USER PRIVACY POLICY

INTRODUCTION

We are committed to protecting your personal data, and your privacy matters to us. That is why we have developed this Privacy Policy and Cookies Policy, where we explain how we collect, use, share and store your personal data when you use our website. This includes any information you may provide us with when you sign up for Vindome’s newsletter.

It is important that you read this Privacy Policy, together with our website Terms and Conditions and Cookies policy, all are available on both our website and mobile application. This will help you to be fully aware of how and why we are using your information.

Please note that VINDOME SARL keeps its Privacy Policy under regular review and may change it from time to time by updating this page. Consequently, we recommend that you check this page from time to time. This policy is effective from 14 June 2021.

This Privacy Policy gives you an overview of what happens to your personal information when you visit, register on our website, and/or download our mobile application and how to exercise your rights over it. More particularly, this Privacy Policy explains:

  • What kind of information we collect about you?
  • How is the information collected and processed by VINDOME SARL?
  • How do we store your personal information?

All references to "our", "us", "we" or "Company" within this policy are deemed to refer to VINDOME SARL.

The VINDOME /Vindome is a brand owned by us and we own and operate www.vindome.net. Personal information (hereinafter, "data") is any data which you could be personally identified with.


I. CONTROLLER

Your personal information is being processed by VINDOME SARL (Company Number RCI 19S08128), having its head office located at 1, rue Suffren Reymond, Monaco, 98000 MONACO. VINDOME SARL is a data controller responsible for your personal data.

As data controller and owner of the website and the mobile application VINDOME, VINDOME SARL is committed to ensuring that your privacy is protected.

If you have any questions regarding this Privacy Policy, about the use of your data, or if you want to exercise your rights, please contact us on [email protected].


II. HOW DO WE COLLECT YOUR DATA?

We collect, store and process pieces of information about you if you voluntarily provide us with such information when you:

  • Fill in a contact form in our website,
  • Create or modify your user's account on our mobile application,
  • Buy or sell wine using our mobile application,
  • Browse our website or our mobile application to consult products,
  • Sign up for newsletters,
  • Report a problem about our website/mobile application,
  • Accept the installation of certain cookies,
  • Contact our customer service.

Other data are collected automatically by our IT systems when you visit our website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page.


III. WHAT DATA DO WE COLLECT?

We collect, use, store and transfer the following data:

  • Personal data: first name, last name, username or similar identifier, date of birth and gender, country
  • Contact data: billing address and delivery address (if they are different), email address, mobile or landline telephone numbers
  • Financial data: your bank account details for sale orders
  • Transaction data: data associated with storage location, trade commission, storage and insurance fees, details of previous trades via our mobile application
  • Technical data: internet protocol address used to connect your device to the internet, your platform account login, browser type, time zone setting and location, operating system and other technology on the devices you use to access our website or mobile application
  • Profile data: your username and password, your favorite list of wines, your feedback, and survey responses
  • Usage data: information about how you use our mobile application, your activities in our website and mobile application, information from your internet protocol address, including full Uniform Resource Locators (URL’s) including date and time, download errors and methods used to browse away from a webpage
  • Marketing and Communication data: if you subscribe to our newsletters
  • Log Files: The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
    • Browser type
    • Operating system used
    • Referrer URL
    • Time of the server request
    • IP address

These data will not be combined with data from other sources. The compulsory or optional nature of the data to be provided is indicated at the time of collection by an asterisk. Certain data is collected automatically because of your action on the website (see the paragraph 10 on cookies). We do NOT collect any sensitive data about you.


IV. WHY DO WE NEED YOUR DATA?

We collect and process your data to provide you with a safe, optimal and efficient experience.

We will only use your data where we need to:

  • Manage our relationship to:
    • perform the contract we are about to enter or have entered into with you,
    • manage your orders as well as your deliveries and storage requests,
    • provide you with every information about our services,
    • manage your account,
    • resolve possible problems or disputes.
  • Email you with special offers on wine we think you might like with your agreement.
  • Inform you about the changes regarding our website, our mobile application or about our services.
  • Comply with any legal or regulatory obligation and enforce our terms and conditions.
  • Ensure the proper functioning of our website and/or mobile application.
  • Analyze how you use our website or mobile application.


V. WHERE DO WE STORE YOUR DATA?

Your data collected are stored in France via Microsoft Azure France. Microsoft Azure France undertakes to respect ISO/IEC 27018 standard on the protection of personal data in cloud computing.


VI. RECIPIENTS OF YOUR DATA

The data collected on our website and mobile application is intended for VINDOME SARL.

They may also be transmitted to subcontracting companies that we may call upon for the performance of our services (delivery, storage, payment) and to:

  • The Société Générale Bank and PayPal with which we have concluded a contract to provide you with a secure payment tool;
  • Our back-office service provider located in Bulgaria;
  • Google Analytics, it being specified that we have activated the internet protocol anonymization feature on our website.

VII. HOW DO WE PROTECT YOUR DATA?

Our website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection in your browser’s address line when it changes from “http” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements about sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

For your logins we use Microsoft.net solution and Identity Server 4. Moreover, your passwords are stored encrypted.


VIII. FOR HOW LONG DO WE KEEP YOUR DATA?

We keep your data for as long as necessary to fulfill the purposes for which it is collected unless we are required or permitted by law to keep your data for longer.

