Go to homepage
€0.00*

Data privacy policy

I. Preamble

At this point we would like to inform you about how we protect your privacy when you provide us with your personal data. If you have any further questions, please do not hesitate to contact us using the contact details below.

 

II. Responsible party

The responsible party within the meaning of the DS-GVO and other national data protection laws of the member states as well as other data protection regulations is:

GreatesWines.com GmbH
Oskar-Jäger-Straße 160
50825 Cologne 

Commercial Register No.: HR B 98688, Cologne Local Court

 

III. contact details of the data protection officer

E-mail: datenschutz@greatestwines.com
Postal address:
GreatesWines.com GmbH
Data protection officer
Oskar-Jäger-Straße 160
50825 Cologne 

We only store your personal data if you provide it to us. We need this data, in particular name, address and e-mail address, to process your order.

To the procedures in detail:

IV.  Provision of the website and creation of log files

1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected in this process, insofar as it is transmitted based on your browser settings:

  1. Information about the browser type and the version used.
  2. The operating system of the user
  3. The IP address of the user
  4. Date and time of access
  5. The last website from which the user's system accessed our website
  6. Country and place of access

The data is stored in the log files of our system for a short period of time. This data is not stored together with other personal data of the user.

2. legal basis for data processing

The legal basis for the storage of the data and the log files is Art. 6 para. 1 lit. f DS-GVO.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. In these purposes lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f DS-GVO.

4. duration of storage

The log files are stored for 30 days in the active systems and then transferred to archives. There, the log files are stored for 12 months, as they are necessarily used for evaluation in case of need to effectively combat cybercriminals.

5. possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. You have the right to object to this data processing under the conditions of Art. 21 DSGVO. However, in addition to the declaration of objection, reasons must be presented against the processing that arise from your particular situation, as the processing of the data is necessary for the operation of the site.

 

V. Cookies 

1. description and scope of data processing

Cookies are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, only information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.

On our website, we use various cookies to enable the use of certain functions, to statistically record the use of our website and to make visiting our website attractive. We distinguish here between technically necessary cookies, those cookies that are placed for statistical evaluation and marketing-relevant cookies.

The use of cookies and the other technologies for processing usage data serves the following purposes - depending on the category of the cookie or the other technology, respectively:

Necessary for technical operation: These are cookies and similar methods, without which you cannot use our services (for example, to properly display our website/functions requested by you, to save your registration in the login area, to fill the shopping cart when shopping online, etc.).

Statistics & Tracking: These techniques allow us to compile statistics on the use of our services for the purpose of tailoring them to your needs. This allows us, for example, to determine how we can better adapt our websites to the habits of users.

Convenience function & marketing: This enables us to show you content that is suitable for you, based on the analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier). Based on the mere user ID, we are not able to draw any conclusions about your person.

Most browsers have functions with which the acceptance of cookies can generally be rejected or with which the cookies accepted by an Internet site can be deleted after the end of the visit. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or even how to delete all cookies you have already received and block your browser from receiving any more. You can learn about this option for the most commonly used browsers via the following links:

  • Microsoft Edge: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
  • Firefox: https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
  • Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
  • Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
  • Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

 

a. Shopware

1. description and scope of data processing

We use Shopware on our website, an open source software to improve and optimize the use of our online store.

Shopware stores cookies in your browser to ensure the basic functions of the store. Cookies are used, for example, to enable shopping cart content, login status and also CSRF protection. Without having cookies allowed in the browser, Shopware cannot be used. Shopware only stores IDs in your browser, the assignment to the respective information is done in the application area.

Based on the session cookie, Shopware decides whether you have an active shopping cart and whether you are logged in. It therefore serves as identification between your browser and the server. No other information is stored in the browser except for the session ID. The handling of session cookies is controlled on the server side via PHP and is independent of Shopware.

In addition, Shopware generates an individual CSRF cookie when you visit the store, so that you can operate the individual areas of the store.

In addition, an SLT cookie is set, which allows us to recognize you when you return to our online store, even if the session has already expired. The SLT cookie can be deactivated in the basic settings of your browser.

When you place a product on the notepad, a cookie with the name "sUniqueID" is created for this purpose in order to save the contents of the notepad. The saved products are stored in the s_order_notes table.

In the Local Storage of the browser, the information about the "last viewed items" is also stored.

 

b. Paypal

1. description and scope of data processing

We use components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed through an email address, therefore there is no classic account number. PayPal allows to initiate online payments as well as to receive such payments. PayPal assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you choose "PayPal" as a payment option during the ordering process in our online store, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.

All PayPal transactions are subject to the PayPal privacy policy, the privacy policy of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

The personal data transmitted to PayPal are mostly first name, last name, address, email address, IP address, phone number, cell phone number or other data necessary for payment processing. Personal data related to the respective order are also necessary for the processing of the purchase contract.

The purpose of transmitting the data is payment processing and fraud prevention. The controller will transmit personal data to PayPal in particular in case of legitimate interest. The personal data exchanged between PayPal and the controller may also be sent by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may disclose the personal data to affiliated companies and service providers or subcontractors if this is necessary for the fulfillment of contractual obligations or if the data is processed on behalf.

You have the option to revoke your consent to PayPal's handling of personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted mandatory for payment processing.

2. legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) lit. b DS-GVO and Art. 6 (1) lit. c DS-GVO in conjunction with. § SECTION 6 GWG. At the same time, Art. 6 (1) lit. f DS-GVO is the additional legal basis for the processing of the users' personal data.

3. purpose of data processing

The processing of data in the context of payment processing is necessary in particular for the provision of order processing on our website. It thus serves to fulfill a contract with the user or to carry out pre-contractual measures

The implementation of business and customer-related internal security measures for the purpose of minimizing and managing the risks of money laundering and terrorist financing serves to fulfill legal requirements under the Money Laundering Act.

