Last Updated: May 25, 2018
Coravin’s web servers automatically record the Internet Protocol (IP) addresses of visitors. The IP address is a unique number assigned to every computer on the internet. Generally, an IP address changes each time you connect to the internet (it is a “dynamic” address). Note, however, that if you have a broadband connection, depending on your individual circumstance, the IP address that we collect may contain information that could be deemed identifiable. This is because, with some broadband connections, your IP address doesn’t change (it is “static”) and could be associated with your personal computer.
As well as recording the IP addresses of users, Coravin may also keep track of sites that users visited immediately prior to visiting Coravin’s website and the search terms they used to find it. The web server keeps track of the pages visited on Coravin’s website, the amount of time spent on those pages and the types of searches done on them. Your searches remain confidential and anonymous. Coravin uses this information only for statistical purposes, to find out which pages users find most useful and to improve the website.
Coravin servers also capture and store information that your browser transmits. This includes:
1 Browser type/version
2 Operating system used
3 Screen resolution
4 Date and time of the server request
5 Volume of data transferred
6 Access status (“file transferred,” “file not found” and so on)
This data will be used to generate statistics that help us to further optimize our websites to meet your individual needs. We will not deduce personal information from this data. Depending on the selection of privacy settings upon visiting Coravin’s website, additional personal data processing may take place following your preferences.
Cookies are electronic placeholders that are placed on your computer by websites to track your individual movements on that website over time. Cookies used by Coravin are session-based and therefore last only for the duration of the user’s session. Cookies are used by the Coravin website to keep track of user sessions to balance the usage of this website on all Coravin web servers. They are not tied to a specific identity — no identifiable personal information about you is stored by them.
If you do not want a cookie placed on your computer as a result of using a Coravin website, you can disable cookies altogether by modifying the preferences section of your web browser. Note that, if you do so, some aspects of Coravin websites may be unavailable to you. If you choose to accept cookies on your hard drive, but wish to be informed of their appearance, you may turn on a warning prompt by modifying the cookie-warning section also located in the preferences section of your web browser. For additional privacy protection, you may also use your web browser’s “do not track” (DNT) settings, which Coravin will adhere to.
Depending on your cookie consent selection of settings upon first visiting the website, Coravin uses persistent cookies. This type of cookie remains on your hard drive and provides information about the session you are in and waits for the next time you use that site again. This provides useful information to Coravin, enabling it to recognize repeat users, facilitate the user’s access to and use of the site, and allow a site to track usage behavior, which lets Coravin make content improvements. Such cookies are used only for this purpose, and they are not used to identify users or to track their usage of other sites.
Depending on your cookie consent selection of settings upon first visiting the Coravin website, tracking cookies, third-party cookies and other technologies such as web beacons may be used to process additional information, enable noncore functionalities on the Coravin website and enable referenced third-party functions (such as a social media “share” link).
Coravin’s websites may use a technology known as “web beacons” — sometimes called “single-pixel GIFs” — that allow the sites to collect website log information. A web beacon is a graphic on a web page or in an email message designed to track pages viewed or messages opened. Website log information is gathered when you visit one of our websites. The web server automatically recognizes information such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using, the type of operating system you are using, and the domain name and address of your internet service provider. We may also include web beacons in promotional email messages to determine whether the messages have been opened.
DO NOT TRACK (DNT)
Our web servers honor the DNT setting in all web browsers that currently support it. This means that you opt out of our and third-party tracking services, including behavior advertising.
EXTERNAL LINKS DISCLAIMER
Some of Coravin’s websites link to other sites created and maintained by other public- and/or private-sector organizations. Coravin provides these links solely for your information and convenience. When you transfer to an outside website, you are leaving the Coravin domain, and Coravin’s information management policies no longer apply. Coravin encourages you to read the privacy statement of each external website that you visit before you provide any personal data.
COMMUNICATING WITH US
If you choose to contact Coravin staff using an email address, a discussion forum, a blog, a text message or other electronic communications method, or if you choose to complete an online form provided on a Coravin website (for example, a customer feedback form), we may ask you to provide your name, email address or other personal data. You will be provided with a notice of collection statement, which includes Coravin’s legal authority for the collection; the principal purposes for which the personal data is intended to be used; and the title, business address and business telephone number of a Coravin employee who can answer questions about the collection.
The purpose of collecting this information is to allow staff to respond to your inquiry or to evaluate individual web services. Only authorized staff will have access to the information provided, and the information will be used only for the purpose it was intended.
