website, it contains details of the preference of that computer’s user which identify the user when revisiting that website. To have more information on the use of cookies by our website, please refer to our Cookie Policy.

Our processing of your personal data will be performed through electronic means in accordance with the technical and operational security measures required by the law. This allows us to guarantee the adequate confidentiality and integrity of your data, as well as the constant availability of our services. In particular, we have adopted measures to guarantee that the access to your personal data is allowed only to authorized personnel.

Communication and disclosure of your personal data

The data we collect will only be communicated to third parties in the following cases:

  • To public authorities in case of explicit requests and where required by law
  • To third parties and service providers supporting us in the mailing and delivery of your purchase
  • To online-payment service providers supporting us in the management of your payment through our website
  • To third parties and service providers supporting us in the management of our IT equipment or in the definition of the update, installation and maintenance of our IT infrastructure
  • In connection with official inquiries, court decisions and legal proceedings if this is necessary for legal prosecution or enforcement
  • Where we have explicitly asked for your consent to this transfer

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned above, this may include, in particular, data centers that store our website and databases, software providers, IT service providers who maintain our systems, and consulting companies. If we transfer personal data to our service providers, they are required by law, and contractually bound with us, to use it only to fulfill their tasks. We chose our service providers also based on their care and attention towards personal data processing. They are contractually bound to follow our instructions, have suitable technical and organizational measures to protect your rights and freedoms and are regularly checked by us. We do not publicly disclose any of your personal data.

Storage period

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to the existence of statutory retention requirements.

For evidence purposes, we are required by law to keep data for 10 years from the end of the business relationship with you.

The data we collect for marketing and profiling purposes will only be stored for 3 years. After this period we will either delete the data or request a renewal of your consent.

Your rights as data subject

In accordance with Art. 13 of the GDPR, we inform you about your privacy rights:

You have the right to receive information and access the personal data we process about you, to request the rectification of your data, the request deletion of your personal data or to request the restriction of processing your data. In addition, you have the right to receive your personal data in in a structured, common and machine-readable format (so-called data portability). If we process your personal data on the basis of our legitimate interests (Art. 6(1)(f) GDPR), you can object to such processing.

The way you can exercise these rights is by contacting us at our email address info@vinum-sabbati.com. We will do our best to satisfy your request without undue delay and by the times provided by the law.

In accordance with Art. 77 GDPR and without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider the processing of Personal Data relating to you to be in violation of the GDPR. The competent supervisory authority for Wyrd-Wine is the Bayerischer Landesbeauftragte für Datenschutz, Postfach 22 12 19, 80502 Munich, Germany, www.datenschutz-bayern.de.

As previously mentioned, you have the right to withdraw your consent at any time. As a result, we will no longer continue to perform the processing activities based on your consent. In such cases, we will be required to erase your personal data only where we do not have to process it in the context of another processing activities which relies on a different legal basis. Withdrawing your consent will not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

Any inquiries about the assertion of data protection rights and our answers to them will be stored for documentation purposes for a period of up to 10 years in case of exercise or defence of legal claims. The legal basis for this storage is Art. 6(1)(f) GDPR, based on our legitimate interest in defending against any claims, avoiding fines and fulfilling our accountability.

Changes to this Privacy Policy

We will occasionally update this Privacy Policy, for example if we modify our website and processing activities, or if the legal requirements change.  If you are registered to our website, substantial changes to our Privacy Policy will be communicated to you by e-mail. In any case, we invite you to keep an eye on this webpage in case of changes.