To the extent any portions of the following Policy are inconsistent with applicable law or regulations, or to the extent you provide your express consent for uses not specifically described herein, then such laws or regulations, or your express consent, will govern the Company’s use of your information.
Changes to This Policy
Information You Provide
We collect information you provide, including, but are not limited to, the following:
We also collect information when subscriber’s upload or send information to or through the Services about their products and services (including inventory, pricing and other data), customer data, or when you participate in contests or promotions offered by the Company or our partners, respond to our surveys, or otherwise communicate with us.
The Company’s Policy is not to request or collect especially sensitive PII, such as religious preferences, racial or ethnic background or other similar forms of data.
Information We Collect from Other Sources
We may also collect information about you from third parties, including but not limited to third-party verification services, credit bureaus, mailing list providers, and publicly available sources. In some circumstances, this information sensitive or additional PII. This Policy does not, however, describe the practices of third parties that may collect information from you when you interact with them, including subscribers that use the Company to accept payment for goods or services. We encourage you to ask them about their privacy practices before providing any information to them.
When one of our applications is open on your mobile device, we periodically receive information about the location of the device. We may also identify other software running on the device (but will not collect any content from such software) for anti-fraud and malware-prevention purposes. We collect device-specific information when you access our Services, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device's interaction with our Services. When you first launch our mobile applications, you will be asked to consent to the application's collection of location information. We currently require this location information in order to provide our Services, so if you do not consent to this collection, you cannot use our Services. If you initially consent to our collection of location information, you can subsequently stop our collection of location information at any time by changing the preferences on your mobile device. If you do so, the Company application may not function or only offer a limited set of features. You may also stop our collection of location information by following the standard uninstall process to remove WineDirect applications from your device.
We do not collect any PII about you unless you voluntarily provide it to us, however, we do collect information about you when you use our Services. You may be required to provide certain PII to us when you elect to use certain products or services available on the Site. These may include: (a) registering for an account on our Site; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting a form or transmitting other information by telephone or letter; (e) submitting your credit card or other payment information when ordering and purchasing products and services on our Site; or (f) when submitting your credit card or other payment information with ordering or purchasing products and services on a subscriber’s site.
We collect information about when and where the transactions occurred, a description of the transactions, the payment or transfer amounts, billing and shipping information, and information about the devices and payment methods used to complete the transactions. When processing certain information, such as payment information with affiliated banking institutions or payment processors, we encrypt the transaction, using Transport Layer Security (TLS), in order to prevent your PII from being stolen or intercepted. Additionally, your credit card information is encrypted and stored on a restricted-access database that is away from our main Site and only accessible by authorized users.
Cookies, Web Beacons, and Log Files: We may collect data in connection with your use of the Site using various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored on your hard drive, mobile phone, or in device memory by a website. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We will provide you with a list of Cookies upon request at email@example.com. We may also collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We may use web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon. Like most standard website servers, our Services use log files. This includes IP addresses, browser type, internet service provider (“ISP”), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the Site, track users’ movement and gather demographic information for aggregate use. Such data may be used to analyze trends, to administer the Site, to track your movements around the Site and to gather demographic data about our visitor base as a whole. The data gathered by these cookies is in the form of aggregated anonymous data. IP addresses are not linked to personally identifiable devices.
We have no access or control over cookies or other features that third parties may use. As such, the Company is not responsible for the privacy practices or content of such third-party websites and applications that are subject to their own privacy policies. This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies and we encourage you to check the privacy policies of these third parties to learn more about their privacy practices. The Company does not in any way endorse or make any representations about such third-party websites and applications.
Social Media and Online Engagement
We occasionally use a variety of new technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party platforms including, but not limited to, Facebook, Twitter, LinkedIn, Instagram, and Pinterest. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal data to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal data.
We will only use your personal data in compliance with applicable law. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below. Note that we may process your personal data for more than one legal basis. We may use personal information about you as follows:
We may share personal information about you as follows:
The security of your personal data is important to us. We follow generally accepted industry standards and take appropriate commercially reasonable measures, including administrative, technical, and physical safeguards, to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. The Company is PCI compliant and follows applicable laws regarding the safeguarding of any such information under our control. We will make all commercially reasonable efforts to keep the website secure from third party interference, including but not limited to unauthorized third party amendment of the website or third party access to any data not intended to be publicly available via the website. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure. Despite our efforts, no transmission of data over the internet is guaranteed to be completely secure, and we cannot guarantee the security of any information you provide to us. Therefore, although we use industry standard practices to protect your privacy, the Company does not promise or guarantee, and you should not expect, that your personally identifiable information or communications with us will always remain private. We will notify you within 72 hours if any such third party interference occurs.
