Privacy Policy

Privacy Policy

Last Updated: April 2025

This Privacy Policy describes how VinoandFriends (the "Site", "we", "us", or "our") collects, uses, and discloses your personal data when you visit www.VinoandFriends.co.uk (the "Site"), use our services, make a purchase, or otherwise communicate with us regarding the Site (collectively, the "Services"). For the purposes of this Privacy Policy, "you" and "your" refer to you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected in accordance with this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other steps required by applicable law.

How We Collect and Use Your Personal Data

To provide the Services, we collect personal information about you from various sources and have collected the following categories of personal information in the last 12 months, as outlined below. The types of information we collect and use depend on how you interact with us.

In addition to the specific uses listed below, we may use the information we collect about you to communicate with you, provide or improve the Services, fulfil legal obligations, enforce our terms of service, and protect or defend the Services, our rights, or the rights of our users or others.

What Personal Data Do We Collect?

The type of personal data we receive about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we refer to information that identifies, relates to, describes, or can be associated with you. The sections below describe the categories and specific types of personal data we collect.

Information We Collect Directly from You

Information you provide to us directly through our Services may include:

  • Contact details – including your name, address, phone number, and email address.

  • Order information – including your name, billing address, shipping address, payment confirmation, email address, and phone number.

  • Account information – including your username, password, security questions, and other details used for account security.

  • Customer support information – including any information you include in communications with us, such as when you send a message via the Services.

Some features of the Services may require you to provide certain information directly. You may choose not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect Automatically About Your Use

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). For this purpose, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include details about how you access and use our Site and account, including device information, browser details, network connection information, your IP address, and other data about your interaction with the Services.

Information We Receive from Third Parties

Finally, we may obtain information about you from third parties, including vendors and service providers who collect information on our behalf, such as:

  • Companies that support our Site and Services, such as Shopify.

  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card details, billing address) to process payments, fulfil orders, and provide the products or services you request, in order to perform our contract with you.

When you visit our Site, open or click on emails we send, or interact with our Services or advertisements, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

All information we receive from third parties is handled in accordance with this Privacy Policy. See also the section below, Third-Party Websites and Links.

How We Use Your Personal Data

  • Providing Products and Services: We use your personal data to deliver the Services and fulfil our contract with you, including processing payments, fulfilling orders, sending notifications related to your account, purchases, returns, exchanges, or other transactions, creating and maintaining your account, arranging shipping, facilitating returns and exchanges, and enabling other account-related features. We may also enhance your shopping experience by allowing Shopify to link your account with other Shopify services you may use. In such cases, Shopify processes your data in accordance with its Privacy Policy and Consumer Privacy Policy.

  • Marketing and Advertising: We may use your personal data for marketing and advertising purposes, such as sending marketing communications via email, SMS, or post, and displaying advertisements for products or services. This may include using your personal data to personalise the Services and advertisements on our Site and other websites. If you are in the EEA, the legal basis for this processing is our legitimate interest in selling our products under Art. 6(1)(f) GDPR.

  • Security and Fraud Prevention: We use your personal data to detect, investigate, or take action regarding potential fraudulent, illegal, or malicious activities. If you register for an account, you are responsible for keeping your login credentials secure. We strongly advise against sharing your username, password, or other access details with third parties. If you believe your account has been compromised, please contact us immediately. For EEA residents, the legal basis for this processing is our legitimate interest in ensuring the security of our Site under Art. 6(1)(f) GDPR.

  • Communications and Service Improvements: We use your personal data to provide customer support and improve our Services. This is based on our legitimate interest in responding to inquiries, delivering effective services, and maintaining our business relationship with you under Art. 6(1)(f) GDPR.

Cookies

Like many websites, we use Cookies on our Site. For details about the Cookies we use in connection with Shopify, see Shopify’s Cookie Policy. We use Cookies to operate and improve our Site and Services (including storing your preferences), conduct analytics, and better understand user interaction with the Services (based on our legitimate interest in managing, improving, and optimising the Services). We may also permit third parties and service providers to use Cookies on our Site to personalise services, products, and advertisements on our Site and other websites.

Most browsers accept Cookies by default. However, you can adjust your browser settings to remove or reject Cookies. Please note that blocking or deleting Cookies may impact your user experience and cause certain Services, including features and functionalities, to not work properly or become unavailable. Additionally, blocking Cookies may not completely prevent us from sharing information with third parties, such as advertising partners.

Our Site also recognises the Global Privacy Control (GPC) signal, which allows you to opt out of certain uses or disclosures of your information. If we detect a GPC signal, we will treat it as a valid request to disable sharing/targeted advertising for the associated browser or device. If we can link the device sending the signal to a Shopify account, we will apply the opt-out request to the account. Learn more about GPC at globalprivacycontrol.org. Apart from GPC, we do not recognise other "Do Not Track" signals your browser or device may send.

How We Disclose Personal Data

Under certain circumstances, we may disclose your personal data to third parties to fulfil contracts, for legitimate purposes, or as otherwise outlined in this Privacy Policy. These circumstances may include:

  • Sharing with vendors or third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, order fulfilment, and shipping).

