To the extent any portions of the following Policy are inconsistent with applicable law or regulations, or to the extent you provide your express consent for uses not specifically described herein, then such laws or regulations, or your express consent, will govern the Company’s use of your information.
Changes to This Policy
Types of Information We Collect
Information You Provide
We collect information you provide, including, but are not limited to, the following:
- Personally Identifiable Information (“PII”): This refers to information that lets us know the specifics of who you are and other contact information. When you engage in certain activities on this Site, such as registering for an account, purchasing a product or the Services, sending us feedback, or through other means of communication, we may ask you to provide certain information about yourself.
- Basic PII may include:
- Your first and last name;
- Job title and company name;
- Mailing address, including zip code;
- Password to register with us;
- Personal interests or preferences; or,
- Other identifying information.
- Financial information when subscribing to the Services offered on the Site, including:
- Payment or credit card numbers and expiration dates;
- Other historical, contact, and demographic information relevant to responding to your inquiries and providing services to you, our Subscribers, or third parties with whom we do business.
We also collect information when subscriber’s upload or send information to or through the Services about their products and services (including inventory, pricing and other data), customer data, or when you participate in contests or promotions offered by the Company or our partners, respond to our surveys, or otherwise communicate with us.
The Company’s Policy is not to request or collect especially sensitive PII, such as religious preferences, racial or ethnic background or other similar forms of data.
- IP Addresses and Aggregate Information: This refers to information that does not by itself identify a specific individual. We may collect non-personally identifiable information about your use of the Services, such as your access times, domains, browser type, version and language, operating system, and Internet Protocol (“IP”) addresses (together, “Use Data”). This information may include the Website’s Uniform Resource Locator (“URL”) that points to the site you just come from, which URL you go to after visiting our Site and what browser you are using. This information, which is collected in a variety of different ways, is compiled and analyzed on both a personal and aggregated basis.
- With this aggregate information, we may undertake statistical and other summary analyses of the visitors’ behaviors and characteristics. We may use your IP address to help diagnose problems with our server, to administer the Site and to maintain contact with you as you navigate through the Site. We gather certain information about you based upon where you visit on our Site and what other sites may have directed you to us. We may also use this information to measure the visitors’ interest in, and use of, various areas of the Site and the various programs that we administer. Although we may share this aggregate information with third parties, none of the information we share will allow anyone to identify you, or to determine anything else personal about you based on the information we share alone.
Information We Collect from Other Sources
We may also collect information about you from third parties, including but not limited to third-party verification services, credit bureaus, mailing list providers, and publicly available sources. In some circumstances, this information sensitive or additional PII. This Policy does not, however, describe the practices of third parties that may collect information from you when you interact with them, including subscribers that use the Company to accept payment for goods or services. We encourage you to ask them about their privacy practices before providing any information to them.
When one of our applications is open on your mobile device, we periodically receive information about the location of the device. We may also identify other software running on the device (but will not collect any content from such software) for anti-fraud and malware-prevention purposes. We collect device-specific information when you access our Services, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device's interaction with our Services. When you first launch our mobile applications, you will be asked to consent to the application's collection of location information. We currently require this location information in order to provide our Services, so if you do not consent to this collection, you cannot use our Services. If you initially consent to our collection of location information, you can subsequently stop our collection of location information at any time by changing the preferences on your mobile device. If you do so, the Company application may not function or only offer a limited set of features. You may also stop our collection of location information by following the standard uninstall process to remove WineDirect applications from your device.
How We Collect and Use Information
We do not collect any PII about you unless you voluntarily provide it to us, however, we do collect information about you when you use our Services. You may be required to provide certain PII to us when you elect to use certain products or services available on the Site. These may include: (a) registering for an account on our Site; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting a form or transmitting other information by telephone or letter; (e) submitting your credit card or other payment information when ordering and purchasing products and services on our Site; or (f) when submitting your credit card or other payment information with ordering or purchasing products and services on a subscriber’s site.
