top of page

 GWYNDOR PRIVACY POLICY

 

 

Introduction

 

GWYNDOR respects your privacy and is committed to protecting your personal data. This Privacy Policy aims to ensure that your rights and fundamental freedoms, in particular your right to privacy, are respected when you visit our Website (www.gwyndor.com) or interact directly with GWYNDOR. To ensure accessibility, this Privacy Policy is available at the footer of every page on our Website.

 

 

Controller

 

When we mention „GWYNDOR”, „we”, „us” or „our” in this Privacy Policy, we are referring to RWZ REVOLUTION WINEZ BT. (3400 Mezokövesd, Egri út. 37., Hungary), a company registered under number 05-06-017663. RWZ REVOLUTION WINEZ BT acts as a controller for personal data collected via this Website.

 

GWYNDOR does not verify the personal data provided to it. The person providing the data is solely responsible for the correctness of the data. Any user who provides an e-mail address is also responsible for the fact that they are the only one to use the service from the e-mail address provided. In view of this responsibility, any liability for accessing the service from a given e-mail address rests solely with the user who registered the e-mail address.

​

​

Principles of Data Management

 

Your data will be obtained and processed fairly and lawfully.

 

Your data will only be stored for a specific and lawful purpose and may not be used for any other purpose.

 

The scope of the data processed will be proportionate to, and compatible with, the purpose for which it is stored and not excessive in relation to that purpose.

 

Your data will be stored in a way that allows your identification only for the time necessary for the purpose for which it is stored.

 

Adequate security measures will be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, and against unlawful access, alteration or dissemination.

​

​

Data We May Process

 

Personal data is all data that can be associated with you, as a specific natural person, including the inference that can be drawn from the data.

 

Data processing is the collection, recording and storage, processing, utilisation (including transmission and disclosure) and erasure of personal data, irrespective of the process used. Processing also includes altering data and preventing their further use.


We receive, collect and store any information you enter on our website or provide us in any other way. Such information may include: 

 

  • Information that you provide by filling in forms on our Website. We may ask you to enter your information when you subscribe to our newsletter, register an account on our Website, log in to your account, or conduct transactions on our Website. This may include identity data (your name, username or other identifier, date of birth and gender), contact data (e-mail address and telephone number), shipping information (your address), payment details (including credit card information) and preferences as to how you wish to interact with us (e.g. whether you wish to receive promotional messages from us).

 

  • Information that you provide by contacting us directly via e-mail.

 

  • Details about your visits to our Website, including technical data (such as the Internet protocol (IP) address used to connect your computer to the Internet, computer and connection information and login data) and usage data (i.e. information on how you use our website). We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information (including browsing actions and patterns), and methods used to browse away from the page.

 

 

Legal Basis

 

We process your personal data based on the following legal grounds, in accordance with the General Data Protection Regulation (GDPR):

 

  • Consent (Article 6(1)(a) GDPR): We rely on your consent as the legal basis for processing your personal data when you subscribe to our newsletter, create an account, or when you agree to receive promotional messages. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

 

  • Contractual Necessity (Article 6(1)(b) GDPR): The processing of your personal data is necessary for the performance of a contract to which you are a party, such as when you register on our website, make a purchase through guest checkout, or when we provide customer service and technical support.

 

  • Legal Obligation (Article 6(1)(c) GDPR): We may process your personal data to comply with legal obligations, such as retaining transaction records for tax and accounting purposes or responding to lawful requests from public authorities.

 

  • Legitimate Interests (Article 6(1)(f) GDPR): We process your personal data based on our legitimate interests, which include improving our services, ensuring the security of our website, preventing fraud, and using website analytics and targeted advertising to enhance our marketing efforts. When relying on legitimate interests, we ensure that your rights and interests are not overridden by conducting a careful balancing test.

 

 

Why We Process Your Data

 

We collect data in order to:

 

  • provide and operate the services available at our Website;

 

  • to provide you with ongoing customer assistance and technical support;

 

  • to be able to contact you with general or personalized service-related notices and promotional messages, where you have consented to be contacted for such purposes;

 

  • to create aggregated statistical data and other aggregated and/or inferred non-personal information, which we may use to provide and improve our respective services;

 

  • to prevent misuse or improper use of our services;

 

  • to comply with any applicable laws and regulations.

 

We may not use the personal data provided by you for purposes other than those described in these points. Unless otherwise required by law, the disclosure of personal data to third parties or public authorities is only possible with your prior express consent.