  • Sharing with business and marketing partners to provide services and deliver advertising. These partners use your data in accordance with their own privacy policies.

  • If you instruct, request, or otherwise consent to the disclosure of specific information to third parties, such as for product deliveries or through your use of social media widgets or login integrations.

  • Sharing with our affiliates or within our corporate group, based on our legitimate interest in operating a successful business.

  • In connection with a business transaction (e.g., merger or bankruptcy), to comply with legal obligations (e.g., responding to subpoenas or similar requests), enforce terms of service, or protect the Services, our rights, or the rights of our users or others.

In the past 12 months, we have disclosed the following categories of personal data for the purposes described above in "How We Collect and Use Your Personal Data" and "How We Disclose Personal Data":

Category Recipients
Identifiers (e.g., basic contact details, order/account information) Vendors, third-party service providers (e.g., ISPs, payment processors, fulfilment partners, customer support, data analytics providers), business/marketing partners, affiliates
Personal information categories listed under the California Customer Records law (e.g., basic contact details, order/account information) As above
Commercial information (e.g., order/purchase details, customer support records) As above
Internet/network activity (e.g., Usage Data) As above
Geolocation data (e.g., IP-derived location data) As above

We do not use or disclose sensitive personal information for purposes of inferring characteristics about you without your consent.

With your consent, we disclose personal data for advertising and marketing purposes as follows:

In the past 12 months, we have "sold" or "shared" (as defined by applicable law) personal data for advertising/marketing purposes as follows:

Category of Personal Data Recipients
Identifiers (e.g., name, email, phone number) Business/marketing partners
Commercial information (e.g., purchase records) Business/marketing partners
Usage Data Business/marketing partners

Third-Party Websites and Links

Our Site may contain links to third-party websites or online platforms. When you follow links to unaffiliated or uncontrolled sites, please review their privacy and security policies, as well as other terms. We do not guarantee or assume responsibility for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found there. Information you share in public or semi-public spaces, including on third-party social media platforms, may be viewable by other users of those platforms, with no restriction on use by us or third parties. The inclusion of such links does not imply endorsement of the content or its owners/operators, unless disclosed in the Services.

Children’s Data

The Services are not intended for children, and we do not knowingly collect personal data from children. If you are a parent/guardian of a child who has provided us with personal data, please contact us using the details below to request deletion.

As of the effective date of this Privacy Policy, we have no actual knowledge of "selling" or "sharing" (as defined by applicable law) personal data of individuals under 16.

Security and Retention of Your Data

No security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, information you send to us may not be secure during transmission. We recommend avoiding insecure channels for sharing sensitive or confidential information.

We retain personal data for as long as necessary to manage your account, provide the Services, comply with legal obligations, resolve disputes, or enforce applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the rights listed below regarding your personal data. These rights are not absolute and apply only in certain circumstances. In some cases, we may deny your request as permitted by law.

  • Right to Access/Information: You may request access to the personal data we hold about you, including details about how we use and disclose it.

  • Right to Deletion: You may request deletion of personal data we hold about you.

  • Right to Correction: You may request correction of inaccurate personal data we hold about you.

  • Right to Portability: You may request a copy of your personal data and, in certain cases, its transfer to a third party.

  • Right to Opt Out of Sale/Sharing/Targeted Advertising: You may instruct us not to "sell" or "share" your personal data or object to its processing for "targeted advertising" (as defined by applicable privacy laws). Note: If you visit our Site with the Global Privacy Control (GPC) opt-out signal enabled, we will automatically treat this as a valid request to opt out of "selling" or "sharing" for the associated browser/device.

  • Right to Restrict Processing: You may request that we stop or restrict processing of your personal data.

  • Right to Withdraw Consent: If we rely on your consent to process personal data, you may withdraw it at any time.

  • Right to Appeal: If we deny your request, you may appeal our decision by responding directly to our denial.

  • Managing Communication Preferences: We may send promotional emails, which you can opt out of using the unsubscribe link in such emails. Unsubscribing will not stop non-promotional emails (e.g., account or order-related communications).

You can exercise these rights as indicated on our Site or by contacting us using the details below.

We will not discriminate against you for exercising these rights. We may need to verify your identity (e.g., via email or account details) before responding substantively. Under applicable laws, you may designate an authorised agent to make requests on your behalf. We will require proof of authorisation and may need to confirm your identity directly. We will respond to requests within the timeframe required by law.

Complaints

If you have complaints about how we process your personal data, please contact us using the details below. If unsatisfied with our response, you may appeal by contacting us or lodging a complaint with your local data protection authority. For EEA residents, a list of supervisory authorities is available here.

International Users

Please note that we may transfer, store, and process your personal data outside your country of residence. Your data may also be processed by staff, service providers, or partners in these locations.

When transferring personal data outside the UK or EEA, we rely on recognised mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent UK-approved contracts, unless the destination country has been deemed to provide an adequate level of protection.

