Privacy policy

Introduction

We, Weingut Mittelbach Franz, Untere Hauptstraße 6, 3495 Rohrendorf bei Krems, Austria, take the protection of the data of users (“Users” or “you”) of our website and/or our mobile app (the “Website” or the “Mobile App”) very seriously and are committed to protecting the information that users provide to us in connection with the use of our website and/or mobile app (together: “digital assets”). We are also committed to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through your use of our digital assets (the “Services”) when you access them via your devices.

Please read this Privacy Policy carefully and ensure you fully understand our practices regarding your data before using our services. If you have read and fully understood this policy but do not agree with our practices, you must cease using our digital assets and services. By using our services, you acknowledge the terms of this Privacy Policy. Continued use of the services constitutes your agreement to this Privacy Policy and any changes made to it.

This Privacy Policy explains:

  • How we collect data

  • What data we collect

  • Why we collect this data

  • Who we share the data with

  • Where the data is stored

  • How long the data is retained

  • How we protect the data

  • How we handle minors' data

  • Updates or changes to this Privacy Policy

What Data Do We Collect?

Here is an overview of the types of data we may collect:

  • Non-identifiable and non-identifying information that you provide during the registration process or that is collected via your use of our services (“non-personal data”). This data does not allow us to identify who it was collected from. Non-personal data mainly consists of technical and aggregated usage information.

  • Personally identifiable information, i.e. information that can identify you or that could identify you with reasonable effort (“personal data”). This may include, from time to time, name, email address, address, phone number, IP address, and more. If we combine personal data with non-personal data, we will treat the combined data as personal data for as long as it remains combined.

How Do We Collect Data?

Here are the main methods we use to collect data:

  • We collect data through your use of our services. When you visit our digital assets and use our services, we may collect, record, and store usage and session data.

  • We collect data you provide directly to us, for example when you contact us via a communication channel (e.g., email with a comment or feedback).

  • We may collect data from third-party sources as described below.

  • We collect data when you log in to our services via a third party such as Facebook or Google.

Why Do We Collect This Data?

We may use your data for the following purposes:

  • To provide and operate our services;

  • To further develop, customize, and improve our services;

  • To respond to your feedback, requests, and support needs;

  • To analyze usage patterns and demands;

  • For internal statistical and research purposes;

  • To enhance our data security and fraud prevention capabilities;

  • To investigate, detect, prevent, or address illegal activities or misconduct;

  • To comply with applicable laws, regulations, or legal requests;

  • To send you updates, promotional content, or service-related notices. You may opt out of promotional emails by clicking the unsubscribe link.

Who Do We Share Your Data With?

We may share your data with our service providers to operate our services (e.g., data storage through third-party hosting services, technical support, etc.).

We may also disclose your data in the following circumstances:

  • To investigate or prevent illegal activities or misconduct;

  • To establish or exercise our legal rights;

  • To protect our rights, property, or personal safety and that of our users or the public;

  • In the event of a change of control of our business or affiliates (e.g., merger or acquisition);

  • To collect, hold, and/or manage your data via authorized third parties (e.g., cloud service providers);

  • To work with third parties to improve user experience.

Please note: we may share non-personal data at our discretion.

Category: User Has a Blog or Forum

Our services may allow social interaction (e.g., posting content or chatting). Please be aware that any information you share in these areas may be seen, collected, and used by others. Do not post anything you do not wish to make public. Uploading content is at your own risk. We cannot control other users’ actions and your data may remain accessible in cached or archived pages even after deletion.

Cookies and Similar Technologies

When you visit or use our services, third parties may deploy web beacons, cookies, pixel tags, scripts, and similar technologies (“tracking technologies”). These may automatically collect data to enhance your user experience, improve performance, ensure security, and prevent fraud.

For more details, please see our Cookie Policy.

Category: User Not Connected to Ad Services

We do not share your email or personal data with advertising networks without your consent.

Category: User Connected to Ad Services or Facebook Ads

We may display targeted ads via our services, including based on recent browsing activity. This may involve using cookies, JavaScript, web beacons, and other technologies. We may also work with third-party ad networks. These technologies are subject to the privacy policies of those third parties.

Where Do We Store the Data?

Non-personal data may be stored and processed in various jurisdictions around the world.

Personal data may be maintained in the United States, Ireland, South Korea, Taiwan, Israel, and other jurisdictions where required for proper service provision or legal compliance.

How Long Do We Retain Data?

We retain collected data as long as needed to provide our services, comply with legal obligations, resolve disputes, and enforce agreements.

We may correct, amend, or delete inaccurate or incomplete data at our discretion.

How Do We Protect the Data?

Our digital assets are hosted on a platform that provides us with the online infrastructure to offer our services. Your data may be stored via the hosting provider’s data storage, databases, and general applications. It is stored on secure servers behind a firewall, with HTTPS access to most areas.

Category: User Accepts Payments / eCom

All payment methods used by us and our hosting provider comply with PCI-DSS standards set by the PCI Security Standards Council (including Visa, MasterCard, American Express, and Discover). These standards help ensure secure handling of credit card data.

Despite our and our hosting provider’s efforts, we cannot guarantee absolute data security. We encourage you to use strong passwords and avoid sending sensitive information via insecure channels such as email or instant messaging.

How Do We Handle Minors' Data?

Category: User Does NOT Collect Data from Minors

Our services are not intended for minors. We do not knowingly collect data from minors. If you are not of legal age, do not use our services or provide any information.

We reserve the right to request age verification and may restrict or delete data of underage users.

Category: User Collects Data from Minors

If children use our services, we may collect limited data. Parental consent will be obtained where required by law. Parents may access, request deletion of, or object to further data collection.

We may deny access if identity verification is insufficient. Certain legal obligations may prevent us from deleting specific data.

Legal Basis for Processing Personal Data

We only use personal data when:

  • It is necessary to fulfill or enter into a contract;

  • It is necessary to comply with legal obligations;

  • It supports our legitimate business interests (in a proportionate and rights-respecting manner).

Your Rights under the GDPR

If you reside in the EU, you may:

  • Request confirmation of data processing;

  • Request access to and a copy of your personal data;

  • Request correction or deletion of your personal data;

  • Object to processing;

  • Request processing restrictions;

  • File a complaint with a supervisory authority.

These rights are subject to legal limitations and legitimate business interests.

We may transfer your data globally, including outside the EEA. In such cases, we ensure adequate safeguards are in place.

Your Rights under the California Consumer Privacy Act (CCPA)

If you reside in California, you may request access to or deletion of your personal data under the CCPA.

To exercise your rights, please contact us as described below.

Category: The Website Does Not Sell User Data

We do not sell users’ personal data for CCPA purposes.

Category: Website with Blog or Forum

California residents under 18 may request deletion of published content by emailing us (see “Contact” section). Please label your request as “California Removal Request” and include enough detail to identify the content.

Please note: complete removal is not guaranteed. Others may republish your content.

Updates or Changes to the Privacy Policy

We may update this Privacy Policy at our discretion. The latest version is always available on our website. We encourage you to review it regularly. Continued use after changes indicates acceptance of the updated policy.

Contact

If you have general questions about the services or data we collect and how we use it, please contact us:

Name: Weingut Mittelbach Franz
Address: Untere Hauptstraße 6, 3495 Rohrendorf bei Krems, Austria
Email: office@weine-mittelbach.at

DISCLAIMER

The information provided herein does not constitute legal advice. Legal requirements may vary by state or jurisdiction. You are responsible for ensuring that your services comply with applicable laws. We strongly recommend consulting a professional to ensure full legal compliance.