Wählen Sie bitte Land und Sprache aus.

Privacy Policy

Status: 03/2022

We are processing individual related data (as follows “data”) of users as far as this is required to provide a full functional and comfortable website which includes our content and services.

"Processing" is meant to be the rising, use, transmission and/or filling. “Individual related data” is meant to be basically all data as per DSGVO (GDPR General Data Protection Regulation), which identifies an individual person. The exact definition of the abstract concept is stipulated in Art. 4 DSGVO (GDPR General Data Protection Regulation).

The following statement will inform you about the kind, the scope, the purpose, the term and the legislative basis of the processing of individual related data and the purpose and appliance of processing we determine alone or with third parties as well as components for optimization and quality utilization of third parties when applicable who process data in their own responsibility:

_________________________________________

I. Information about responsible party
II. Privilege of Users
III. Information about data processing
_________________________________________

I. Information about responsible party

The responsible party (as follows "provider") as per DSGVO (GDPR General Data Protection Regulation) and additional data privacy acts/policies of EU-member states as well as miscellaneous provisions is:

Vinexus Deutschland GmbH
Otto-Hahn-Str. 21
35510 Butzbach
Germany

Phone: +49 (0)6033 9769 120
Fax:  +49 (0)6033 9769 169
E-Mail: info@vinexus.de

The external data security officer is:

Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen

Phone: +49 (0)711 93277955
Fax: +49 (0)711 93277956
E-Mail: dsb@datcq.de

II. Privilege of Users

With regard to the following reflected processing described by the provider the user will have the privilege,

1. to request a confirmation, if the respective data about him/her in question will be processed and accurate details about the information as well as other information and copies of the data referring to Art. 15. DSGVO (GDPR General Data Protection Regulation);

2.  to request the immediate adjustment of data for any incorrect data referring to him/her or request completing any incomplete data as per Art. 16 DSGVO (GDPR General Data Protection Regulation);   

3. to request that data referring to him/her will be immediately deleted as per Art. 17 DSGVO (GDPR General Data Protection Regulation), alternatively when another processing of the relevant individual related data as per Art. 17 para 3 lit. DSGVO (GDPR General Data Protection Regulation) is required, to request limitation of the processing as per  Art. 18 DSGVO (GDPR General Data Protection Regulation);

4.  that he/she obtains individual related data provided by the user as per stipulation of Art. 20 DSGVO (GDPR General Data Protection Regulation) and request the forwarding of the same to any other party in charge;

5.  to submit a complaint to the supervisory body as per Art. 77 DSGVO (GDPR General Data Protection Regulation), if the user believes that the processing of his/her individual related data by the provider is in breach of DSGVO (GDPR General Data Protection Regulation) rules.
_________________________

6. As a matter of principle, the user is entitled to object to the processing of his personal data, which is processed by a person responsible on the base of Art. 6 para. 1 lit. f DSGVO (GDPR General Data Protection Regulation)at any time in accordance with Art. 21 DSGVO (GDPR General Data Protection Regulation). This objection may in particular be made against data processing for the purpose of direct marketing.
_________________________

7. In addition, the provider is obliged to notify all recipients to whom it has disclosed the data, about any correction or erasure of the personal data or a restriction of data processing carried out pursuant to Article 16 DSGVO (GDPR General Data Protection Regulation), Article 17 para. 1 DSGVO and Article 18 DSGVO (GDPR General Data Protection Regulation).
This obligation is not in effect in the event that this communication proves to be impossible or involves a disproportionate effort. The customer is entitled to receive information regarding these recipients.

III. Information on data processing

Insofar as no detailed information is given below regarding the individual data processing, the user's data processed by the provider will be deleted or blocked as soon as the purpose of the storage ceases to exist and the deletion does not conflict with any statutory storage obligation.

Server data

For technical reasons concerning communication and security, during a visit on the website the following data amongst others is collected, which the internet browser of the user transmits to the provider or to his web space provider, respectively (so-called server log files):

  • Browser type and browser version;
  • operating system in use; 
  • Web site, from where the user came to the provider's web site (Referrer URL); 
  • Web site the user is; 
  • Date and time of web site access; 
  • Internet protocol (IP) address of the user. 