We collect information about when and where the transactions occurred, a description of the transactions, the payment or transfer amounts, billing and shipping information, and information about the devices and payment methods used to complete the transactions. When processing certain information, such as payment information with affiliated banking institutions or payment processors, we encrypt the transaction, using Transport Layer Security (TLS), in order to prevent your PII from being stolen or intercepted. Additionally, your credit card information is encrypted and stored on a restricted-access database that is away from our main Site and only accessible by authorized users.
Cookies and Certain Other Forms of Information Collected
Cookies, Web Beacons, and Log Files: We may collect data in connection with your use of the Site using various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored on your hard drive, mobile phone, or in device memory by a website. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We will provide you with a list of Cookies upon request at firstname.lastname@example.org. We may also collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We may use web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon. Like most standard website servers, our Services use log files. This includes IP addresses, browser type, internet service provider (“ISP”), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the Site, track users’ movement and gather demographic information for aggregate use. Such data may be used to analyze trends, to administer the Site, to track your movements around the Site and to gather demographic data about our visitor base as a whole. The data gathered by these cookies is in the form of aggregated anonymous data. IP addresses are not linked to personally identifiable devices.
Third-Party Advertising and Analytics
We have no access or control over cookies or other features that third parties may use. As such, the Company is not responsible for the privacy practices or content of such third-party websites and applications that are subject to their own privacy policies. This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies and we encourage you to check the privacy policies of these third parties to learn more about their privacy practices. The Company does not in any way endorse or make any representations about such third-party websites and applications.
Social Media and Online Engagement
We occasionally use a variety of new technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party platforms including, but not limited to, Facebook, Twitter, LinkedIn, Instagram, and Pinterest. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal data to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal data.
Use of Information
We will only use your personal data in compliance with applicable law. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below. Note that we may process your personal data for more than one legal basis. We may use personal information about you as follows:
- We may use information about you to provide, maintain, and improve our Services and to deliver the information and support you request, including receipts, technical notices, security alerts, support and administrative messages. It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business. To ensure we offer an efficient service, we consider this use to be proportionate and will not be prejudicial or detrimental to you;
- We may use information about you to personalize the Services, or to fulfill our obligations to you pursuant to any contracts or agreements that you may enter into with the Company, or in connection with any of our programs, events or promotions in which you register or participate. It is in our legitimate interests to improve the Site in order to enhance your experience on the Site, to facilitate system administration and better our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
- We may use information about you to update you on services, products and benefits we offer. It is in our legitimate interests to market our services and products. We consider this use to be proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e. individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing.
- We may use information we collect to send you news and information about our Services and to communicate with you about products, services, contests, promotions, incentives, and rewards offered by us and select partners, including subscribers;
- We may use information about you to establish and activate your account, provide assistance or support with respect to your use of our Services, troubleshoot problems and to resolve disputes that may arise. For example, when you register for an account, we may associate certain information with your new account, such as information about other accounts you have or had with the Company and prior transactions you made through the Services;
- Only if you consent and opt-in, we may provide features that access customer demographic information from one of your customers when an order is placed at a different customer. The information collected during the process is used to pre-populate customer information (as a convenience to the customer) on an order so the customer does not have to enter all of their information again;
- We may use information about you to track and analyze trends and usage in connection with our Services; to improve content, advertising or Services, to process and deliver contest and promotion entries and rewards; to protect our rights or property; to verify your identity; to investigate and prevent fraud or other illegal activities; and for any other purpose disclosed to you in connection with our Services;
- We may, or we may use third-party service providers to, process and store personal information in the United States and other countries;
- We may use information about you to send you information regarding changes to our policies, other terms and conditions and other administrative information. It is in our legitimate interests to ensure that any changes to our policies, other terms and administrative information are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
- We may use information about you to administer the Sites including data analysis, testing, research, statistical and survey purposes. It is in our legitimate interests to monitor and analyze usage and trends. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you;
- We may use information about you to help keep the Sites safe and secure. For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to have network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
- We may use information about you to measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you. It is in our legitimate interests to continually improve our offering and to develop our business. We consider this use to be necessary in order to effectively generate business and will not be prejudicial or detrimental to you.
