Privacy Policy

This Privacy Policy describes how gonaturewines.com collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
  • Disclosure for a business purpose: shared with our processor Shopify and any vendor or partner that will use the information for logistics, marketing or sales activities.

Order information

  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, Paypal, Google pay, Apple Pay), email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: shared with our processor Shopify, our and any vendor or partner that will use the information for logistics, marketing or sales activities.

Use of PayPal

All PayPal transaction are covered by the PayPal Data Privacy Statement. You can find this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en (https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en)

Use of Amazon Payments

We use Amazon Payments payment service on our website, from Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; "Amazon Payments"). The processing of data enables you to pay using the Amazon Payments payment service.

To integrate this payment service it is essential that Amazon Payments collects, stores, and analyses data when accessing the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognised.

This data processing, particularly the placing of cookies, is carried out on the basis of Article 6(1)(f) GDPR due to our overriding legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Article 6(1)(f) GDPR.

By selecting and using "Amazon Payments", the data required for payment processing will be submitted to Amazon Payments to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.

Further information on data processing when using the Amazon Payments payment service can be found in the associated data privacy policy at: https://pay.amazon.com/de/help/201212490 (https://pay.amazon.com/de/help/201212490)

Customer support information

  • Examples of Personal Information collected: sited in the information listed above.
  • Purpose of collection: to provide customer support.
  • Source of collection: collected from you.

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Sharing Personal Information We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

  • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Use of your email address for mailing of newsletters

We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.

Your data will be forwarded to a service provider for email marketing in the course of order processing. It will not be forwarded to other third parties.

The Site uses Klaviyo, which is a service for our email marketing. The provider of this service is the American company Klaviyo, 125 Summer St, Boston, MA 02110, USA.

Klaviyo also processes data in the USA, among other countries. We would like to note, that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the legality and security of data processing.

Klaviyo uses standard contractual clauses approved by the EU Commission as basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway and especially in the USA) or data transfer there (= Art. 46, paragraphs 2 and 3 of the GDPR). These clauses oblige Klaviyo to comply with the EU‘s level of data protection when processing relevant data outside the EU. These clauses are based on an implementing order by the EU Commission. You can find the order and the clauses here:

https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

In Klaviyo’s privacy policy at https://www.klaviyo.com/privacy/policy, you can find out more about the data that are being processed by using Klaviyo.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

  • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • Use of the Google Tag Manager The Site uses the Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html (https:// www.google.com/intl/de/tagmanager/use-policy.html)
  • We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
  • Use of Facebook Pixel.  Our website uses the remarketing function "Custom Audiences" by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook"). This application serves to address the visitor to the website with interest-related advertising on the social network Facebook. We have implemented Facebook's remarketing tag on our website for this purpose. This tag sets up a direct connection to Facebook's servers when you visit our website. This informs the Facebook server which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the social network Facebook you will then be shown personalised, interest-related Facebook ads. Your data may be transmitted to the USA. In accordance with the US-EU Data Protection Agreement, Facebook has become subject to the "Privacy Shield" and is therefore obliged to observe European data protection laws. The data processing, particularly the placing of cookies, is carried out with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more detailed information on Facebook's collection and use of data and your associated rights and options for protecting your privacy in Facebook's privacy policy: https://www.facebook.com/about/privacy/ (https://www.facebook.com/about/privacy/). You can opt out of targeted advertising by clicking here : FACEBOOK - https://www.facebook.com/settings/?tab=ads
  • Using Instagram plug-ins This Site uses plug-ins of the Instagram online service, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). When you access pages of our Web site that contain such plug-in, a connection to the Instagram servers is established and the plug-in is displayed on the page by notifying your browser. The Instagram servers receive your IP address and information about which of our pages you have visited. If you are logged in to Instagram, Instagram associates this information with your personal account. When using the plug-in functions (e.g. clicking the "Instagram" button), this information is also associated with your Instagram account, which you can only prevent by logging out before using the plug-in. If you do not want Instagram to associate the collected information directly with your Instagram account, you must either log out of Instagram before visiting our website or use an add-on, such as the script blocker "NoScript" (noscript.net), to block your browser from loading the Instagram plug-in on our website. For more information about Instagram's collection and use of data, your rights and ways to protect your privacy, please refer to Instagram's Privacy Policy: https://help.instagram.com/155833707900388 (https://help.instagram.com /155833707900388)
  • Use of Google Ads conversion tracking Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers. The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users. Your data may be transmitted to the USA. In accordance with the US-EU Data Protection Agreement, Google has become subject to the "Privacy Shield" and is therefore obliged to observe European data protection laws. The data processing, particularly the placing of cookies, is carried out with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You will find more information as well as Google's data privacy policy at: https://www.google.com/policies/privacy/ (https://www.google.com/policies/privacy/) You can opt out of targeted advertising

by: https://www.google.com/settings/ads/anonymous

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

 

Cookies Necessary for the Functioning of the Store

Name  Function
_ab Used in connection with access to admin.
_secure_session_id Used in connection with navigation through a storefront.
cart Used in connection with shopping cart.
cart_sig Used in connection with checkout.
cart_ts Used in connection with checkout.
checkout_token Used in connection with checkout.
secret Used in connection with checkout.
secure_customer_sig Used in connection with customer login.
storefront_digest Used in connection with customer login.
_shopify_u Used to facilitate updating customer account information.

Reporting and Analytics

Name  Function
_tracking_consent Tracking preferences.
_landing_page Track landing pages
_orig_referrer Track landing pages
_s Shopify analytics.
_shopify_s Shopify analytics.
_shopify_sa_p Shopify analytics relating to marketing & referrals.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_y Shopify analytics.
_y Shopify analytics.

 

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@gonaturewines.com or by mail using the details provided below:

Ungargasse 37, 1030 Vienna, Austria

Last updated: [15 March 2022]

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: The current address of the Austrian Data protection Authority is:

Österreichische Datenschutzbehörde

Barichgasse 40-42,

1030 Vienna, Austria