The data will also be temporarily stored. A storage of this data together with other personal data of the user does not take place. The legal basis for the temporary storage is Art. 6 para. 1 lit. f DSGVO (GDPR General Data Protection Regulation) based on the legitimate interest in improving the stability, functionality and security of the website.

After seven days at the latest the data will be deleted. Data where further retention thereof is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.

Cookies

1. Cookies

The responsible party uses so-called cookies on its website. Cookies are small text files or other storage technologies that the internet browser used by the user stores and saves on the user's device. These cookies individually process certain user information, such as browser and location data and IP address values.  

Its use allows the responsible party to make its website more user-friendly, effective and secure.

The "persistent" cookies allow the website to recognise the user via his browser when he visits the website again in the near future so that the user's settings relating to the cookies are not displayed or queried again.

The processing serves the legitimate interest of the controller in improving the functionality of the website as well as the fulfilment of legal requirements and is based on the legal basis of Section 6 (1) lit. f GDPR.

"Session" cookies are deleted as soon as the user closes their browser. "Persistent" cookies are automatically deleted after a deadline set by the provider. This deadline may vary vary for different cookies but does not exceed the period one year.   

2. Third party cookies

If necessary, the web site of the provider also uses third party cookies. These third party suppliers are partner companies with whom the provider cooperates for the purposes of advertising, analysis or website functionalities. Should this be the case, the purposes and legal bases of the corresponding processing are given in the following statements.  

3. Removal option

The user can prevent or restrict the installation of cookies by setting the browser accordingly. Already saved cookies can also be deleted at any time. The relevant browser settings may vary for different browser types. For Flash cookies, the processing cannot be disabled by browser settings but by the appropriate setting of the Flash player. Should the user prevent or restrict the installation of cookies, this may result in the fact that not all functions of the web site can be used to the full extent.


Cookie Manager

To obtain consent for the use of technically unnecessary cookies on the website, the provider uses the cookie manager of shopware AG, Ebbinghoff 10, 48624 Schöppingen.

When the website is called up, a cookie with the setting information is stored on the user's end device so that the query relating to consent does not have to be made when the website is visited again. This cookie has a lifetime of 12 months. 

The cookie is required to obtain the user's legally compliant consent. 

The user can prevent or stop the installation of cookies by changing the settings of his browser. More on this above under the point "Cookies".

Contract management

a) Processing

The personal data provided by the user for the purpose of a purchase of goods or services are processed by the provider for the purpose of contract execution. The details of the data are required for the conclusion of the contract; without providing the data, it is not possible to conclude the contract. The legal basis for processing is Art. 6 para. 1 lit. b DSGVO (GDPR General Data Protection Regulation). After completion of the contract, the data of the user are deleted in consideration of tax and commercial retention periods.

b) Disclosure to third parties

In the context of contract management, the personal data of the user is passed on to the transport company commissioned with shipping or to the financial service provider, as far as this is necessary for the delivery or payment of the goods. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO (GDPR General Data Protection Regulation).

c) Delivery/ returns status

In order to inform the user by e-mail about the delivery status of the shipment after the conclusion of a purchase contract or in case of returned items, the provider collaborates with the service provider PAQATO GmbH, Münster (Germany). PAQATO GmbH acts on behalf of the provider and receives from the provider necessary data of the user for this purpose (name, delivery address and e-mail address). PAQATO GmbH is contractually obligated to use the data of the user for this purpose only.

The legal basis for this processing is Art. 6 (1) para. 1 lit. f DSGVO (GDPR General Data Protection Regulation). The legitimate interest of the provider is the avoidance of incorrect deliveries, transparent customer information regarding the shipping or a returned item as well as the customer-friendly optimization of the delivery time and place.

Establishing contact

If the user uses the contact form or e-mail in order to contact the provider, the user's personal data entered on this occasion will be used to process the request. The user's information is required to answer the request, without providing the data a response is not or only partially possible.

If the contact request serves to fulfill a contract or to initiate a contract, the legal basis is Art. 6 para. 1 lit. b DSGVO (GDPR General Data Protection Regulation) (GDPR General Data Protection Regulation).

The data of the user will be deleted, provided that the user's request has been finally answered and there are no conflicting legal storage obligations like e.g. in a subsequent contract.  

