Privacy Policy

Version [09.08.2018]

I. Who are we

This website (https://bestwineimporters.com/) (hereinafter referred to as “our website”, “this website” or similar terms) is held and operated by BestDataNet S.R.L, a Romanian company, registered with the trade registry with no. J05/486/2011, European unique identifier: ROONRC.J05/486/2011, tax registration no. 28206907, having with the registered office at Oradea, Vladeasa nr. 20, CP 410222, county Bihor, trading under the name BestWineImporters (hereinafter referred to as “BestWineImporters”, “we”, “us” or similar terms).

If you need further information or wish to send us your feedback, please use our contact form, send us an email at office@bestwineimporters.com or a letter at our registered office.

II. Purpose of this Privacy Policy

BestWineImporters, as personal data controller, values and respects your rights regarding your personal data (which encompasses any information relating to an identified or identifiable natural person).

In this respect, we have adopted this privacy policy (“Privacy Policy”) regarding our website’s use of your personal data, and of other information you provide to us, in order to convey to you important details regarding, among others:

what kind personal data and other information we collect, store, transfer and, in general, use (these operations collectively referred to as “process” or “processing”) your personal data, as well how and why we process it,
to whom we may disclose such personal data;
what kind of security measures we take to protect such data;
what are your rights and how you may exercise them
Other useful information

We encourage to read this Privacy Policy carefully and underline that this does not prejudice any of your rights under the applicable legislation.

III. How and when we deal with your personal data

3.1 User account

Data processing

When you create your user account with us, we, as well as our payment processor Verifone Payments BV dba 2Checkout[1] (http://www.2checkout.com) collect the following personal data:

Full name of the individual
Country of origin and/or State
Contact email
Credit/debit card details (only stored by Verifone Payments BV dba 2Checkout)

Purpose of processing

The data is stored securely our servers[2] and those of our partners, for the purpose of contacting you when providing our services (e.g. sending you information regarding your subscription) and for payment purposes.

We may also use your data for sending you direct marketing emails, such as newsletters or personalized offers from us.

Duration of storage

The data remains with us and our partners for as long as your user account is active and for a period of up to 3 years thereafter, in order to facilitate your account reactivation, for contacting you and for the purpose of protecting our rights in court, in the event of a litigation. You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.

Legal basis for processing

Art. 6, letter b) of the GDPR[3] – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. More specifically, we are using this data to provide you our services and in all related aspects thereto as described above.

Art. 6 letter f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller. More specifically in respect of the direct marketing activities, we, as data controller, are pursuing the promotion of our legitimate business, as allowed under the law. Please let us know if you think that your interests or fundamental rights and/ or liberties are prejudiced by this processing, by using the contact details below, and we will carefully consider your view.

3.2 Contact form

Data processing

When you fill in our contact form we collect the following personal data:

Full Name
Company Name
Business Email
Phone Number

Purpose of processing

The data is stored securely our servers, for the purpose of contacting you and offering you our support on the use of our website, and other reasonable information you require from us regarding us or our services.

Duration of storage

The data remains with us for the duration necessary to address your request and for up to 3 years thereafter, for the purpose of contacting you in the future and in order to protect our rights in court in the event of a litigation. You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.

Legal basis for processing

Art. 6, letter b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. More specifically, we are facilitating the use of our website and present our company and services to you, upon your request, with a view to retaining you as client of our services.

3.3 Visiting our website

Data processing

Upon leaving our website we may ask you for your email through a pop-up window in order to contact you later on.

We store your email on our servers and we communicate your email to our partners: Mailchimp[4] (www.mailchimp.com), an email marketing application, and Agile CRM[5] (https://www.agilecrm.com/), a customer relationship manager application, which we use for the purposes mentioned below.

Purpose of processing

The data is safely stored on our servers and those of our partners mentioned above for the purpose of sending you newsletters with special offers from our part We also analyze the data to improve our business, in particular the customer relationship management.

Duration of storage

The data remains with us and our partners as potential commercial leads for our services for a maximum of 3 years, for the purpose of contacting you in the future and in order to protect our rights in court in the event of a litigation. We are also making a periodical review of the data and erase them if they become irrelevant. You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.

