Our web servers honor the DNT setting in all web browsers that currently support it. This means that you opt out of our and third-party tracking services, including behavior advertising.
Communicating With Us
If you choose to contact Coravin staff using an email address, a discussion forum, a blog, a text message or other electronic communications method, or if you choose to complete an online form provided on a Coravin website (for example, a customer feedback form), we may ask you to provide your name, email address or other personal data. You will be provided with a notice of collection statement, which includes Coravin's legal authority for the collection; the principal purposes for which the personal data is intended to be used; and the title, business address and business telephone number of a Coravin employee who can answer questions about the collection.
The purpose of collecting this information is to allow staff to respond to your inquiry or to evaluate individual web services. Only authorized staff will have access to the information provided, and the information will be used only for the purpose it was intended.
Completed surveys are sent to staff anonymously. We will ask you to provide us only with a method of contacting you (email, phone, fax or mailing address) if you wish to be included in future surveys or to have us respond to you.
Coravin implements commercially reasonable technical and organizational security controls to protect your personal data against theft, loss or misuse. Your data will be stored in a secure operating environment that is not accessible without authorization. Coravin applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your personal data.
Coravin has put in place appropriate physical, technical and administrative procedures to safeguard and secure the information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Coravin cannot guarantee the security of information on or transmitted via the internet.
When you enter sensitive information (such as credit card numbers and passwords):
- We encrypt that information to protect against eavesdropping using an industry-standard Secure Hash Algorithm (SHA-256) to hash all data that does not require decryption such as password.
- This data is further protected by encryption in storage.
- When you purchase items on the Coravin web sites, the order information, including your billing address and credit card information, will be provided to a PCI-compliant third party payment processor and the transmissions of credit card information always will be encrypted using industry standard encryption technology called secure socket layers (SSL). Coravin does not store credit card information on our servers. Only a validation code is transmitted to us over the internet allowing us to proceed with the transaction.
- We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise anomalous behavior.
- We may limit use of site features in response to possible signs of abuse, may remove inappropriate content or links to illegal content, and may suspend or disable accounts for violations of our terms and conditions https://www.coravin.com/privacy-legal/.
Personal Data About Minors and Children
If you are under 18, please do not provide any personal data about yourself to us. If we learn that we have collected personal data from a child under 18, we will delete that information as quickly as possible. If you believe that we might have any information from a child under the age of 18, without covering parental or guardian consent, please inform us through the "Contact Us" page.
Coravin does not knowingly collect data from or about children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org
Coravin adheres to the Privacy Shield transatlantic transfer agreement between the U.S. Department of Commerce and the EU. For personal data of employees, consumers, healthcare professionals, medical research subjects and investigators, customers, investors, and government officials that Coravin receives from, or processes on behalf of an organization in, the EEA, Coravin has committed to handling such personal data in accordance with the Privacy Shield Principles. As part of our participation, we agree to resolve all disputes you have with us in connection with our policies and practices through PrivacyTrust Privacy Shield Program. To view our certification, visit the Privacy Shield Framework website.
What Personal Data We Use
Coravin uses the following personal data in line with the use purposes explained below:
- Your name and contact details
- Communication details
- Authentication data
- Online profile data
- Online activity/profile usage
- Purchasing information
- Payment methods and history
- Information about the device(s) you use
- Information about the service usage
- Support information
- Social media profile plug-in information
- Date of birth
- Copy of prove of purchase
- Your credit card information
- Subscription preferences
- Any other information you upload or provide us with
How We Use Personal Data
Coravin uses the information collected to provide a safe, efficient and customized experience. Here are some of the details on how we do that:
- To process your purchase orders — We use the information we collect to process and fulfill our purchase orders, to measure and improve your purchase experience and web site navigation, and to provide you with customer service. We use the information to prevent potentially illegal activities and to enforce our terms and conditions. We also use a variety of technological systems to detect and address anomalous activity and to prevent abuse or fraud. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users.
- To manage product registration and the Club Coravin — We use the information we collect to provide our services and features to you, to measure and improve those services and features, and to provide you with customer support.
- To offer promotions, personalized communication and experiences - We use the information we collect to enable personalized communication, web experience and content or deliver targeted promotions. You may opt out of all communications except for the order confirmation, invoices and shipment notification that are essential to your purchase order processing.