- We may use information about you to enforce the terms and conditions and any contracts entered into with you.
Sharing of Information
We may share personal information about you as follows:
- With our subscribers on whose behalf you submit your information to us, or who originally submitted your information to us;
- With our subscribers with whom we use the content within your database to populate orders across any subscriber in the Company, if you consent;
- With third parties that provide information processing services to us, that maintain and improve our Services, including service providers who access information about you to perform services on our behalf (e.g., fraud prevention and verification services), and including financial institutions, processors, payment card associations, and other entities that are part of the payment or transfer process. Personal data will also be shared with our third-party service providers and business partners who assist with the running of the Sites and our services and products (including hosting providers, email service providers and payment processing partners). We may also share aggregated, non-personally identifiable information with third parties;
- In addition, we may disclose personal data about you when we believe that such use or disclosure is reasonably appropriate to: comply with any legal or governmental regulatory obligation or request; enforce the terms of our agreements; establish, exercise or defend the rights of Company, our staff, customers or others; protect our rights, property, safety or vital interests, or the rights, property, safety or vital interests of our users or other third parties; and implement the purchase of all or substantially all of our assets, a merger, or other similar transaction that results in a change of control.
The security of your personal data is important to us. We follow generally accepted industry standards and take appropriate commercially reasonable measures, including administrative, technical, and physical safeguards, to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. The Company is PCI compliant and follows applicable laws regarding the safeguarding of any such information under our control. We will make all commercially reasonable efforts to keep the website secure from third party interference, including but not limited to unauthorized third party amendment of the website or third party access to any data not intended to be publicly available via the website. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure. Despite our efforts, no transmission of data over the internet is guaranteed to be completely secure, and we cannot guarantee the security of any information you provide to us. Therefore, although we use industry standard practices to protect your privacy, the Company does not promise or guarantee, and you should not expect, that your personally identifiable information or communications with us will always remain private. We will notify you within 72 hours if any such third party interference occurs.
Data Retention: How Long We Keep Your Personal Data
We will retain personal data which we process for as long as appropriate to provide services and products to you in accordance with any agreement in place with our subscribers and for other legitimate purposes. When you contact us, we may keep a record of personal data contained in your communication to help solve any issues that you might be facing. Your personal data may be retained for as long as appropriate to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement, and for other legitimate purposes. In determining how long we will retain personal data, we will consider all relevant factors.
Updating Your Information
If you are a subscriber or otherwise have established a contractual relationship with the Company, there is certain information we must maintain in order to properly service your account. We retain certain information in our sole discretion that we need to process your information, fulfill your requests and our obligations to you, to maintain our records in accordance with industry practices, to resolve disputes, to troubleshoot problems to enforce this Policy, or for other valid business reasons; it is not the Company’s Policy to retain more information for longer than is necessary. Please note that the Company will not remove your non-personally identifiable Use Data from our aggregated files. Furthermore, please be aware that even if you request your information to be removed from our systems, such information may never be completely removed due to technical and legal constraints, including backup and disaster recovery systems, as we have the need to keep some information to track and record your requests.
Subscribers may change or correct information about yourself by logging into your account at any time or by emailing us at email@example.com. You may also email us if you wish to deactivate your account. We may retain archived copies of information about you and your transactions for a period of time that is consistent with applicable law. You may opt-out of allowing us to use or share the content within your database to populate orders across any subscriber with the Company, however, this may interrupt or restrict you use of the Services. You may opt out of receiving promotional emails or text messages from the Company by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as digital receipts and messages about your account or our ongoing business relations.
If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfil our contractual obligations to you, we may not be able to perform our obligations under the contract between us. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. No withdrawal of consent will be effective until we receive it and have had a reasonable period of time to act on it. You can update your details or change your privacy preferences by contacting us as provided in “Contacting Us” below.
