Privacy Policy for Stone Hill Wines
Stone Hill Wines (“we,” “us,” or “our”) is firmly committed to upholding the highest standards of privacy, transparency, and data protection. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you visit or interact with our website at stonehillwines.com, make purchases, or otherwise engage with our services. We process your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to ensure your rights and freedoms are respected.
1. Scope of This Policy and Data Controller Responsibility
This Privacy Policy applies to all users of our website and services worldwide. For the purposes of the GDPR and other applicable laws, Stone Hill Wines is the data controller of the personal data we process. This includes any data we collect via stonehillwines.com or through our customer support channels at [email protected].
By accessing or using our services, you consent to the practices described herein. This Policy does not apply to third-party websites, platforms, or services that may be linked through our website.
2. Categories of Personal Data We Process
We may collect and process the following categories of personal data, depending on your use of our website and services:
a. Usage Data:
Includes information such as your browser type and version, IP address, referring and exit pages, time zone settings, date/time stamps, and page interaction data.
b. Account Data:
Includes your full name, billing and shipping addresses, email address, and telephone number when you create an account or place an order.
c. Profile Data:
Includes your preferences, order history, purchase behavior, and participation in promotions, surveys, or loyalty programs.
d. Communication Data:
Includes all correspondence with customer support, submitted contact forms, reviews, and messaging history.
e. Technical Data:
Includes device type, operating system, screen resolution, mobile device identifiers, language preferences, and system configurations.
f. Transaction Data:
Includes payment information (such as masked card numbers or third-party payment tokens), transaction value, order history, and delivery tracking data.
g. Preference Data:
Includes your marketing and communication preferences, product interests, and opt-in/opt-out choices pursuant to privacy laws.
3. Legal Bases for Processing
We use your personal data only when we have a lawful basis to do so. Depending on your location and the nature of our interaction, we may rely on one or more of the following legal grounds:
– Legitimate Interest: To manage our business operations, improve services, prevent fraud, and communicate efficiently.
– Contractual Obligation: Where processing is necessary for the performance of a contract with you (e.g., processing orders or providing customer support).
– Consent: When you have explicitly consented to data processing activities, such as receiving marketing communications.
– Compliance with Legal Obligations: To meet legal and regulatory requirements including tax and consumer protection laws.
4. Your Data Protection Rights
Subject to applicable legal requirements and limitations, you may exercise the following data protection rights:
– Right of Access: Obtain confirmation and a copy of your personal data we hold.
– Right of Rectification: Request corrections to inaccurate or incomplete data.
– Right of Erasure: Request deletion of your data, barring regulatory or contractual retention obligations.
– Right to Restrict Processing: Request temporary restriction of processing under qualifying circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format to transmit to another controller.
To assert any of these rights, please contact us at [email protected]. We may request identity verification before complying with your request.
5. Security Measures
We implement comprehensive technical and organizational safeguards designed to protect your personal data against unauthorized access, disclosure, alteration, and destruction.
These measures include:
– SSL (Secure Socket Layer) encryption during transmission
– Role-based access controls and authentication mechanisms
– Regularly updated firewalls and anti-malware scanning
– Encrypted data storage protocols
– Staff confidentiality agreements and data protection training
– Routine back-ups and disaster recovery protocols
6. International Data Transfers
As we work with third-party service providers and infrastructure that may be located outside your country of residence, your personal data may be stored or processed in jurisdictions with differing data protection standards. When transferring data internationally, we ensure compliance with applicable legal frameworks such as:
– Standard Contractual Clauses approved by the European Commission for GDPR regions
– Adequacy decisions where applicable
– Compliance measures for CCPA-resident data if data processing occurs outside the United States
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purpose for which it was collected, including legal, accounting, or reporting obligations. Specific data types are retained as follows:
– Account & Profile Data: Retained for the life of the account and up to 6 months after termination
– Transaction Data: Retained for 7 years to comply with tax and audit obligations
– Communication Data: Retained for 3 years for quality assurance and dispute resolution
– Preference and Consent Records: Retained indefinitely or until updated or withdrawn
– Technical and Usage Data: Retained for 12 months for analytics and system performance
8. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience and analyze traffic. Categories of cookies we use include:
– Essential Cookies: Necessary for site functionality, account access, and secure transactions
– Functional Cookies: Remember site preferences, enable personalization features
– Analytics Cookies: Collect aggregated data on site usage to help us optimize performance
– Performance Cookies: Measure responsiveness and technical diagnostics
9. Cookie Preference Management and Compliance
We provide cookie consent banners and tools in accordance with GDPR and CCPA requirements. Upon your first visit to stonehillwines.com, you will have the opportunity to consent to non-essential cookies. You may change your preferences or withdraw consent at any time via:
– The “Cookie Settings” link located in the website footer
– Your browser settings (for blocking or deleting cookies)
10. Children’s Privacy
Our services are not intended for individuals under the age of 13, and we do not knowingly collect personal data from children. If we become aware that personal data of a child under 13 has been inadvertently collected, we will take steps to delete such data promptly. Parents or legal guardians who believe their child has provided data to us should contact us at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, operational, or technological developments. Changes are effective once published to stonehillwines.com. We encourage you to review this Policy periodically, and we may also provide prominent notices of material changes, such as direct notifications to account holders.
12. Contact
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
We are committed to resolving privacy concerns in a timely and transparent manner. If you reside in a jurisdiction that provides regulatory oversight, you may also have the right to file a complaint with your local data protection authority.
We operate in compliance with applicable global data protection laws and are continuously refining our practices to serve you better. For any questions or to exercise your privacy rights, please reach out to us directly at [email protected].