How Long We Use Personal Data
To maximize privacy protection, Coravin structurally deletes your personal information after the useful period. Following legal requirements:
- To process your purchase orders — We retain the personal data as indicated for this purpose for 3 years after the last purchase for financial audit.
- To manage product registration and the Club Coravin — We retain the personal data as indicated for this purpose for 3 years after the last product registration for warranty management.
- To offer promotions, personalized communication and experiences - We retain the personal data as indicated for this purpose for 3 years.
Who Else May Process Personal Data
Coravin may share the information collected with third parties to provide a safe and efficient payment processing and fulfill the orders. Here are some of the details on how we do that:
- To make a payment or manage subscriptions: When you make payments on Coravin's website or subscribe to automatic delivery, we will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy, and adequately protect your information.
- To fulfill purchase orders, Coravin makes use of external service providers that may process your personal data on our behalf. Coravin ensures via contracts and assurance measures that our promise to protect your privacy is extended to apply to the processing of personal data by these third parties, where such processing activities are under the responsibility of Coravin. The following aspects are highlighted for relevance
- To respond to legal requests and prevent harm: Coravin reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as terrorist attacks), Coravin reserves the right to share our entire database of visitors and customers with appropriate governmental authorities.
We never sell your personal data to third parties, such as marketers, without your consent. We do not provide any personal data to "people finder," "public directory" or "white pages" sites.
Your Right to Access Personal Data
In addition to the information that is available on Coravin's website, you have the right to access the personal data that Coravin holds about you, all subject to the exemptions as contained in applicable laws and regulations. If you request the data, then Coravin will assist you. Your identity will need to be confirmed before you are provided with access to personal data. Generally, Coravin does not charge for providing information, but if the request requires significant staff time, Coravin reserves the right to charge a fee for such requests.
We ask that you put your request in writing. An access request form is available on Coravin's website and in all locations for you to fill out.
All formal access requests will be directed to the chief privacy officer, who will then review each request to determine whether Coravin will disclose the requested information. The privacy officer will also receive and address all privacy complaints that Coravin receives. The privacy officer can be reached at the address listed on the "Contact Us" page.
You will be notified if access to the records you have requested is granted or denied, and which exemptions apply.
Your Right to Correct or Amend Personal Data
If you believe there is a mistake in your personal data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Coravin's files are incorrect. We will amend the erroneous data within 30 days and will notify you once the correction you have requested has been completed.
Your Right to Be Forgotten
Coravin does not store personal data without a predefined and documented purpose. We follow laws that require us to delete personal data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of "the right to be forgotten."
Where the personal data that Coravin holds is based on the consent you provided, and you wish to be removed from our systems prior to the retention period indicated in the "How Long We Use Personal Data" section, please contact our privacy officer at the address listed on the "Contact Us" page.
Enforcement and Audit
We encourage anyone interested to raise any concerns using the contact information provided in our "Contact Us" page, and we will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data.
Collaboration With Authorities
Coravin will cooperate with the regulatory authorities — in particular, data protection agencies of the countries in which Coravin operates. This relates in particular to the notification of privacy breaches as required by law. Coravin will observe the authorities' findings, provided that they have been rendered following due process of law.
Certain countries provide restrictions relating to automated decisions that affect individuals. Such automated decisions that affect individuals are decisions that are the result of the automated processing of personal data and that have a legal effect on the individual, or affect him or her negatively.
Coravin does not render any automated decisions that affect individuals.
Review and Ratification
"Personal data" (or "personal information") means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
"Special Categories of Personal Data" pertains to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life.
"Sensitive personal data" either indicates "special categories" (see above), or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached.
"Anonymization" is the deletion or changing of personal data in such a way that this personal data can no longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost and work.
"Pseudonymization" is the replacement of an individual's name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult. Pseudonymization techniques include certain levels of masking, redaction, tokenization and/or encryption of personal data.
"Consent" is any freely given, specific and transparently, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).
Complaints and Communication ("Contact Us")
Coravin's website and all its gateways are governed by the policies and principles outlined above. For more information relating to your privacy, contact:
800 District Avenue
Burlington MA - 01803
+ 1 781 262 3500
Sources and References
Standards and frameworks:
1 EU General Data Protection Regulation (GDPR)
2 EU-U.S. Privacy Shield Agreement