The SCHUFA and/or Bürgel inquiries carried out in individual cases or fraud prevention measures in the case of credit card transactions also serve the purpose of minimizing the risk of non-payment and preventing credit card misuse. In these purposes lies our legitimate interest in processing the data according to Art. 6 para. 1 lit. f DS-GVO.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. With regard to data collected for the performance of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or statutory obligations, such as those arising from the limitation periods for warranty claims or from obligations to retain data under tax law.

5. possibility of objection and elimination

Until the final recording of the data by sending the order, you can change the data yourself, remove it from the input mask or change the payment method according to your wishes. Subsequently, the processing is mandatory for the processing of the order. Consequently, there is no possibility of objection on the part of the user.

 

VI. registration

1. description and scope of data processing

In order to be able to fully use the services of our website, you must register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The following data is collected during the registration process:

  1. Customer type (private customer/corporate customer)
  2. First name
  3. Last name
  4. Gender 
  5. E-mail address
  6. Password (encrypted)
  7. Address 
  8. Delivery address (optional)
  9. Consent to terms and conditions and confirmation of knowledge of the privacy policy, incl. time of consent
  10. Optional, whether a newsletter order has been placed, incl. time of consent

If you have created a customer account, we use in particular the e-mail address specified there to provide you with important service information or changes to your customer account.

2. legal basis for data processing

The legal basis for processing in the context of registering a customer account is Art. 6 (1) lit. b DS-GVO.

3 Purpose of data processing

The data processing serves the order processing and thus the fulfillment of a contract with the user or the implementation of pre-contractual measures.
 

4. duration of storage

Customer accounts are generally deleted after receipt of the request for deletion, unless there are legal obligations to retain data. With regard to the personal data associated with customer accounts, a distinction is made as to whether or not the fulfillment of a legal obligation precludes deletion. If this is the case, the data will be blocked for further processing.

5. revocation, objection and removal options

As a user, you have the option to cancel your registration at any time. To do so, send an e-mail to service@greatestwines.com with the request to delete your customer account. 

If the data is necessary for the fulfillment of a contract or for the execution of pre-contractual measures, an early deletion of the data is only possible, as far as contractual or legal obligations do not oppose a deletion.

 

VI. direct mail

If you have made a purchase in our online shop, we will also use the e-mail address you provided in connection with the purchase for service information such as satisfaction surveys and for advertising our own similar offers by e-mail. In such a case, you will only be sent direct marketing for similar goods or services. 

1. Legal basis for data processing

The legal basis for direct advertising for similar goods or services as a result of the sale of goods or services is Article 6 Paragraph 1 Clause 1 Letter f) GDPR in conjunction with Section 7 Paragraph 3 UWG.

2. recipient of the data

The data is processed by Greatestwines.com GmbH. In order to process the sending of direct mail, we use the system of our processor (Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany), who receives the data on our behalf on the basis of Art. 28 GDPR to send the e-mails and processed.

3. Third country transfer

Your data will not be processed outside the EU/EEA. 

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's e-mail address is therefore stored at least as long as the direct mail subscription is active. After a revocation by you or the discontinuation of the service, the personal data will be deleted three years after revocation/discontinuation of the service for the purpose of accountability according to Art. 5 Para. 2 DSGVO and to defend against any claims for damages (Art. 83 Para. 8 DSGVO in conjunction with § 41 BDSG and Section 31 Paragraph 2 No. 1 OWiG and legitimate interest in accordance with Article 6 Paragraph 1 f GDPR), unless there are statutory retention requirements. 

5. Possibility of revocation, objection and elimination 

You can object to the sending of direct mail at any time. Data processing based on this consent is lawful until revocation. Please note that, for technical reasons, it may take 24 hours from the time of the revocation until it is noted in the systems. If direct mail should still be sent during this time, we apologize for this. However, this cannot be avoided in individual cases. Please inform us of your withdrawal in text form to the following email address: service@greatestwines.com (for direct mail) or use the link provided in each email. This also makes it possible to revoke consent or object to the sending of direct advertising. VII. rights of the data subjects

VII. rights of the data subjects 

If personal data is processed by you, you are a data subject within the meaning of the DS-GVO and you are generally entitled to the following rights, unless exceptions apply: 

1. right to information

You, as a data subject, have the right to request confirmation from the controller as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 of the DS-GVO.

2. right to rectification

Furthermore, as a data subject, you have the right to demand that the controller rectify any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without undue delay (Art. 16 DS-GVO).

3. right to restriction of processing

Furthermore, the data subject has the right to request the controller to restrict processing for the duration of the controller's review if one of the conditions listed in Art. 18 DS-GVO applies, e.g. if the data subject has objected to the processing.

4. right to erasure

Finally, as a data subject, you have the right to request that the controller erases personal data concerning you without undue delay if one of the grounds listed in detail in Art. 17 DS-GVO applies, e.g. if the data is no longer needed for the purposes pursued (right to erasure).

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

6. right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Art. 6 (1) a DS-GVO or Art. 9 (2) a DS-GVO or on a contract pursuant to Art. 6 (1) b DS-GVO
  2. and the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8. right to revoke the declaration of consent under data protection law.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is permitted by legislation of the European Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or 
  3. is carried out with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her residence, place of work or the place of the alleged infringement. In North Rhine-Westphalia, the competent supervisory authority is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
P.O. Box 20 04 44
40102 Düsseldorf
Tel.: 0211 38424-0
Fax: 0211 38424-10
E-mail: poststelle@ldi.nrw.de

 

Status 03/07/2021