We will retain personal data which we process for as long as appropriate to provide services and products to you in accordance with any agreement in place with our subscribers and for other legitimate purposes. When you contact us, we may keep a record of personal data contained in your communication to help solve any issues that you might be facing. Your personal data may be retained for as long as appropriate to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement, and for other legitimate purposes. In determining how long we will retain personal data, we will consider all relevant factors.
If you are a subscriber or otherwise have established a contractual relationship with the Company, there is certain information we must maintain in order to properly service your account. We retain certain information in our sole discretion that we need to process your information, fulfill your requests and our obligations to you, to maintain our records in accordance with industry practices, to resolve disputes, to troubleshoot problems to enforce this Policy, or for other valid business reasons; it is not the Company’s Policy to retain more information for longer than is necessary. Please note that the Company will not remove your non-personally identifiable Use Data from our aggregated files. Furthermore, please be aware that even if you request your information to be removed from our systems, such information may never be completely removed due to technical and legal constraints, including backup and disaster recovery systems, as we have the need to keep some information to track and record your requests.
Subscribers may change or correct information about yourself by logging into your account at any time or by emailing us at firstname.lastname@example.org. You may also email us if you wish to deactivate your account. We may retain archived copies of information about you and your transactions for a period of time that is consistent with applicable law. You may opt-out of allowing us to use or share the content within your database to populate orders across any subscriber with the Company, however, this may interrupt or restrict you use of the Services. You may opt out of receiving promotional emails or text messages from the Company by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as digital receipts and messages about your account or our ongoing business relations.
If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfil our contractual obligations to you, we may not be able to perform our obligations under the contract between us. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. No withdrawal of consent will be effective until we receive it and have had a reasonable period of time to act on it. You can update your details or change your privacy preferences by contacting us as provided in “Contacting Us” below.
To review, correct, update, delete, object or otherwise limit our use of your personal data that has been provided to us, or request portability and/or details of your personal data that is held by us, please contact us using the contact information listed below in the “Contacting Us” section and clearly describe your request.
If you have registered for an account with us, you can help to ensure that your personal data is accurate and up to date by logging into your account and updating your personal data.
You may unsubscribe from marketing communications at any time by clicking the “Unsubscribe” button available at the bottom of any electronic communication we may send to you. You may also unsubscribe from any medium of communication by contacting us using the information set out in the “Contacting Us” section below.
Company as Data Processor: Users and Visitors
In certain cases, we also operate as a data processor and we collect, process and transfer personal data on behalf of our business customers in the provision of our services and products. For the purposes of this Policy, those business customers are referred to as “subscribers.” In these circumstances, Company is acting as a data processor and our subscribers remain the data controller in respect of personal data they provide to us.
Our subscribers remain the data controllers with respect to any personal data that they provide to us for our provision of services. To the extent that we are acting as data processor, we act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of customer data, as well as other matters such as the provision of access to and rectification of personal data. We will only use such personal data for the purposes of providing the services and products for which our subscribers have engaged us.
Our subscribers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their own privacy policies who their personal data is being shared with and processed by. Where the Company is acting as a data processor, we will refer any request from an individual for access to personal data which we hold about them to our customer. We will not usually respond directly to the request.
As a data processor, we may share personal data where instructed by our subscribers. Where authorized by the subscriber, we may also share personal data with third party service providers who work for us and who are subject to security and confidentiality obligations.
Responding to Requests
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) under applicable law. This is a security measure to protect personal data from being disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of your other rights) under applicable law. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Also, please note that we may refuse a request for blocking and/or deletion where continued processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims or for other purposes permitted by applicable law.
California Consumer Privacy Rights
California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. We will, to the extent required by any applicable law, disclose, delete or take any other action with respect to any of personal data that is collected by us from residents of California. Residents of California may make a request pursuant to the California Consumer Privacy Protection Act (the “California Act”) to have us, among other things:
Any such request by an individual under the California Act (1) can only be made twice in a 12-month period, (2) will require the collection of certain information by us to verify the identity of such individual, and (3) can be submitted to us at email@example.com or by calling toll free at 1-800-819-0325. We will respond to any such request within 45 days after receiving it.
The California Act requires certain additional disclosures that can be found at this page.
We will not discriminate against any individual for exercising any right made available to such individual under the California Act.
Subject to certain limitations and exceptions, if you are a resident in the European Economic Area, you have the following rights under the GDPR:
We do not sell our services to children or minors, and the Site is not intended for or directed at children or minors under the age of 21 years. As such, the Site are designed for adult user interaction. We do not knowingly or intentionally collect personal data from children or minors under the age of 21. If you believe that we may have collected personal data from someone under the age of 21 without proper consent, please let us know using the methods described in this Policy.
Please contact us with any questions or concerns regarding our Policy:
450 Green Island Road American Canyon, CA 94503
July 1, 2020
Click here to see our full terms & conditions.