Legal basis may also be a consent of the user in accordance with Art. 6 para. 1 lit. a DSGVO (GDPR General Data Protection Regulation). If need be in the context of the contact form, the user's consent to the impending processing may be obtained and reference may be made to this privacy policy.

Any consent granted regarding the customer account may be revoked by the user at any time pursuant to Art. 7 para. 3 DSGVO (GDPR General Data Protection Regulation) by notifying the provider. The related data is deleted as soon as its processing is no longer required.

Customer account

Should the user register for a customer account with the provider, the data entered in the course of this registration (e.g. name, address, e-mail address) will be collected and saved exclusively for the fulfillment of a contract or the implementation of pre-contractual measures as well as for the general administration of customer relations ( e.g. retrieval of previous orders, loyalty program "happy grapes" or memo/ wishlist function). The registration will also save the IP address and date and time of registration. A passing on to third parties does not take place.

If the user has given his consent, legal basis is Art. 6 para. 1 lit. a DSGVO (GDPR General Data Protection Regulation). As part of the registration process, the user's consent to the impending processing is obtained and reference is made to this privacy policy. The data collected in this way are used exclusively for the aforementioned purpose. A passing on to third parties does not take place.

If the registration of the customer account serves the fulfillment of a contract or the implementation of pre-contractual measures, then the additional legal basis is Art. 6 para. 1 lit. b DSGVO (GDPR General Data Protection Regulation).

Any consent given regarding the customer account may be revoked by the user at any time pursuant to Art. 7 para. 3 DSGVO (GDPR General Data Protection Regulation) by notifying the provider. The data processed in this context is deleted as soon as its processing is no longer required. If the data is required to fulfill a contract or to carry out pre-contractual measures, the data of the user will be deleted upon expiry of the tax and commercial retention periods.

Direct advertising

The provider reserves the right to use the data collected on the occasion of an order, if necessary, for direct advertising by e-mail or post in accordance with Section 7 (3) of the German Unfair Competition Act (UWG), if the user does not object to this use. The direct advertising exclusively comprises offers of similar products or services to those already purchased by the user from the provider. The legal basis in this case is Section 6 (1) lit. f GDPR. The legitimate interest of the provider is the economic interest of sales and improvement of its services.

For the creation, printing, addressing and sending of product recommendations by post, we use the service of B&K Lettershop Kröger GmbH & Co. KG, Oldenfelder Bogen 4, 22143 Hamburg, Germany. 

Checking the creditworthiness / scoring

If the user is offered payment by invoice by the provider in the case of goods or service offer, the provider reserves the right to forward the contractual data (in particular, first and last name, street, house number, zip code, city) to an information data file office for the purpose of a credit assessment on basis of mathematical-statistical procedures (for example Bürgel, Schufa, Creditreform, infoscore etc.). The resulting information about the statistical probability of a default is used by  the provider to decide whether the invoice payment is offered for the execution of the contract.
The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognized mathematical-statistical methods.
The legal basis for this processing is the legitimate interest of the provider in the safeguarding against failure of the receivables acc. Art. 6 para. 1 lit. f DSGVO (GDPR General Data Protection Regulation).

Visit analysis and newsletter via Emarsys

a) Registration

If the user signs up for the provider's free newsletter, the data requested in the input mask (e-mail address and, optionally, name and address) will be processed by a service provider - see Shipping below. In addition, the IP address and the date and time of login are stored. As part of the registration process, the consent of the user will be obtained and the contents concretely rewritten. At the same time reference is made to this privacy policy.

b) Sending

The provider uses "Emarsys" to send newsletters. Emarsys" is a service provided by the company Emarsys eMarketing Systems AG, Munich. 

Further information on data protection at Emarsys:

https://www.emarsys.com/de/datenschutzrichtlinie/.

c) Visitor and newsletter analysis 

The newsletters sent by the provider via "Emarsys" contain technologies that enable the provider to recognise in the analyses whether and when an email was opened and which links in the newsletter were followed by the user.

Emarsys also uses cookies. These cookies are used to recognise the user so that movements on the provider's website can be identified and the success of certain marketing measures can be recorded.  

The newsletters sent by the provider via "Emarsys" also contain technologies that enable the provider to recognise in the analyses whether and when an email was opened and which links in the newsletter were followed by the user.