  • For data processed for orders purposes, problems, or disputes, transmission of newsletters, we keep your data for the duration of our relationship plus three (3) years.
  • For your account data we keep your data as long as your account is in activity and three years following the latest account activity.
  • Your credit card details are kept by our payment service provider until full payment has been made and, for evidentiary purposes in the event of a claim, for five years. The cryptogram of your card is kept only for the time necessary to complete each transaction and is not kept by our payment service provider

IX. YOUR LEGAL RIGHTS?

As a data subject you are entitled to the following rights:

  • ➔ Right to request access to your data. This enables you to request VINDOME SARL for copies of your data.
  • ➔ Right to rectification. You have the right to request that VINDOME SARL correct or update any information you believe is inaccurate, incomplete or outdated.
  • ➔ Right to erasure. You have the right to request that VINDOME SARL erase your data, in certain circumstances, such as where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • ➔ Right to object to processing. You have the right to object to VINDOME SARL's processing of your data, for legitimate reasons. You also have the right to object where we are processing your data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • ➔ Right to request restriction of processing. You have the right to request that VINDOME SARL restrict the processing of your data under certain conditions such as:
    (a) if you want us to establish the data’s accuracy;
    (b) where our use of the data is unlawful, but you do not want us to erase it;
    (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • ➔ Right to file complaints with regulatory authorities. If there has been a breach of data protection legislation, you may file a complaint with competent regulatory authorities. The competent regulatory authority for matters related to data protection is, in Monaco, the CCIN (Commission de Contrôle des Informations Nominatives).

  • CCIN Opening Hours: From Monday to Friday 9:00 am – 12:30 am and 1:30 pm to 5:30 pm. Address: «Le Suffren» Bloc B 4ème étage 7, rue Suffren Reymond 98000 - Monaco Tel : (+377).97.70.22.44 Fax : (+377).97.70.22.45 Email : [email protected]

  • ➔ Right to data portability. You have the right to have data portability. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
    Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • ➔ Right to withdraw consent to processing at any time if such processing is based on your consent.
    However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
    If you wish to exercise any of the rights set out above, please contact us at the following email address: [email protected].
    We will try to respond to all legitimate requests immediately but in any case, within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests.
    You will not have to pay a fee to access your data (or to exercise any of the other rights). However, we may charge a reasonable fee if you request is clearly unfounded, repetitive, or excessive.


X. COOKIES

If our website is to work properly, you will need to ensure that your web browser is set to accept cookies.

Cookies are small text files saved on your computer's hard disk when you browse the internet and, on a website, to collect standard internet log information and visitor behavior information.

Cookies do not harm your computer and not contain any viruses.

Some of our webpages use cookies in a range of ways to improve your experience on our website including making our website more user friendly, efficient, and secure.

When you visit our website, VINDOME SARL informs you of the use of the cookies by means of an information banner that enables you to accept or refuse the cookies.

You can decide to accept or refuse certain types of cookies by clicking on the parameters link on the cookie banner or by setting your cookies according to your browser

What kind of cookies do we use?

Most of the cookies we use are so-called “session cookies”. They are automatically deleted from your device after your visit.

We also make use of cookies which will be saved on your device for a longer period until you delete them "persistent cookies".

These cookies are user- friendly and make it possible to recognize your browser when you next visit our website and to save all your registration subscription details or passwords so that you do not have to re-enter every time you visit our website or our mobile application.

Our website also uses third-party cookies (please see paragraph 11).

How to manage cookies?

You can configure your browser to inform you about the use of cookies so that you can decide, on a case-by-case basis, whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies, under certain conditions, to always reject them or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of our website so that some of our website features may not function as a result.

For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.

Google Analytics cookies

Google analytics -The data processed are the IP address, the Internet domain name of the Internet user, the pages visited and their number, the number of times each page is displayed, the time spent on each page, the number of clicks, the name and version of the Internet user's web browser, the Internet user's operating system, the time log where the site is accessed and the pages visited. The information generated by the cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. Although the USA is considered under Monegasque law as a country without an adequate level of protection, please note that to ensure the security of your personal data that:

  • We proceed to IP anonymization - we have activated the IP anonymization feature on our website. Your IP address will be shortened by Google prior to transmission to the United States. The IP address transmitted by our browser as part of Google Analytics will not be merged with any other data held by Google, and
  • We rely either on a legal exemption listed in article 20-1 of the law 1.165, applicable to the situation, and/or on the implementation of one of the appropriate guarantees, recognized by the Commission de Contrôle des Informations Nominatives


IP anonymization - we have activated the IP anonymization feature on our website. Your IP address will be shortened by Google prior to transmission to the United States. The IP address transmitted by our browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin - you can prevent these cookies being stored selecting the appropriate settings in your browser. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the link:
https://tools.google.com/dlpage/gaoptout?hl=en

Objecting to the collection of data - you can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about Google Analytics handles user data, see Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=en


XI. HOW TO UNSUBSCRIBE OR WITHDRAW YOUR CONSENT

Where we have collected your personal information based on your consent and we have no other lawful basis on which to continue processing your information, if you subsequently withdraw your consent we will delete your personal information.

You can withdraw your consent, change your preferences, or opt out from hearing further from us by letting us know using the contact details set out at section I of this Policy or by emailing us at: [email protected].

You can also ask us to stop sending you marketing messages at any time by following the optout links on any marketing message sent to you.

However please note, where you unsubscribe from receiving e-mailed marketing communications from us, we will keep a note of your email address to make sure that we do not send you further e-mailed marketing communications in future.

Issue Date: 1 October 2021