Privacy Policy

Last Updated: January 5, 2025

This Privacy Policy describes how NapaWine AG ("the Website", "we", "us" or "our") collects, uses and discloses personal data when you visit napawine-ag.myshopify.com (the "Website"), use our services, make a purchase or otherwise communicate with us in relation to the Website (collectively referred to as the "Services"). For the purposes of this Privacy Policy, "you" and "your" refer to any user of the Services, regardless of whether you are a customer, website visitor or another person whose data we process in accordance with this policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for operational, legal or regulatory reasons. We will publish the revised Privacy Policy on the Website, update the "Last Updated" date and take any additional steps required by applicable law.

How We Collect and Use Your Personal Data

To provide the Services, we collect personal data as described below. The type and scope of the data we collect and how we use it depend on the nature of your interaction with us.

In addition to the specific purposes listed below, we may use your personal data to communicate with you, to provide or improve the Services, to comply with legal obligations, to enforce applicable terms of service and to protect or defend the Services, our rights and those of our users or third parties.

What Personal Data Do We Collect?

The personal data we collect depends on how you interact with the Website and our Services. When we refer to "personal data", we mean information that identifies, relates to, describes or could reasonably be associated with you. The following sections describe the categories and specific types of personal data we collect.

Data You Provide Directly

This includes:

Contact details such as your name, address, telephone number and email address

Order details including your name, billing and shipping address, payment confirmation, email address and telephone number

Account information including your username, password, security questions and other data used for account protection

Customer support information, including messages or information you share when contacting us via the Services

Certain features of the Services require you to provide specific personal data. You may choose not to provide this data; however, doing so may prevent you from accessing or using certain features.

Data We Collect Automatically

We may automatically collect certain information about your interaction with the Services ("Usage Data") using cookies, pixels and similar technologies. This includes:

Device and browser information

Network connection details

IP address

Interaction and usage data related to the Services

Data Received from Third Parties

We may also receive personal data from third parties, including:

Service providers, such as Shopify, that support our Website and Services

Payment processors who collect payment details (e.g. bank account, credit/debit card, billing address) to process your transactions

Advertising and analytics partners who use cookies, SDKs, pixels and other technologies to collect data on our behalf

Any data received from third parties is handled in accordance with this Privacy Policy. See also the section "Third-Party Websites and Links".

How We Use Your Personal Data

We use your personal data for the following purposes:

Provision of Services: To process payments, manage orders, ship products, handle returns and exchanges, manage your account and provide related functionalities.

Marketing and Advertising: To send you marketing and promotional messages via email, SMS or postal mail and to show you relevant advertisements on our Website or third-party platforms. For users in the EEA, the legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Security and Fraud Prevention: To detect, investigate and prevent fraudulent, illegal or harmful activities. If you register an account, you are responsible for the confidentiality of your access credentials.

Customer Support and Service Improvement: To respond to your enquiries, provide support and continuously improve our Services. This is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Cookies

Like many websites, we use cookies to operate and improve our Website. Specific information about the cookies used in connection with Shopify is available at: https://www.shopify.com/legal/cookies. Cookies help us store user preferences, conduct analysis and better understand how the Services are used.

Most browsers accept cookies by default. You can change your browser settings to block or delete cookies. Please note that disabling cookies may affect the availability and functionality of some parts of the Services. Additionally, blocking cookies may not fully prevent data sharing with third parties, such as advertising partners.

How We Share Personal Data

Under certain circumstances, we may share your personal data as outlined below:

With service providers and third parties that support us (e.g. IT infrastructure, payment processors, analytics, shipping partners, customer service, cloud services)

With business and marketing partners for the purpose of providing the Services and advertising, in accordance with their own privacy policies

With your consent or upon your instruction (e.g. when requesting delivery of products or using social login options)

Within our corporate group or with affiliates, based on our legitimate interest in conducting and managing our business

In connection with corporate transactions (e.g. mergers, acquisitions or insolvency proceedings), to comply with legal obligations, enforce our terms or protect our rights and those of others

Categories of Personal Data Disclosed:

Identifiers such as contact data and order/account details

Commercial data such as order and purchase information, and customer support records

Internet and network activity such as usage data

Geolocation data, for example via IP address or technical means

Recipients:

Service providers (e.g. ISPs, payment processors, logistics, customer service, analytics providers)

Business and marketing partners

Affiliates

We do not use or disclose this data for profiling or inference purposes without your consent.

Third-Party Websites and Links

Our Website may contain links to external websites or platforms operated by third parties. These are governed by their own privacy and security policies. We are not responsible for the content, privacy practices or security of such third-party sites. Data you disclose on public or semi-public channels, including third-party social media platforms, may be visible to others without limitation. Including such links does not constitute an endorsement unless expressly stated.

Children’s Data

Our Services are not directed at children and we do not knowingly collect personal data from individuals under the age of 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to request deletion.

At the time this Privacy Policy was last updated, we are not aware of having sold or shared personal data of individuals under 16, as defined by applicable law.

Data Security and Retention

We implement appropriate technical and organisational measures to protect your personal data. However, no security system is completely secure, and data transmissions over the internet may not be fully protected. We recommend avoiding the use of unsecure channels when sending sensitive information.

We retain your personal data as long as necessary for the purposes for which it was collected, including the management of your account, the provision of Services, compliance with legal obligations, resolution of disputes and enforcement of our agreements.

Your Rights

Depending on your place of residence, you may have some or all of the following rights. Please note that these rights may only apply in certain situations and may be subject to legal exceptions:

Right of access: To request access to the personal data we hold about you

Right to erasure: To request deletion of your personal data

Right to rectification: To request correction of inaccurate personal data

Right to data portability: To request a copy or transfer of your personal data

Right to restriction of processing: To request limitation of data processing

Right to withdraw consent: To revoke previously granted consent

Right to object: To object to certain types of data processing

Right to appeal: To appeal a decision we made in response to your rights request

Communication Preferences We may send you marketing communications, which you can opt out of at any time via the unsubscribe link included in our emails. You may still receive service-related messages, such as order confirmations or account updates.

How to Exercise Your Rights You can exercise your rights as indicated on our Website or by contacting us using the details provided below. We may ask you to provide information (e.g. your email address or account details) to verify your identity before we respond.

You may also appoint an authorised representative to make a request on your behalf. Before accepting such a request, we will require proof of authorisation and may need to verify your identity directly. We will respond in a timely manner as required by applicable law.

Complaints

If you have any concerns about the way we process your personal data, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, you may have the right to appeal our decision, depending on your place of residence. You can do so by contacting us again via the contact information below or by submitting a complaint to your local data protection authority.

For residents of the European Economic Area (EEA), a list of relevant supervisory authorities can be found here [https://www.edpb.europa.eu/about-edpb/about-edpb/members_en].

International Users

Please note that we may transfer, store, and process your personal data outside the country in which you reside. Your personal data may also be processed by employees, external service providers, and partners in those countries.

When we transfer your personal data to countries outside of Europe, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent agreements approved by the relevant UK authority, unless the data is being transferred to a country deemed to provide an adequate level of data protection.

Contact

If you have any questions about our privacy practices or this privacy policy, or if you wish to exercise any of your data protection rights, please contact us by phone or email at info@napawine.ch, or write to us at:

Brandschenkestrasse 130, 8002 Zurich, Switzerland

Unless otherwise stated, we are the data controller responsible for your personal data under applicable data protection laws.