Personal data policy
1.1 The “Personal data policy” describes how WineLife ApS collects and processes information about you.
1.2 The personal data policy applies to personal data that you submit to us or that is collected via our website www.winelife.dk
1.3 WineLife is the data controller for your personal data. All inquiries to WineLife can be made via the contact information listed under section 7.
2. WHICH PERSONAL INFORMATION DO WE COLLECT, FOR WHICH PURPOSES AND THE LEGAL BASIS FOR PROCESSING
2.1 When you visit www.winelife.dk, we automatically collect information about you and your use of the website, e.g. what type of browser you use, what search terms you use on the website, your IP address, including your network location, and information about your PC.
2.1.1 The purpose is to optimize the user experience and the function of the Website, as well as carry out targeted marketing, including retargeting via Instagram, Facebook and Google. This processing of information is necessary so that we can protect our interests in improving the website and showing you relevant offers.
2.1.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.
2.2 When you buy a product or communicate with us on the website, we collect the information you provide yourself, e.g. name, address, e-mail address, telephone number, payment method, information about which products you buy and possibly have returned, delivery requests, and information about the IP address from which the order was made.
2.2.1 The purpose is that we can deliver the products you have ordered and otherwise fulfill our agreement with you, including to be able to manage your rights to return and advertise. We can also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting. When making a purchase, the IP address is collected for the purpose and to safeguard our interest in being able to prevent fraud.
2.2.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letters b, c and f.
2.3 When you sign up for our newsletter, we collect information about your name, e-mail address.
2.3.1 The purpose is to safeguard our interest in being able to deliver newsletters to you.
2.3.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.
3. RECIPIENTS OF PERSONAL INFORMATION
3.1 Information about your name, address, e-mail, telephone number as well as order number and specific delivery requests is passed on to Danske Fragtmænd, who is in charge of delivering the purchased goods to you. Information can be left to external partners who process the information on our behalf. We use external partners for, among other things, technical operation and improvements of the Website, sending out newsletters and targeted marketing, including retargeting, as well as for your assessment of our company and products. Among other things, information about your name and your e-mail is passed on to TrustPilot so that an invitation to rate us on TrustPilot’s website can be sent on our behalf. If you choose to make a report, TrustPilot becomes the data controller for the information provided. These companies are data processors and under our instructions and process data for which we are the data controller. The data processors must not use the information for any purpose other than fulfilling the agreement with us, and are subject to confidentiality regarding this. We have entered into written data processing agreements with all data processors who process personal data on our behalf.
3.2 Two of these data processors, Google Analytics v/Google LLC. And Facebook Inc. is established in the United States. The necessary guarantees for the transfer of information to the USA are ensured through the data processor’s certification under the EU-U.S. Privacy Shield, cf. EU Personal Data Regulation art. 45.
3.2.1 copy of Google LLC’s certification can be found here »
3.2.2 copy of Facebook Inc.’s certification can be found here »
4. YOUR RIGHTS
4.1 In order to create transparency around the processing of your information, we, as data controller, must inform you of your rights.
4.2 The right of inspection
4.2.1 You are entitled at any time to request information from us about, among other things, which information we have registered about you, what purpose the registration serves, which categories of personal data and recipients of information may be may be, as well as information about where the information originates.
4.2.2 You have the right to receive a copy of the personal data that we process about you. If you want a copy of your personal data, you must send a written request to firstname.lastname@example.org. You may be asked to document that you are who you say you are.
4.3 The right to rectification
4.3.1 You have the right to have incorrect personal data about yourself corrected by us. If you become aware that there are errors in the information we have registered about you, you are encouraged to contact us in writing so that the information can be corrected.
4.4 The right to deletion
4.4.1 In certain cases, you have the right to have all or some of your personal data deleted by us, e.g. if you revoke your consent and we have no other legal basis for continuing the processing. To the extent that continued processing of your information is necessary, e.g. for us to comply with our legal obligations, or for legal claims to be established, asserted or defended, we are not obliged to delete your personal data.
4.5 The right to limit processing to storage
4.5.1 In certain cases, you have the right to have the processing of your personal data restricted to storage only, for example if you believe that the information we process about you is incorrect.
4.6 The right to data portability
4.6.1 In certain cases, you have the right to have personal data that you yourself have given us delivered in a structured, commonly used and machine-readable format and you have the right to transfer this data to another data controller.
4.7 The right to object
4.7.1 You have the right at any time to object to our processing of your personal data for the purpose of direct marketing, including the profiling carried out in order to target our direct marketing.
4.7.2 You have the right at any time, for reasons relating to your personal situation, to object to the processing of your personal data that we carry out on the basis of our legitimate interests, cf. pt. 2.1 and 2.3.
4.8 The right to withdraw consent
4.8.1 You have the right at any time to revoke a consent you have given us for a given processing of personal data. If you wish to revoke your consent, please contact us at email@example.com
4.9 The right to complain
4.9.1 You have the right at any time to lodge a complaint with the Data Protection Authority, Borgergade 28, 5, 1300 København K about our processing of your personal data. Complaints can be lodged, among other things, by email firstname.lastname@example.org or phone +45 33 19 32 00.
5. DELETION OF PERSONAL DATA
5.1 Information collected about your use of the Website cf. pt. 2.1. deleted at the latest when you have not used the Website for 1 year.
5.2 Information collected in connection with your registration for our newsletter is deleted when your consent to the newsletter is withdrawn, unless we have another basis for processing the information.
5.3 Information collected in connection with purchases you have made on the Website cf. pt. 2.2 will basically be deleted 3 years after the end of the calendar year in which you made your purchase. However, information can be stored for a longer period of time if we have a legitimate need for longer storage, e.g. if it is necessary for legal claims to be established, asserted or defended, or if storage is necessary for us to fulfill legal requirements. Accounting material is stored for 5 years until the end of a financial year in order to meet the requirements of the Accounting Act.
6.1 We have implemented appropriate technical and organizational security measures against personal data being accidentally or illegally destroyed, lost, changed or degraded, as well as against it coming to the knowledge of unauthorized persons or being misused.
6.2 Only employees who have a real need to access your personal data in order to perform their work have access to it.
7. CONTACT INFORMATION
7.1 WineLife ApS is the data controller for the personal data collected via the Website.
7.2 If you have questions or comments about this Personal Data Policy or wish to make use of one or more of your rights described in section 4, you can contact:
WineLife ApS CVR no.: 42608122
Nybo Bakke 3
7500 Holstebro Email: email@example.com
8. CHANGES IN THE PERSONAL DATA POLICY
8.1 If we make changes to the Personal Data Policy, you will be informed about this on your next visit to the website.
9.1 This is version 2 of WineLife’s personal data policy dated 14/3-2023.