Access Data and Hosting

You may visit our web pages without providing personal data. Each time you access a page, the web server automatically stores a server log file containing, for example, the requested file name, your IP address, date and time of access, volume of data transferred, and the requesting provider. This access data is used solely to ensure the smooth operation of the Site and improve our offering, based on our legitimate interest under Art. 6(1)(f) GDPR. All access data is deleted no later than seven days after your visit.

Data Processing for Contract Performance, Contact, and Customer Accounts

We collect personal data when you voluntarily provide it during ordering or contacting us (e.g., via contact form or email). Mandatory fields are marked as such because we need this data to process your order or request. Without it, you cannot complete an order or send a contact request. The specific data collected is evident from the input forms. This processing is based on Art. 6(1)(b) GDPR for contract performance.

If you consent under Art. 6(1)(a) GDPR, we use your data to create a customer account. After contract fulfilment or account deletion, your data will be restricted and deleted after statutory retention periods, unless you consent to further use or we reserve the right to additional data use.

Data Processing for Shipping

To fulfil contracts, we share your data with shipping service providers, to the extent necessary for delivering ordered goods. The same applies to manufacturers or wholesalers handling shipping on our behalf.

Some service providers are located outside the UK/EEA. Where recipients are in "third countries", we inform you of specific details in this Privacy Policy.

Data Processing for Payment Processing

For payment processing, we work with payment service providers and financial institutions. Depending on your chosen payment method, we share necessary payment data with the respective provider or bank under Art. 6(1)(b) GDPR. Some providers collect payment data directly via their website or integrated checkout. In such cases, their privacy policy applies.

For fraud prevention and payment optimisation, we may share additional data with service providers under Art. 6(1)(f) GDPR.

Email Marketing

If you subscribe to our newsletter, we use your email address to send it regularly, based on your consent under Art. 6(1)(a) GDPR. Unsubscribing is possible at any time via our contact details or the unsubscribe link in the newsletter.

Newsletters may be sent by service providers under data processing agreements. Contact us with any questions.

Cookies and Tracking Technologies

To enhance your Site visit and enable certain functions, we use Cookies and similar technologies on various pages. Cookies are small text files stored on your device. Some are deleted when you close your browser (session cookies), while others remain for future recognition (persistent cookies).

Cookies enable Site functions (e.g., shopping cart) and analyse usage to personalise content under Art. 6(1)(f) GDPR. You can adjust Cookie settings in your browser, but disabling them may impair Site functionality.

Social Media and Advertising Technologies

Our Site uses third-party technologies (e.g., Facebook, Google, Instagram) for personalised ads and marketing improvement, collecting data like IP addresses and browsing behaviour. This processing is based on consent under Art. 6(1)(a) GDPR, which you can revoke at any time.

Your Rights as a Data Subject

You have the right to:

  • Request access to your personal data under Art. 15 GDPR.

  • Request correction of inaccurate or incomplete data under Art. 16 GDPR.

  • Request deletion of your data under Art. 17 GDPR.

  • Request restriction of processing under Art. 18 GDPR.

  • Receive your data in a structured, machine-readable format or request its transfer under Art. 20 GDPR.

  • Lodge a complaint with a supervisory authority under Art. 77 GDPR.

For questions about data collection, processing, or your rights, contact us at:
Email: info@VinoandFriends.co.uk

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed. The current version is always available on our Site.

Contact

For questions about our privacy practices, this Privacy Policy, or to exercise your rights, email us at info@VinoandFriends.co.uk or write to:

VinoandFriends
Unit B6, 12th Floor,
Wing Wah Building,
No. 677 King's Road,
Quarry Bay, Hong Kong Island,
Hong Kong

Last Updated: April 2025

Frequently Asked Questions

1. My order hasn’t arrived yet – how much longer will it take?

 +

Our standard delivery within the UK usually takes 5–6 working days. In rare cases, due to postal delays or public holidays, it can take 2–3 days longer. Please also check your tracking link for the latest updates.

2. Do you provide tracking for orders?

 +

Yes. Once your order has been dispatched, you will receive an email with your tracking number and a link to track your parcel.

3. How much is shipping?

 +

Standard delivery is completely free. For insured express delivery, there is a small charge of £4.90.

4. Do you ship internationally?

 +

At the moment, we only ship within the United Kingdom & Irland. For international enquiries, please get in touch with our customer support team.

5. What should I do if my parcel arrives damaged?

 +

Please take clear photos of the parcel and the damaged item, and send them to our customer service team along with your order number. We will arrange a quick replacement or refund.

6. Can I cancel or change my order?

 +

You can request a change or cancellation as long as your order has not yet been dispatched. Please contact us as soon as possible.

7. What payment methods do you accept?

 +

We accept all major credit and debit cards (Visa, MasterCard, American Express), PayPal, and Klarna.

8. Can I return my item?

 +

Yes. You can return your order within 14 days of receiving it, provided it is unused and in its original packaging. Please contact us before sending anything back.

9. How do refunds work?

 +

Once we have received and inspected the returned item, we will issue a full refund within 5 working days via your original payment method.

10. What happens if I’m not home when delivery is attempted?

 +

The courier will either leave a calling card or attempt a second delivery. You can also use your tracking link to arrange a redelivery or collect the parcel from your local depot.