Completed surveys are sent to staff anonymously. We will ask you to provide us only with a method of contacting you (email, phone, fax or mailing address) if you wish to be included in future surveys or to have us respond to you.
Coravin implements commercially reasonable technical and organizational security controls to protect your personal data against theft, loss or misuse. Your data will be stored in a secure operating environment that is not accessible without authorization. Coravin applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your personal data.
Coravin has put in place appropriate physical, technical and administrative procedures to safeguard and secure the information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Coravin cannot guarantee the security of information on or transmitted via the internet.
- When you enter sensitive information (such as credit card numbers and passwords):
- We encrypt that information to protect against eavesdropping using an industry-standard Secure Hash Algorithm (SHA-256) to hash all data that does not require decryption such as password.
- This data is further protected by encryption in storage.
- When you purchase items on the Coravin web sites, the order information, including your billing address and credit card information, will be provided to a PCI-compliant third party payment processor and the transmissions of credit card information always will be encrypted using industry standard encryption technology called secure socket layers (SSL). Coravin does not store credit card information on our servers. Only a validation code is transmitted to us over the internet allowing us to proceed with the transaction.
- We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise anomalous behavior.
- We may limit use of site features in response to possible signs of abuse, may remove inappropriate content or links to illegal content, and may suspend or disable accounts for violations of our terms and conditions https://www.coravin.com/privacy-legal/.
PERSONAL DATA ABOUT MINORS AND CHILDREN
If you are under 18, please do not provide any personal data about yourself to us. If we learn that we have collected personal data from a child under 18, we will delete that information as quickly as possible. If you believe that we might have any information from a child under the age of 18, without covering parental or guardian consent, please inform us through firstname.lastname@example.org.
Coravin does not knowingly collect data from or about children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at email@example.com
If you use our services and reside outside the U.S., your information will be transferred to the U.S. and will be processed and stored there under U.S. privacy standards. By using our services and providing information to us, you consent to such transfer to the U.S. and processing there.
We transmit your personal data only within countries of the European Economic Area (EEA) and to or from countries that provide adequate protection, as confirmed by the European Commission. For more information, see European Commission, “Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries.”
In compliance with the Privacy Shield Principles, Coravin commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Coravin at:
800 District Avenue
Burlington MA – 01803
+ 1 781 262 3500
Coravin has further committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.privacytrust.com for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.
Under certain conditions, you are entitled to invoke binding arbitration for complaints not resolved by other means.
COLLABORATION WITH AUTHORITIES
Coravin will cooperate with the regulatory authorities — in particular, data protection agencies of the countries in which Coravin operates. This relates in particular to the notification of privacy breaches as required by law. Coravin will observe the authorities’ findings, provided that they have been rendered following due process of law. Coravin acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
WHAT PERSONAL DATA WE USE
- Coravin uses the following personal data in line with the use purposes explained below:
- Your name and contact details
- Communication details
- Authentication data
- Online profile data
- Online activity/profile usage
- Purchasing information
- Payment methods and history
- Information about the device(s) you use
- Information about the service usage
- Support information
- Social media profile plug-in information
- Date of birth
- Copy of prove of purchase
- Your credit card information
- Subscription preferences
- Any other information you upload or provide us with
HOW WE USE PERSONAL DATA
- Coravin uses the information collected to provide a safe, efficient and customized experience. Here are some of the details on how we do that:
- To process your purchase orders — We use the information we collect to process and fulfill our purchase orders, to measure and improve your purchase experience and web site navigation, and to provide you with customer service. We use the information to prevent potentially illegal activities and to enforce our terms and conditions. We also use a variety of technological systems to detect and address anomalous activity and to prevent abuse or fraud. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users.
- To manage product registration and the Club Coravin — We use the information we collect to provide our services and features to you, to measure and improve those services and features, and to provide you with customer support.
- To offer promotions, personalized communication and experiences – We use the information we collect to enable personalized communication, web experience and content or deliver targeted promotions. You may opt out of all communications except for the order confirmation, invoices and shipment notification that are essential to your purchase order processing.
HOW LONG WE USE PERSONAL DATA
- To maximize privacy protection, Coravin structurally deletes your personal information after the useful period. Following legal requirements:
- To process your purchase orders — We retain the personal data as indicated for this purpose for 3 years after the last purchase for financial audit.
- To manage product registration and the Club Coravin — We retain the personal data as indicated for this purpose for 3 years after the last product registration for warranty management.
