Privacy Policy for Stone Hill Wines
Stone Hill Wines (“we,” “us,” or “our”) operates the website accessible at stonehillwines.com (the “Website”). We are committed to safeguarding your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Commitment to Privacy and Data Protection
At Stone Hill Wines, your privacy is our priority. We uphold the highest standards in managing personal information and implement policies designed to comply with global data protection frameworks. We are dedicated to handling your data responsibly and transparently.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to information collected through stonehillwines.com, including when you browse our site, make purchases, create an account, or otherwise engage with our services. For the purposes of the GDPR, Stone Hill Wines is the data controller responsible for the processing of your personal data collected via this Website. Should you have inquiries regarding this policy or our data practices, please contact us at [email protected].
3. Categories of Personal Data We Collect and Process
We may collect and process the following categories of personal data:
a. Usage Data: Includes information about how you use our Website, such as IP address, browser type and version, operating system, referral sources, pages visited, session length, and general navigation patterns.
b. Account Data: Personal details you provide when creating or maintaining an account, including your name, email address, postal address, and phone number.
c. Profile Data: Information collected or derived from your interactions, such as purchase history, wine preferences, browsing behavior, tasting reviews, and loyalty program participation.
d. Communication Data: Records of communications sent to or received from you, including customer support requests, email correspondences, and online chat histories.
e. Technical Data: Device-specific data, such as device type, operating system, browser settings, language preferences, time zone, and system configuration details.
f. Transaction Data: Information relating to your purchases, including order details, billing and shipping addresses, delivery preferences, payment methods (processed securely via trusted third-party processors), and transaction history.
g. Preference Data: Marketing and communication preferences, expressed interests in certain wines or categories, subscription status for newsletters or promotional offers.
4. Legal Bases for Processing Personal Information
We rely on the following lawful bases to process your personal data:
– Contractual Necessity: To fulfill our contract with you, such as when you make a purchase or create an account.
– Legal Obligation: Where processing is necessary for compliance with legal obligations, such as retaining transaction records for tax or accounting purposes.
– Legitimate Interests: For purposes such as improving our Website, preventing fraud, and offering a personalized user experience, where such processing does not override your fundamental rights and freedoms.
– Consent: For processing related to marketing communications, use of non-essential cookies, and other scenarios where consent is explicitly required.
5. Your Data Protection Rights
You have the following rights regarding your personal data, subject to certain lawful limitations:
– Right to Access: You may request information regarding the data we hold about you.
– Right to Rectification: You may request corrections to inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal information, subject to our legal retention obligations.
– Right to Restriction: You may request the restriction of processing under certain conditions.
– Right to Data Portability: You may request a copy of your data in a structured, machine-readable format, or its transfer to another data controller.
– Right to Object: You may object to certain forms of processing based on legitimate interests or direct marketing.
To exercise any of the above rights, please contact us at [email protected]. We respond to all valid requests in accordance with applicable laws.
6. Security Measures
We implement robust administrative, technical, and physical security measures designed to protect your data from unauthorized access, misuse, alteration, or loss. Security protocols include data encryption (in transit and at rest), secure user authentication, controlled access rights, audit trails, and data backup procedures. Our personnel receive regular privacy and security training to manage data in accordance with our commitments.
7. International Data Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or other regions with comprehensive data protection laws, we implement approved safeguards such as Standard Contractual Clauses or rely on adequacy decisions. These safeguards are designed to protect your privacy and ensure legal compliance.
8. Data Retention Policy
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
– Account and Profile Data: Retained for as long as your account remains active and thereafter for a reasonable duration to comply with legal obligations.
– Transaction Data: Retained for seven (7) years in accordance with financial and tax reporting obligations.
– Communication Records: Retained for three (3) years following the conclusion of the interaction.
– Usage and Technical Data: Retained for up to two (2) years for analytical and security purposes.
– Marketing Data: Retained as long as your consent remains valid or until you opt out.
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience and collect analytics. We categorize these as follows:
– Essential Cookies: Required for Website functionality such as shopping cart operation and account login.
– Functional Cookies: Enable personalizations, such as remembering preferences or previously viewed items.
– Analytics Cookies: Collect aggregated data to assist us in understanding user interactions and improving the Website.
– Performance Cookies: Help ensure optimal load speed and system reliability.
10. Cookie Management and Legal Compliance
Upon visiting stonehillwines.com, you will be prompted to accept or reject non-essential cookies. You may modify your cookie preferences at any time via our Cookie Consent Manager. In compliance with GDPR and CCPA, we seek your affirmative consent for analytics and marketing cookies and provide opt-out mechanisms for interest-based advertising. Users may also manage cookies directly within their browser settings.
11. Protection of Minors
Our Website and services are not directed to individuals under the age of 13. We do not knowingly collect or process personal data from children. If you believe that a child has provided us with personal information, please contact us immediately at [email protected] so we may take appropriate steps to delete the data.
12. Updates to this Privacy Policy
We may revise this Privacy Policy to reflect changes in law, technology, or business practices. Any updates will be posted on this page and, when appropriate, you will be notified via prominent notice on the Website or direct communication. Continued use of stonehillwines.com following changes constitutes acknowledgment of the updated policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our handling of your personal data, please reach out to:
Stone Hill Wines
Email: [email protected]
We are committed to protecting your rights and promoting transparency in all aspects of data handling. If you believe your rights have been violated, you are entitled to file a complaint with your regional data protection authority.
Stone Hill Wines adheres to all applicable privacy laws and regulatory requirements. We invite you to contact us at [email protected] with any privacy-related concerns or requests.