 

 

How Long We Store Your Data

 

The principle of data minimization and storage limitation dictates that your data should only be retained for as long as necessary to fulfill the purposes for which it was collected.

 

In cases when we act as data controllers, we will retain your data for the following durations:

 

  • Newsletter Subscription: we will retain your e-mail address as long as you remain subscribed to our newsletter. You may unsubscribe at any time by following the link in our newsletters our reaching out to us directly via privacy@gwyndor.com. If you unsubscribe, your e-mail address may be retained for an additional period so we would be able to comply with legal requirements and demonstrate compliance with consent requirements.

 

  • User Registration: we will retain your data as long as you maintain an active account on our Website. If your account remains inactive for an extended period of 24 months, your data will be automatically deleted, except for data we need to retain for legal obligations. If you request account deletion on our Website, your data will be promptly deleted, except for data we need to retain for legal obligations.

 

  • Guest Checkout: we will retain your data as long as necessary to fulfill your order and handle any related issues, such as returns and customer service inquiries. After your order is completed, we may need to retain your data for a certain period to comply with legal obligations. Once the legal retention period has expired, your data will be deleted.

 

  • Data Received via E-mail: we retain personal data received via email for as long as necessary to fulfill the purpose of the communication, such as responding to your inquiries, providing customer support, or processing transactions. Once the purpose has been fulfilled, we will delete your data, unless we are required by law to retain it for a longer period. In general, emails and related data will be retained for a maximum of 12 months after the last correspondence, unless otherwise required by law.

 

  • Google Analytics Data: user-level data stored by Google Analytics is automatically deleted from Google’s servers after 14 months, while event-level data is automatically deleted after 2 months. To learn more about how we use Google Analytics to improve our services, please read the dedicated section of this Privacy Policy (“Website Analytics”).

 

In cases when your data is processed by data controllers other than GWYNDOR, as described under this Privacy Policy, the data retention period will be determined by the data controller. You can access their respective policies from the dedicated sections of this Privacy Policy (“Website Analytics” and “Targeted Advertising”).

 

 

How We Store, Use, Share and Disclose Your Data

​

General Considerations

​

We have taken appropriate steps to ensure that your personal data is handled securely and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

 

In certain cases, described below, your data may be transferred to third parties acting as data processors (who are processing your data on our behalf) or data controllers.

 

Some of these third parties are, as described below, based in countries outside the European Economic Area (EEA). In such cases, the transfer of your personal data will be subject to safeguards as required under the GDPR. These safeguards include ensuring that the third-party service provider has implemented Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate legal mechanisms to protect your personal data.

 

It is our policy at GWYNDOR that we work only with third-party service providers who include SCCs in their Data Processing Agreements (DPAs) to ensure compliance with the GDPR. Furthermore, all our third-party service providers are well-known, reputable companies with strong data protection practices. These companies have robust security measures, comprehensive privacy policies, and follow international data protection standards.

 

Your personal data will not be used by third party service providers for any purpose other than described below and will be retained only for as long as necessary for the given purpose, unless a longer retention period is required by law.

 

​

Cookies

 

Like many websites, we use "cookies", which are files saved on your computer's hard drive by your browser and used to collect and store certain information about you.

 

You can manage your cookie preferences through the cookie consent banner located on our Website, which allows you to accept, decline, or customize your cookie settings at any time.

 

Most browsers accept cookies automatically but allow you to disable them. The help menu on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies all together. You can also disable or delete cookies you have previously accepted if you wish to.

 

We recommend that you leave cookies turned on so that we can offer you a better experience on the Website. If you set your browser to block all cookies (including strictly necessary cookies), you may not be able to access parts of our Website.

 

We have set certain cookies on your device and recommend that you agree to their use. If you do not, you may still use the Website, but certain parts of it may not work or may not work as well.

 

We use the following cookies:

 

  • Strictly necessary cookies. These are cookies that are required for the operation of our Website and for you to be able to complete services you ask for. They include, for example, cookies that enable you to log into your account.

 

  • Functional cookies. These cookies record information about choices you make on our Website, such as your user name, language or the region you are in. In this way, we are able to personalize your visit to the Website.

 

  • Performance cookies. These ‘analytical’ cookies allow us to collect information about how visitors use our Website, for example to count visitors and to see how visitors move around the Website. They record your visit to our Website, the pages you have visited and the links you have followed. These cookies do not collect information that identifies you. All information is anonymous. This helps us to improve the way our Website works.