- To offer promotions, personalized communication and experiences – We retain the personal data as indicated for this purpose for 3 years.
WHO ELSE MAY PROCESS PERSONAL DATA
- Coravin may share the information collected with third parties to provide a safe and efficient payment processing and fulfill the orders. Here are some of the details on how we do that:
- To make a payment or manage subscriptions: When you make payments on Coravin’s website or subscribe to automatic delivery, we will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy, and adequately protect your information.
- To fulfill purchase orders, Coravin makes use of external service providers that may process your personal data on our behalf. Coravin ensures via contracts and assurance measures that our promise to protect your privacy is extended to apply to the processing of personal data by these third parties, where such processing activities are under the responsibility of Coravin. The following aspects are highlighted for relevance
- To respond to legal requests and prevent harm: Coravin reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as terrorist attacks), Coravin reserves the right to share our entire database of visitors and customers with appropriate governmental authorities.
We never sell your personal data to third parties, such as marketers, without your consent. We do not provide any personal data to “people finder,” “public directory” or “white pages” sites.
Coravin is committed to the Privacy Shield Principles of accountability for onward transfer. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage).
YOUR RIGHT TO ACCESS PERSONAL DATA
In addition to the information that is available on Coravin’s website, you have the right to access the personal data that Coravin holds about you, all subject to the exemptions as contained in applicable laws and regulations. If you request the data, then Coravin will assist you. Your identity will need to be confirmed before you are provided with access to personal data. Generally, Coravin does not charge for providing information, but if the request requires significant staff time, Coravin reserves the right to charge a fee for such requests.
We ask that you put your request in writing. An access request form is available on Coravin’s website and in all locations for you to fill out.
All formal access requests will be directed to the chief privacy officer, who will then review each request to determine whether Coravin will disclose the requested information. The privacy officer will also receive and address all privacy complaints that Coravin receives. The privacy officer can be reached at the address listed on the “Contact Us” page.
You will be notified if access to the records you have requested is granted or denied, and which exemptions apply.
YOUR RIGHT TO CORRECT OR AMEND PERSONAL DATA
If you believe there is a mistake in your personal data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Coravin’s files are incorrect. We will amend the erroneous data within 30 days and will notify you once the correction you have requested has been completed.
YOUR RIGHT TO BE FORGOTTEN
Coravin does not store personal data without a predefined and documented purpose. We follow laws that require us to delete personal data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of “the right to be forgotten.”
Where the personal data that Coravin holds is based on the consent you provided, and you wish to be removed from our systems prior to the retention period indicated in the “How Long We Use Personal Data” section, please contact our privacy officer at the address listed on the “Contact Us” page.
ENFORCEMENT AND AUDIT
We encourage anyone interested to raise any concerns using the contact information provided in our “Contact Us” page, and we will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data.
COLLABORATION WITH AUTHORITIES
Coravin will cooperate with the regulatory authorities — in particular, data protection agencies of the countries in which Coravin operates. This relates in particular to the notification of privacy breaches as required by law. Coravin will observe the authorities’ findings, provided that they have been rendered following due process of law.
- If you would like to address your complaint to a third party, you may consider the following groups:
- U.S. Federal Trade Commission’s Complaint Assistant
Certain countries provide restrictions relating to automated decisions that affect individuals. Such automated decisions that affect individuals are decisions that are the result of the automated processing of personal data and that have a legal effect on the individual, or affect him or her negatively.
Coravin does not render any automated decisions that affect individuals.
REVIEW AND RATIFICATION
“Personal data” (or “personal information”) means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
“Special Categories of Personal Data” pertains to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life.
“Sensitive personal data” either indicates “special categories” (see above), or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached.
“Anonymization” is the deletion or changing of personal data in such a way that this personal data can no longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost and work.
“Pseudonymization” is the replacement of an individual’s name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult. Pseudonymization techniques include certain levels of masking, redaction, tokenization and/or encryption of personal data.
“Consent” is any freely given, specific and transparently, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).
COMPLAINTS AND COMMUNICATION (“CONTACT US”)
Coravin’s website and all its gateways are governed by the policies and principles outlined above. For more information relating to your privacy, contact:
800 District Avenue
Burlington MA – 01803
+ 1 781 262 3500
SOURCES AND REFERENCES
Standards and frameworks:
1 EU General Data Protection Regulation (GDPR)
2 EU-U.S. Privacy Shield Agreement