This analysis data is stored by the provider in addition to the technical data (system data and IP address), so that the newsletter can be optimally aligned to the wishes and interests of the user. Accordingly, the data collected is used to constantly improve the quality of the newsletter.

d) Legal basis

The legal basis for sending the newsletter and the analysis is Art. 6 para. 1 lit. DSGVO (GDPR General Data Protection Regulation).

e) Revocation

Pursuant to Art. 7 (3) GDPR, the user may revoke the consent with regard to the processing of data on the occasion of the newsletter registration at any time by notifying the provider or by using the unsubscribe link contained in the newsletter for the future.

In accordance with Art. 7 (3) GDPR, the user can revoke consent with regard to the analysis cookies for the future at any time through the settings in the cookie management.

Google Tag Manager

The provider uses the Google Tag Manager to integrate various functions on the website. The Google Tag Manager is a product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google".

The sole function of the Google Tag Manager is to add certain content to the Provider's website and to enable the Provider to manage these functions on an interface provided by Google.

When the website is called up, the functions are therefore loaded from a Google server, which may also be located in the USA. The server must process the IP address of the user in order to transmit the functions. 

The corresponding functions are listed exhaustively in the provider's privacy policy. Any consent not given by the user for these functions will also be respected when using the Google Tag Manager. 

_________________________________________

However, the US does not currently have an adequate level of data protection according to data protection regulators. However, there are so-called standard contractual clauses between the provider and Google:

https://privacy.google.com/businesses/compliance/#!#gdpr 

However, these are private law agreements and therefore have no impact on the access possibilities of the authorities in the USA.

_________________________________________

The legal basis for this is Section 6 (1) lit. f GDPR. The provider's legitimate interest is in the optimisation and economic operation of the website.

Google Ads with Conversion Tracking

The provider also uses the Google advertising component "Google Ads" and in this context the so-called conversion tracking. Google Conversion Tracking is a product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google".

If the user clicks on an ad served by Google, a cookie will be saved on the user's device due to the inclusion of conversion tracking. These so-called "conversion cookies" lose their validity after 30 days and are not used for the personal identification of the user.

If the user visits certain pages of the provider's website and the cookie has not yet expired, both Google and the provider can recognize that the user has clicked on one of the ads placed by Google with the provider and has been redirected to the provider's website.

The information obtained with the help of the "conversion cookies" is used by Google to create visit statistics for the provider. Furthermore, it cannot be ruled out that Google processes this data on a server in the USA. 

_________________________________________

However, the US does not currently have an adequate level of data protection according to data protection regulators. However, there are so-called standard contractual clauses between the provider and Google:

https://privacy.google.com/businesses/compliance/#!#gdpr 

However, these are private law agreements and therefore have no direct impact on the access possibilities of the authorities in the USA. 

_________________________________________

This provides the provider with information about the total number of users who have clicked on his advertisement and also which pages of his website were subsequently accessed by the respective user. However, the provider or other advertisers via "Google Ads" do not receive any information with which users can be personally identified.

The use of conversion tracking serves the provider for the targeted advertising of its services. The basis for this is the consent of the user. The user can revoke this consent for the future at any time by making settings in the cookie management.

Further information, in particular on the possibilities of preventing the use of data, Google offers the following links:

https://services.google.com/sitestats/de.html 

https://www.google.com/policies/technologies/ads/  

https://www.google.de/policies/privacy/

Google-Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google".

Google Analytics is used by the provider to analyse the use of the website. The legal basis for this is Section 6 (1) lit. a GDPR. The user can revoke the consent to this for the future at any time by setting the cookies on the website in accordance with Art. 7 (3) GDPR.

Information such as time, location, and frequency of the user's website visit, including its IP address, is transmitted to and stored by Google on a Google server in the United States.

_________________________________________

However, the US does not currently have an adequate level of data protection according to data protection regulators. However, there are so-called standard contractual clauses between the provider and Google:

https://privacy.google.com/businesses/compliance/#!#gdpr 

However, these are private law agreements and therefore have no direct impact on the access possibilities of the authorities in the USA.

_________________________________________

The provider uses Google Analytics with an anonymization function. In this case, Google will already shorten its IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use the data collected to evaluate the visit of the website by the user and to compile reports on the website activity for the provider. Furthermore, the data will be used to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.