 

  • Social media cookies. These cookies allow you to share Website content with social media platforms (e.g, Facebook, Instagram). We have no control over these cookies as they are set by the social media platforms themselves.

 

  • Advertisement cookies. These cookies allow us to deliver tailor-made advertisements to you on third party websites based on your interests in our products and services manifested during your visit on our Website. These cookies do not collect information that identifies you. All information is anonymous.

 

 

Web hosting

 

Our website is hosted on the Wix.com platform. Wix.com Ltd. (40 Namal Tel Aviv Street, Building 25, Tel Aviv 6350671, Israel) acts as a data processor and provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. The processing of personal information by Wix.com takes place within the territory of the European Union, Israel or a third country of which the European Commission has decided that it ensures an adequate level of protection, in accordance with Wix.com’s DPA. You can read more in Wix.com’s privacy policy here.

 

All direct payment gateways offered by Wix.com and used by us adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our online store and its service providers.

 

If we transfer the operation or use of the content service on our website in whole or in part to a third party other than Wix.com, Wix.com Ltd may transfer the data processed by it to such third party for further processing. This transfer may only serve to ensure the continuity of the registration of users who have already registered, but may not place you in a less favorable position in terms of privacy and data security.

 

 

Order fulfilment

 

In order to fulfil orders efficiently, we may share certain personal data with our third-party fulfillment provider. The personal data shared may include your name, delivery address, contact details, and order information.

 

The fulfillment provider, acting as a data processor on our behalf, is contractually obligated to process your personal data solely for the purpose of fulfilling your order, and to implement adequate technical and organizational measures to protect your data.

 

 

Website analytics

 

We rely on Google Analytics, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, California, 94043, United States) to analyze your use of our Website. The information generated by Google Analytics is subject to Google’s privacy policy and will be transferred to and stored by Google on servers in the USA.

 

Prior to the transfer, the data will be pseudonymized by the last octet of your IP address being truncated (in the case of IPv4 addresses) or the last 80 bits of IPv6 addresses being set to zeros. Other data sent to Google’s servers, like unique identifiers, cookies, and device information will be pseudonymized as well (e.g., user IDs will be replaced with pseudonyms).

 

Google will then process your data on our behalf, acting as a data processor, in order to evaluate your use of our Website, to compile reports on website activity and to provide other services related to Internet usage. Google Analytics cannot be used to track people across the web or apps. It does not create user profiles.

 

If you would like to disable measurement by Google Analytics, please install the browser add-on offered by Google. 

 

We use Microsoft Clarity, a service provided by Microsoft Corporation (One Microsoft Way, Redmond, Washington, 98052, United States) to record and analyze user interactions on our website in order to gain insights and be able to improve user experience.

 

When you visit our website, Microsoft may collect and process certain information about your device and browsing behavior. This may include information such as your IP address, device type, browser type, and interactions with our website. Microsoft acts as independent data controller, and may use the data it collects from our Website for any purpose in accordance with the Microsoft Privacy Statement, including to provide their service to us, improve Microsoft’s products and services, including reporting and performance analysis, and create user profiles for purposes that include advertising. Microsoft may also use nonpersonal data it collects to provide and improve Microsoft’s products and services. Microsoft may transfer it to and store it in data centers located outside the European Economic Area (EEA), including in the United States. 

 

 

Targeted Advertising

 

We use services like Google Ads and Facebook Pixel to help deliver targeted advertising and to measure the effectiveness of our advertising campaigns. These tools allow us to show you ads based on your interests and interactions with our website.

 

When you visit our website, Google Ads and Facebook Pixel may collect and process certain information about your device, browsing actions, and interactions with our ads. This data may include your IP address, device type, and browsing behavior. This information is processed by Google LLC (1600 Amphitheatre Parkway, Mountain View, California, 94043, United States)

 and Meta Platforms Inc. (1601 Willow Road, Menlo Park, California, 94025, United States), respectively, who act as independent data controllers, meaning they may use this data for their own purposes, including improving their services and delivering targeted ads across their networks.

 

Both Google and Meta Platforms store data in data centers located around the world, including the United States. We have implemented measures to minimize the collection of personal data and ensure that your privacy is protected, including anonymizing IP addresses where possible.

