Our web servers honor the DNT setting in all web browsers that currently support it. This means that you opt
out of our and third-party tracking services, including behavior advertising.
Communicating With Us
If you choose to contact Coravin staff using an email address, a discussion forum, a blog, a text message or
other electronic communications method, or if you choose to complete an online form provided on a Coravin
website (for example, a customer feedback form), we may ask you to provide your name, email address or other
personal data. You will be provided with a notice of collection statement, which includes Coravin's legal
authority for the collection; the principal purposes for which the personal data is intended to be used; and
the title, business address and business telephone number of a Coravin employee who can answer questions about
The purpose of collecting this information is to allow staff to respond to your inquiry or to evaluate
individual web services. Only authorized staff will have access to the information provided, and the
information will be used only for the purpose it was intended.
Completed surveys are sent to staff anonymously. We will ask you to provide us only with a method of
contacting you (email, phone, fax or mailing address) if you wish to be included in future surveys or to have
us respond to you.
Coravin implements commercially reasonable technical and organizational security controls to protect your
personal data against theft, loss or misuse. Your data will be stored in a secure operating environment that
is not accessible without authorization. Coravin applies mitigation measures following periodic risk
assessments to ensure an adequate level of protection of your personal data.
Coravin has put in place appropriate physical, technical and administrative procedures to safeguard and
secure the information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Coravin
cannot guarantee the security of information on or transmitted via the internet.
When you enter sensitive information (such as credit card numbers and passwords):
- We encrypt that information to protect against eavesdropping using an industry-standard Secure Hash
Algorithm (SHA-256) to hash all data that does not require decryption such as password.
- This data is further protected by encryption in storage.
- When you purchase items on the Coravin web sites, the order information, including your billing address
and credit card information, will be provided to a PCI-compliant third party payment processor and the
transmissions of credit card information always will be encrypted using industry standard encryption
technology called secure socket layers (SSL). Coravin does not store credit card information on our servers.
Only a validation code is transmitted to us over the internet allowing us to proceed with the transaction.
- We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise
- We may limit use of site features in response to possible signs of abuse, may remove inappropriate content
or links to illegal content, and may suspend or disable accounts for violations of our terms and conditions
Personal Data About Minors and Children
If you are under 18, please do not provide any personal data about yourself to us. If we learn that we have
collected personal data from a child under 18, we will delete that information as quickly as possible. If you
believe that we might have any information from a child under the age of 18, without covering parental or
guardian consent, please inform us through the "Contact Us" page.
Coravin does not knowingly collect data from or about children under 18. If we learn that we have collected
personal information from a child under 18, we will delete that information as quickly as possible. If you
believe that we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org
Coravin complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce
regarding the collection, use, and retention of personal information transferred from the European Union to
the United States. Coravin has certified to the Department of Commerce that it adheres to the Privacy Shield
Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to
view our certification, please visit Privacy Shield.
In compliance with the Privacy Shield Principles, Coravin commits to resolve complaints about our collection
or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield
policy should first contact Coravin at:
28 Crosby Drive, Suite 101
Bedford, MA 01730
+ 1 781 262 3500
Coravin has further committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative
dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your
complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit
https://www.privacytrust.com for more information or to file a
complaint. The services of PrivacyTrust are
provided at no cost to you.
Under certain conditions, you are entitled to invoke binding arbitration for complaints not resolved by any
of the other Privacy Shield mechanisms. For additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
What Personal Data We Use
Coravin uses the following personal data in line with the use purposes explained below:
- Your name and contact details
- Communication details
- Authentication data
- Online profile data
- Online activity/profile usage
- Purchasing information
- Payment methods and history
- Information about the device(s) you use
- Information about the service usage
- Support information
- Social media profile plug-in information
- Date of birth
- Copy of prove of purchase
- Your credit card information
- Subscription preferences
- Any other information you upload or provide us with
How We Use Personal Data
Coravin uses the information collected to provide a safe, efficient and customized experience. Here are
some of the details on how we do that:
- To process your purchase orders — We use the information we collect to process and
fulfill our purchase orders, to measure and improve your purchase experience and web site navigation, and
to provide you with customer service. We use the information to prevent potentially illegal activities and
to enforce our terms and conditions. We also use a variety of technological systems to detect and address
anomalous activity and to prevent abuse or fraud. These efforts may, on occasion, result in a temporary or
permanent suspension or termination of some functions for some users.
- To manage product registration and the Club Coravin — We use the information we collect
to provide our services and features to you, to measure and improve those services and features, and to
provide you with customer support.
- To offer promotions, personalized communication and experiences - We use the
information we collect to enable personalized communication, web experience and content or deliver
targeted promotions. You may opt out of all communications except for the order confirmation, invoices and
shipment notification that are essential to your purchase order processing.
How Long We Use Personal Data
To maximize privacy protection, Coravin structurally deletes your personal information after the useful
period. Following legal requirements:
- To process your purchase orders — We retain the personal data as indicated for this
purpose for 3 years after the last purchase for financial audit.
- To manage product registration and the Club Coravin — We retain the personal data as
indicated for this purpose for 3 years after the last product registration for warranty management.
- To offer promotions, personalized communication and experiences - We retain the
personal data as indicated for this purpose for 3 years.