To review, correct, update, delete, object or otherwise limit our use of your personal data that has been provided to us, or request portability and/or details of your personal data that is held by us, please contact us using the contact information listed below in the “Contacting Us” section and clearly describe your request.
If you have registered for an account with us, you can help to ensure that your personal data is accurate and up to date by logging into your account and updating your personal data.
You may unsubscribe from marketing communications at any time by clicking the “Unsubscribe” button available at the bottom of any electronic communication we may send to you. You may also unsubscribe from any medium of communication by contacting us using the information set out in the “Contacting Us” section below.
Company as Data Processor: Users and Visitors
In certain cases, we also operate as a data processor and we collect, process and transfer personal data on behalf of our business customers in the provision of our services and products. For the purposes of this Policy, those business customers are referred to as “subscribers.” In these circumstances, Company is acting as a data processor and our subscribers remain the data controller in respect of personal data they provide to us.
Our subscribers remain the data controllers with respect to any personal data that they provide to us for our provision of services. To the extent that we are acting as data processor, we act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of customer data, as well as other matters such as the provision of access to and rectification of personal data. We will only use such personal data for the purposes of providing the services and products for which our subscribers have engaged us.
Our subscribers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their own privacy policies who their personal data is being shared with and processed by. Where the Company is acting as a data processor, we will refer any request from an individual for access to personal data which we hold about them to our customer. We will not usually respond directly to the request.
As a data processor, we may share personal data where instructed by our subscribers. Where authorized by the subscriber, we may also share personal data with third party service providers who work for us and who are subject to security and confidentiality obligations.
Responding to Requests
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) under applicable law. This is a security measure to protect personal data from being disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of your other rights) under applicable law. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Also, please note that we may refuse a request for blocking and/or deletion where continued processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims or for other purposes permitted by applicable law.
California Consumer Privacy Rights
California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. We will, to the extent required by any applicable law, disclose, delete or take any other action with respect to any of personal data that is collected by us from residents of California. Residents of California may make a request pursuant to the California Consumer Privacy Protection Act (the “California Act”) to have us, among other things:
- Disclose to you
- The categories of your personal data that is collected by us;
- The categories of sources from whom or which such personal data is collected by us;
- The purposes for our collecting such personal data;
- The categories of third parties to whom or which we transfer such personal data;
- The specific pieces of such personal data collected by us; and
- If such personal data is sold or disclosed for a business purpose to a third party, the categories of such personal data that are sold or disclosed for a business purpose, and the categories of third parties to which or whom such personal data are sold or disclosed for a business purpose; and
- Except in certain circumstances, delete your personal data that is collected by us.
Any such request by an individual under the California Act (1) can only be made twice in a 12-month period, (2) will require the collection of certain information by us to verify the identity of such individual, and (3) can be submitted to us at firstname.lastname@example.org or by calling toll free at 1-800-819-0325. We will respond to any such request within 45 days after receiving it.
The California Act requires certain additional disclosures that can be found at this page.
We will not discriminate against any individual for exercising any right made available to such individual under the California Act.
General Data Protection Regulation
Subject to certain limitations and exceptions, if you are a resident in the European Economic Area, you have the following rights under the GDPR:
- Access to personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Correction of personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of personal data. This enables you to ask us to delete personal data when there is no good reason for us continuing to process it. You also have the right to ask us to delete your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully or when we are required to erase your personal data to comply with applicable law.
- Restriction of processing personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) when our use of personal data is unlawful, but you do not want us to erase it; (c) when you want us to hold personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of personal data, subject to our verifying whether we have an overriding legitimate interest to continue using it.
- Request transfer of personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Right to withdraw consent. You can withdraw your consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
We do not sell our services to children or minors, and the Site is not intended for or directed at children or minors under the age of 21 years. As such, the Site are designed for adult user interaction. We do not knowingly or intentionally collect personal data from children or minors under the age of 21. If you believe that we may have collected personal data from someone under the age of 21 without proper consent, please let us know using the methods described in this Policy.