 

You can manage your preferences or opt out of personalized advertising through the settings provided by these platforms:

 

Google Ads Settings

Facebook Ad Preferences

 

For more information on how Google and Facebook process your data, please refer to their privacy policies:

 

Google Privacy Policy

Facebook Privacy Policy

​

​

Other

​

In certain cases, we may make your data available to third parties in the event of a formal judicial or police request, legal proceedings for copyright, property or other infringements or reasonable suspicion of such infringements, or in the event of a threat to the interests of GWYNDOR, the provision of its services, etc.

 

 

Your Rights and How to Exercise Them

 

As a user of our website, you have certain rights under the General Data Protection Regulation (GDPR) concerning the personal data we collect and process about you. These rights include:

 

  • Right to Access: You have the right to request access to the personal data we hold about you. This allows you to receive a copy of the data and to check that we are lawfully processing it.

 

  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.

 

  • Right to Erasure: You have the right to request the deletion of your personal data where there is no longer a legal basis for us to retain or process it. This is also known as the "right to be forgotten."

 

  • Right to Restriction of Processing: You have the right to request that we limit the processing of your personal data in certain circumstances, such as if you contest the accuracy of the data or object to our processing.

 

  • Right to Data Portability: You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer this data to another data controller where technically feasible.

 

  • Right to Object: You have the right to object to our processing of your personal data where we rely on a legitimate interest or where the processing is for direct marketing purposes.

 

  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

 

  • Right to Lodge a Complaint: If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with your local data protection authority.

 

If you have any questions in relation to this privacy policy, including any requests to exercise your legal rights listed above, please contact us in writing, by registered or certified mail sent to our address, or through the following e-mail address: privacy@gwyndor.com.

 

GWYNDOR only responds to inquiries concerning data protection. Requests for information sent by e-mail will be considered authentic only if sent from your registered e-mail address. We may ask you to verify your identity before processing your request, to ensure the security of your data. We will respond to any inquiries concerning data protection within 8 working days following receipt. In case of e-mail, the date of receipt is the first working day following the date of sending.

 

You may exercise your rights under Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the Act IV of 2013 (Civil Code) before the courts, and may also seek the assistance of the Data Protection Commissioner (1051 Budapest, Nádor u. 22., postal address: 1387 Bp. Pf.: 40.) in any matter related to data processing.

 

You may also turn to our regulatory agency:

 

National Authority for Data Protection and Freedom of Information (NAIH)

Hungary, 1055 Budapest, Falk Miksa u. 9-11

E-mail: ugyfelszolgalat@naih.hu

Post: 1363 Budapest, PO Box 9

Phone: +36 (30) 683-5969

Fax: +36 (30) 391-1410

 

 

Data Breach Notification Procedures

 

We prioritize the security of your personal data and have implemented reasonable measures to protect it. However, in the unlikely event of a data breach that poses a risk to your rights and freedoms, we will act promptly in accordance with the General Data Protection Regulation (GDPR). Our procedures include:

 

  • Assessment and Containment: Upon discovering a potential data breach, we will immediately assess its scope and take necessary steps to contain and mitigate its impact.

 

  • Notification to Authorities: If the breach is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

 

  • Communication to Affected Individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, providing clear and transparent information about the nature of the breach, its potential consequences, and the measures we have taken or will take to address it.

 

  • Documentation: We will document all data breaches, detailing the facts related to the breach, its effects, and the remedial actions taken. This documentation assists in monitoring and preventing future breaches.

 

If you have any concerns or suspect that your personal data has been compromised, please contact us immediately at privacy@gwyndor.com.

 

 

Legal Background

 

In developing these rules, GWYNDOR has taken particular account of the following laws and regulations:

 

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

 

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

 

  • Act CXIX of 1995 on the Processing of Name and Address Data for Research and Direct Marketing Purposes.

 

  • Act CVIII of 2001 on Electronic Commerce and on Information Society Services.

 

  • The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108+)

 

  • Act VI of 1998 on the Protection of Individuals with regard to Automatic Processing of Personal Data, ratifying the Convention 108+.

 

  • The EU Charter of Fundamental Rights.

 

 

Changes to This Privacy Policy

​

GWYNDOR reserves the right to amend this Privacy Policy at any time by unilateral decision. Following the amendment of this Privacy Policy, you will be informed by way of a pop-up message appearing when you visit our Website. By continuing to use our services, you acknowledge the changed Privacy Policy and no further consent will be required.

 

 

 

V1.00

bottom of page