Who Else May Process Personal Data
Coravin may share the information collected with third parties to provide a safe and efficient payment
processing and fulfill the orders. Here are some of the details on how we do that:
- To make a payment or manage subscriptions: When you make payments on Coravin's website
or subscribe to automatic delivery, we will share transaction information with those third parties
necessary to complete the transaction. We will require those third parties to respect your privacy, and
adequately protect your information.
- To fulfill purchase orders, Coravin makes use of external service providers that may
process your personal data on our behalf. Coravin ensures via contracts and assurance measures that our
promise to protect your privacy is extended to apply to the processing of personal data by these third
parties, where such processing activities are under the responsibility of Coravin. The following aspects
are highlighted for relevance
- To respond to legal requests and prevent harm: Coravin reserves the right to share your
information to respond to duly authorized information requests of governmental authorities or where
required by law. In exceptionally rare circumstances where national, state or company security is at issue
(such as terrorist attacks), Coravin reserves the right to share our entire database of visitors and
customers with appropriate governmental authorities.
We never sell your personal data to third parties, such as marketers, without your consent. We do not
provide any personal data to "people finder," "public directory" or "white pages" sites.
If our company is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your
apply to your information as transferred to the new entity.
Your Right to Access Personal Data
In addition to the information that is available on Coravin's website, you have the right to access the
personal data that Coravin holds about you, all subject to the exemptions as contained in applicable laws
and regulations. If you request the data, then Coravin will assist you. Your identity will need to be
confirmed before you are provided with access to personal data. Generally, Coravin does not charge for
providing information, but if the request requires significant staff time, Coravin reserves the right to
charge a fee for such requests.
We ask that you put your request in writing. An access request form is available on Coravin's website and
in all locations for you to fill out.
All formal access requests will be directed to the chief privacy officer, who will then review each request
to determine whether Coravin will disclose the requested information. The privacy officer will also receive
and address all privacy complaints that Coravin receives. The privacy officer can be reached at the address
listed on the "Contact Us" page.
You will be notified if access to the records you have requested is granted or denied, and which exemptions
Your Right to Correct or Amend Personal Data
If you believe there is a mistake in your personal data, you have a right to ask for the information to be
corrected. We may ask you to provide documentation to show where Coravin's files are incorrect. We will
amend the erroneous data within 30 days and will notify you once the correction you have requested has been
Your Right to Be Forgotten
Coravin does not store personal data without a predefined and documented purpose. We follow laws that
require us to delete personal data if the reason for its collection and storage no longer exists. We believe
this fulfills the requirements of the privacy principle of "the right to be forgotten."
Where the personal data that Coravin holds is based on the consent you provided, and you wish to be removed
from our systems prior to the retention period indicated in the "How Long We Use Personal Data" section,
please contact our privacy officer at the address listed on the "Contact Us" page.
Enforcement and Audit
verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently
displayed, completely implemented and accessible, and in conformity with privacy principles.
We encourage anyone interested to raise any concerns using the contact information provided in our "Contact
Us" page, and we will investigate and attempt to resolve any complaints and disputes regarding the use and
disclosure of personal data.
Collaboration With Authorities
Coravin will cooperate with the regulatory authorities — in particular, data protection agencies of the
countries in which Coravin operates. This relates in particular to the notification of privacy breaches as
required by law. Coravin will observe the authorities' findings, provided that they have been rendered
following due process of law.
Certain countries provide restrictions relating to automated decisions that affect individuals. Such
automated decisions that affect individuals are decisions that are the result of the automated processing of
personal data and that have a legal effect on the individual, or affect him or her negatively.
Coravin does not render any automated decisions that affect individuals.
Review and Ratification
policy is communicated uniformly throughout the enterprise, all members of Coravin's board of directors will
page of our website or, if legally required, by directly sending you a notification. We encourage you to
"Personal data" (or "personal information") means any information relating to an identified or identifiable
natural person. An identifiable person is one who can be identified, directly or indirectly — in particular,
by reference to an identification number or to one or more factors specific to his or her physical,
physiological, mental, economic, cultural or social identity.
"Special Categories of Personal Data" pertains to personal data that reveals racial or ethnic origin,
political opinions, religious or philosophical beliefs, trade union membership, and the processing of data
concerning health or sex life.
"Sensitive personal data" either indicates "special categories" (see above), or is personal data of which
the sensitivity level has been assessed and classified, indicating potential severe impact on an individual
when confidentiality of such data is breached.
"Anonymization" is the deletion or changing of personal data in such a way that this personal data can no
longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in
terms of time, cost and work.
"Pseudonymization" is the replacement of an individual's name and other identifiable characteristics with a
label to prevent identification of the individual by unauthorized parties or to render such identification
substantially difficult. Pseudonymization techniques include certain levels of masking, redaction,
tokenization and/or encryption of personal data.
"Consent" is any freely given, specific and transparently, well-informed indication of the will of the
individual, whereby the individual agrees that his or her personal data may be processed. Particular
requirements about consent can arise from the respective national laws. Where possible, consent is obtained
in an explicit manner (unambiguously).
Complaints and Communication ("Contact Us")
Coravin's website and all its gateways are governed by the policies and principles outlined above. For more
information relating to your privacy, contact:
28 Crosby Drive, Suite 101
Bedford, MA 01730
+ 1 781 262 3500
Sources and References
Standards and frameworks:
1 EU General Data Protection Regulation (GDPR)
2 EU-U.S. Privacy Shield Agreement