Legal basis for processing

Art. 6, letter b) of the GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes. More specifically, you have agreed for us to contact you with potential special offers from our part.

Art. 6 letter f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller. More specifically by processing the data via tools such as Agile CRM, we, as data controller, are pursuing the improvement of our legitimate business, as allowed under the law. Please let us know if you think that your interests or fundamental rights and/or liberties are prejudiced by this processing, by using the contact details below, and we will carefully consider your view.

3.4 Subscribe homepage form

Data processing

By using our “Subscribe homepage” form we collect from you your email and we communicate your data to our partner: Mailchimp[6] (www.mailchimp.com), an email marketing application, for the purpose described below.

Purpose of processing

The data is safely stored on our servers and our partner’s servers for the purpose of sending you newsletters with special offers from our part.

Duration of storage

The data remains with us and our partners as potential commercial leads for our services for a maximum 3 years, for the purpose of contacting you in the future and in order to protect our rights in court in the event of a litigation. We are also making a periodical review of the data and erase them if they become irrelevant. You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.

Legal basis for processing

3.5 Sign-up form

Data processing

By using our “Sign-up” form we collect from you the following data:

Full Name,
Company Name,
Business Email, Phone number,
Website and Country

We communicate your data to our partners: Gravity[7] (https://www.gravityforms.com/), a website forms creation tool, and to Agile CRM[8] (https://www.agilecrm.com/), a customer relationship manager application, and we use such data for the purposes mentioned below. After 60 days from collection, the data may also be transferred to our partner Mailchimp[9] (www.mailchimp.com), an email marketing application, for the purpose described below.

Purpose of processing

The data is safely stored on our servers and those of our partners mentioned above for the purpose of sending you newsletters with special offers from our part as well as with potential clients for your products. We also analyze the data to improve our business, in particular the customer relationship management.

Duration of storage

The data remains with our partner Agile CRM as potential commercial leads for our services for 60 days. If the commercial leads do not come to fruition during this period, they are automatically erased from Agile CRM and transferred to our partner Mailchimp.

The data is also stored on our servers and on the servers of our partner Gravity for a maximum of 3 years, for the purpose of contacting you in the future and in order to protect our rights in court in the event of a litigation..

You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.

Legal basis for processing

3.6 Anonymous information

We and our partners (such as advertising servers, content servers, etc.) may also collect anonymous information about you through cookies, action tags and similar instruments. For more information regarding our Cookies Policy, follow this link […]

Such information may regard:

IP Address;
Country and the server information;
Java and cookies configuration;
Applications and plug-ins;
The website which redirected you to our website etc.

We collect this information in manner which does not allow your identification. The data is used to improve the functionality of our website and to allow us to offer you relevant content.

3.7 NextRoll Advertising

Collection of Data
Our site uses technologies of third-party partners such as NextRoll to help us recognize your device and understand how you use our site(s) so that we can improve our services to reflect your interests and serve you advertisements about the [products and/or services] that are likely to be of more interest to you. Specifically, NextRoll/these partners collect information about your activity on our site(s) to enable us to:

measure and analyze traffic and browsing activity on our site(s);
show advertisements for our products and/or services to you on third-party sites;
measure and analyze the performance of our advertising campaigns;

Opting-Out

Our partners [such as NextRoll] may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third party tools to decline the collection and use of information for the purpose of serving you interest based advertising:

The NAI’s opt-out platform

IV. To whom we may disclose the personal data and other information you provide

Our employees, consultants and other authorized persons which need to know such information. Every such person is subject to a legal or contractual confidentiality undertaking;
Our partners, some of which have already been mentioned in the previous sections. Such third-party partners may include (online services providers, software providers, webhosting providers, online advertisers etc. ).

Our partners are: Verifone Payments BV dba 2Checkout, Mailchimp, Gravity, Agile CRM, Google, NextRoll.

Our partners have adhered to and have implemented the necessary security standards in order in order to keep them safe and may use such data only for the purposes mentioned in this Privacy Policy.

The online payment details (such as your credit card or debit card number) are provided directly to our payment processor Verifone Payments BV dba 2Checkout. We do not access or store such information.

We do not sell or rent the personal data and other information you provide to other companies or persons.