Google will, according to their own information, under no circumstances link the IP address of the user with other data from Google and bring this in context. Further information, in particular on the possibilities of preventing the use of data, offers Google at the following link:

https://www.google.com/intl/en/policies/privacy/partners

Google also offers a deactivation add-on for the most popular browsers, which gives the user more control over what data Google collects about the user-accessed site. The add-on informs the JavaScript (ga.js) of Google Analytics that no website visit information should be transmitted to Google Analytics. However, the Google Analytics Disable Browser Add-On does not prevent information from being transmitted to the provider or to other web analytics services that may be used by the provider and listed in this privacy policy. Further information on installing the browser add-on is available at the following link:

Browser-Add-On to deactivate Google Analytics

Microsoft Bing Ads

This website uses “Bing Ads“ for remarketing and purchase close tracking purposes. “Bing Ads” is a Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA - hereafter referred to as Microsoft - product and is using the so-called universal event tracking (UEN).

If the user clicks on an ad displayed by the provider at the search engine Bing, a cookie is saved on the user's device due to the integration of the tracking technology from Microsoft. These so-called tracking cookies lose their validity after 180 days and do not serve the personal identification of the user.

If the user visits certain pages of the provider's website and the cookie has not yet expired, both Microsoft and the provider may recognize that the user clicked on one of the advertisers' Bing ads and was redirected to the provider's website.

The information collected through tracking cookies is used by Microsoft to generate visitor statistics for the provider. The provider receives information about the total number of users who clicked on their ad and also which pages of their website were called up by the respective user. However the provider does not receive any information through “Bing Ads” with which users can be personally identified.

Furthermore, Microsoft is able to track usage behavior across multiple devices through cross-device tracking, enabling it to display personalized ads across devices.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Further information is listed under the heading "Cookies".

In addition, the user can change the personalized advertising in his Microsoft account under http://choice.microsoft.com/de-de/opt-out, if available.

Further information to Bing Ads: https://help.bingads.microsoft.com/#apex/3/en/53056/2.

Microsoft Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

Search function doofinder

In order to offer the user fast and convenient search options, the provider uses the search technology of the provider "doofinder". "doofinder" is a product of DooFinder S.L., Madrid 28037, Rufino Gonzàlez 23 bis, 1° 1, Spain.

To carry out the search and display the search results, the browser used by the user connects to doofinder's servers. Through the connection, doofinder can recognise from which website a request is sent and to which IP address the display of the search results is transmitted.  

The legal basis for the use and processing of data is Section 6 (1) lit. f GDPR. The provider's legitimate interest is in the optimisation of the website.

doofinder offers further information under the following links:

https://www.doofinder.com/de/privacy-policy

Integration of elements via wine-lounge.net

In order to display elements such as article images or article information, the provider uses an integration via the server of wine-lounge.net. wine-lounge.net is operated by the provider. 

When the user accesses the website, a connection is established to wine-lounge.net's servers for the purpose of displaying the elements. For this purpose, the user's IP address and information on which of the elements provided are displayed are processed. After the end of the page visit, the IP address is deleted.  

The use is based on the legitimate interest of the provider in an optimal presentation of its offers in accordance with Section 6 (1) s. 1 lit. f GDPR. 

Integration of social media 

The provider uses a link on the website to the social networks listed below. 

The plugins are integrated via a linked graphic. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network. 

After the customer has been forwarded, information about the user is collected by the respective network. This is initially data such as IP address, date, time and page visited.  If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information may be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his or her user account, the user must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.

The following social networks are linked by the provider:

Facebook - Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. 
Privacy policy: https://www.facebook.com/policy.php    

Twitter - Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Operators within the EU: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy 

Instagram - Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. 
Privacy policy: https://help.instagram.com/519522125107875 

Pinterest- Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA. Operators within the EU: Pinterest Europe Ltd., Palmerston House, 2nd Floor Fenian, Street, Dublin 2, Ireland.
Privacy policy: https://policy.pinterest.com/de/privacy-policy 

Tumblr - Tumblr Inc., 35 East 21st Street, 10E, New York, NY 10010, USA, Operators within the EU: Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland
Privacy policy: https://www.tumblr.com/privacy/de