Privacy Policy of Vino&more Online Store

1. Data Controller

The controller of your personal data is Vino&more sp. z o.o., registered office: ul. Pasłęcka 16c/15, 03-137 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register under number KRS 0001113205, Tax Identification Number NIP 5243010521. You can contact us at: info@vinoandmore.pl .

2. Purposes and Legal Basis of Data Processing

We process your personal data for the following purposes:

  • fulfilling and processing orders and sales contracts (Art. 6(1)(b) GDPR),
  • maintaining customer accounts in our store (Art. 6(1)(b) GDPR),
  • issuing invoices and meeting tax obligations (Art. 6(1)(c) GDPR),
  • handling inquiries via the contact form (Art. 6(1)(f) GDPR – legitimate interest),
  • sending newsletters and marketing communications, only with your explicit consent (Art. 6(1)(a) GDPR),
  • conducting analytics, statistics and improving our services (Art. 6(1)(f) GDPR),
  • ensuring the security of our website and preventing abuse (Art. 6(1)(f) GDPR).

3. Scope of Data Collected

We process personal data provided by users, including:

  • for purchases: name, surname, address, email, phone number, VAT ID (for business clients), shipping details,
  • for account registration: name, surname, address, email, phone number, login details,
  • via contact form: name, surname, email,
  • for newsletter subscription: email,
  • technical data and cookies: IP address, browser and system information, cookies identifiers.

Additionally, for security purposes we log:

  • IP addresses of visitors, user IDs of logged-in users, usernames during login attempts,
  • logs of login attempts, logouts, suspicious URL requests, site content changes and password updates.

Such data is stored for 180 days in order to protect against cyberattacks and misuse.

4. Cookies

Our website uses cookies to ensure proper functioning of the site, facilitate login, personalize content and analyze statistics.

Cookies are used in particular to:

  • store information about user sessions, language preferences and screen display settings,
  • manage shopping cart and order processing,
  • remember login details (“Remember Me”),
  • run analytics and marketing tools (Google Analytics, Google Ads, Facebook Pixel).

Cookies may also be used by our technology partners such as Google, Meta (Facebook) and Brevo.

You can manage or delete cookies in your browser settings at any time.

5. Data Recipients

Personal data may be transferred to the following categories of recipients:

  • external accounting office cooperating with the Controller (for accounting purposes).
  • courier companies providing delivery services – InPost,
  • payment operators – PayPal and Przelewy24,
  • IT and hosting service providers,
  • analytics and marketing tool providers: Google Analytics, Google Ads, Google ReCaptcha, Facebook Pixel, Google and Facebook social login,
  • mailing system provider Brevo,

6. Data Transfers Outside the EEA

In connection with the use of services such as Google or Meta (Facebook), your personal data may be transferred to countries outside the European Economic Area, particularly the United States. The transfer is based on the Standard Contractual Clauses approved by the European Commission.

7. Data Retention Period

  • data related to orders and accounting documentation – 10 years,
  • customer account data – until the account is deleted,
  • marketing data (newsletter) – until consent is withdrawn,
  • security logs – 180 days,
  • contact form data – for as long as necessary to handle the inquiry.

8. Your Rights

Under GDPR, you have the following rights:

  • right of access to your data and to obtain a copy,
  • right to rectify your data,
  • right to erase your data (“right to be forgotten”),
  • right to restrict data processing,
  • right to data portability,
  • right to object to data processing for marketing purposes,
  • right to withdraw consent at any time (if processing is based on consent),
  • right to lodge a complaint with the President of the Polish Data Protection Office (UODO).

To exercise your rights, contact us at: info@vinoandmore.pl .

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, in particular:

  • monitoring login attempts and cyberattack prevention through security logs.
  • SSL encryption of the connection,
  • encryption of user passwords,
  • restricted access to data to authorized persons only,
  • monitoring login attempts and cyberattack prevention through security logs.

10. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in the law or in the operation of our store. The current version of the document is always available on our website: www.vinoandmore.pl .