V. Inexistence of an automated individual decision-making, including profiling

You, as personal data subject, shall not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects him or her.

VI. How do we protect your data

Your data is protected by a wide range of security measures, both local and online.

6.1 Sucuri Security – https://sucuri.net/website-firewall/. We protect our websites with one of the top security solutions, Sucuri Security, a cloud-based WAF that stops website hacks and attacks. The service includes antivirus and firewall for the website.

6.2 HostEurope SiteLock – https://www.hosteurope.de/en/SiteLock/ .The company that provides hosting for our servers also offers a number of powerful security services: daily malware scans, additional firewall and vulnerability checks and fixes.

6.3 SSL Certificates – https://ssl.comodo.com/comodo-ssl-certificate.php?track=8172. Our SSL certificates guarantee the highest possible encryption levels for online transactions. Each SSL certificate is signed with NIST recommended 2048 bit signatures and provides up to 256 bit encryption of customer data.

6.4 Locally, we use Mac desktops protected by strong passwords for each of our operators and the emails are secured on HostEurope’s data centers.

VII. What are your rights and how you may exercise them

We are committed to respecting your rights regarding your personal data and information you provide to us. Briefly, in relation to your personal data you have the following rights:

Right of access. You have the right to access your personal data that we or our partners are processing; you also have the right to obtain information regarding the nature, the processing and disclosure of such data.
Right to rectification. Upon your request we will correct any errors or inaccuracies regarding your personal data that we or our partners are processing.
Right to be forgotten. You can also request that we erase all your personal data that we or our partners are processing.
Right to restrict the data processing. Under certain condition provided the law, you have the right to restrict the processing of your personal data that we or our partners are processing.
Right to object to the data processing. You have the right to instruct us to discontinue the processing of the personal data that we or our partners are processing.
Right to data portability. Where applicable under the law, you have the right to request us to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance us.
Right to withdraw your consent. Where the personal data processing is based on your consent, you may withdraw such consent at any moment. This shall not affect any previous data processing, but, may prevent us from processing it in the future.
Right to lodge a complaint with a supervisory authority. For data processing falling under the jurisdiction of the Romanian authorities you may lodge a complaint with the Romanian Data Protection Authority (http://www.dataprotection.ro/).

In order for you to exercise any of the rights above or to ask any question regarding this Privacy Policy, you may use any of our contact details mentioned in section I above.

VIII. Other information

What happens if you refuse to provide us with your personal data

You are not obliged under the law to provide us with your personal data, however, refusing to provide it may in certain cases result in the inability to provide you our services (e.g. if the user account information is not provided the account cannot be created and you cannot access our services).

Amendments to this Privacy Policy

We may change this Privacy Policy from time to time, in order to reflect changes to the applicable legislation, our internal policies, of the website or of the technology used. Whenever you come back to our website, please check the date of the last update to this Policy and the relevant amendments, if any.

If there are significant changes to this Policy we will inform beforehand via email and through a notice on our website.

Links to other websites

This website may contain links to other websites (which in their turn may collect personal data from you). By accessing such links, you will become subject to the practices and policies of such websites. We encourage you to analyze them beforehand and take the necessary precautions. We cannot be held liable for the practices and policies of such websites regarding the use your

[1] For more information regarding Verifone Payments BV dba 2Checkout’s data protection practices, please refer to http://www.2checkout.com/lp/gdpr-compliant.html

[2] For more information regarding our servers’ security protocols and protection practices, please refer to https://www.hosteurope.de/en/SiteLock/ and https://sucuri.net/website-firewall/

[3] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

[4]For more information regarding Mailchimp’s data protection practices, please refer to https://mailchimp.com/legal/privacy/

[5] For more information regarding Agile CRM’s data protection practices https://www.agilecrm.com/privacy-policy

[6]For more information regarding Mailchimp’s data protection practices, please refer to https://mailchimp.com/legal/privacy/

[7]For more information regarding Gravity’s data protection practices, please refer to https://www.gravityforms.com/privacy/

[8] For more information regarding Agile CRM’s data protection practices https://www.agilecrm.com/privacy-policy.

[9]For more information regarding Mailchimp’s data protection practices, please refer to https://mailchimp.com/legal/privacy/