Vinius Privacy & GDPR Policy

    Version: 1.0
    Effective Date: February 7, 2026

    This Privacy & GDPR Policy ("Policy") explains how Vinius collects, uses, shares, and protects personal data when you use the Vinius platform, including our web and mobile applications, APIs, and related services (collectively, the "Platform").

    This Policy is intended to be compliant with EU data protection law (including the GDPR), and it also addresses rights that may apply in the UK and certain U.S. jurisdictions. If there is any conflict between this Policy and a signed data processing agreement ("DPA") with your organization, the DPA will control.

    This Policy focuses on privacy and data protection. Terms and Conditions are provided separately.

    1. Who We Are

    Data Controller (for account and platform administration): Vinius V.O.F. (VAT BE 1021.970.422) Registered address: Kattendansstraat 82 3500 Hasselt Belgium Contact email: privacy@govinius.com

    Data Protection Officer (if applicable): Bruno Braes Contact email: bruno@govinius.com

    UK/EU Representative (if applicable): Bruno Braes (bruno@govinius.com)

    If you use Vinius on behalf of an organization, we act as a data processor for the personal data your organization uploads or manages within the Platform ("Customer Data"), and your organization is the data controller for that data.

    2. Scope

    This Policy applies to:

    • Visitors to our websites
    • Users of our applications and APIs
    • Customers and organizations using the Platform
    • Applicants, partners, and business contacts

    3. Personal Data We Collect

    We collect the following categories of personal data, depending on how you use the Platform:

    3.1 Account and Profile Data

    • Name, email address, password (hashed), role, organization, and profile details
    • Optional profile data such as photo, biography, social links, certifications, and preferences

    3.2 Organization and Operational Data

    • Organization information (company name, address, VAT ID, billing contact)
    • User roles and permissions
    • Wine inventory records and operational logs that may include personal identifiers

    3.3 Content and Community Data

    • Tasting notes, reviews, images, comments, messages, and other user-generated content
    • Community interactions (followers, endorsements, clubs, announcements)

    3.4 Transaction and Billing Data

    • Subscription plan, invoices, payment status
    • Payment details are processed by third-party payment processors; we do not store full payment card details

    3.5 Device and Usage Data

    • IP address, browser type, device identifiers, operating system
    • Log data, time zone, timestamps, and interactions with the Platform

    3.6 Integrations and API Data

    • API keys, access scopes, and audit logs
    • Data exchanged with integrated systems (e.g., POS, analytics, storage, or authentication providers)

    3.7 Cookies and Similar Technologies

    • Cookies, pixels, and similar technologies for authentication, security, analytics, and preferences

    4. Legal Bases for Processing (GDPR)

    We process personal data under the following legal bases:

    • Contract: to provide the Platform, manage accounts, and deliver services
    • Legitimate interests: to improve and secure the Platform, prevent fraud, and develop new features
    • Legal obligation: to comply with tax, accounting, and regulatory requirements
    • Consent: for optional marketing communications and certain cookies (where required)

    You can withdraw consent at any time (see Section 10).

    5. How We Use Personal Data

    We use personal data to:

    • Provide and maintain the Platform and its features
    • Authenticate users and enforce access controls
    • Process subscriptions, billing, and support requests
    • Improve performance, reliability, and security
    • Provide analytics and insights related to inventory, pricing, and community activity
    • Deliver communications, service updates, and security notices
    • Comply with legal obligations and enforce our agreements

    6. AI and Automated Processing

    Vinius uses AI and automated tools to enrich wine data, suggest classifications, and provide insights. AI outputs are used to improve data quality and platform features. Where possible, we use aggregated or anonymized data to improve models and services.

    You remain responsible for the accuracy and compliance of data you rely on for business decisions.

    7. Sharing and Disclosure

    We may share personal data with:

    • Service providers: hosting, storage, analytics, email delivery, customer support, authentication, and security services
    • Integrations: POS systems, inventory tools, or other systems you connect to the Platform
    • Legal and compliance: where required by law, court order, or to protect rights and safety
    • Business transfers: in connection with a merger, acquisition, or asset sale

    We do not share personal data with third parties for their independent marketing purposes without your consent.

    8. International Transfers

    Vinius is based in the EU but may process data in other countries. When we transfer personal data outside the EEA or UK, we rely on appropriate safeguards such as:

    • Standard Contractual Clauses (SCCs)
    • The UK International Data Transfer Agreement (IDTA)
    • Other lawful transfer mechanisms recognized by applicable law

    9. Data Retention

    We retain personal data only as long as necessary for the purposes described in this Policy, including:

    • While your account is active
    • As required for legal, accounting, or regulatory obligations
    • For the establishment, exercise, or defense of legal claims

    We may anonymize or aggregate data for long-term analytics and platform improvement.

    10. Your Rights (EU / UK)

    If you are located in the EU or UK, you have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Delete your data ("right to be forgotten")
    • Restrict or object to processing
    • Data portability
    • Withdraw consent at any time
    • Lodge a complaint with your local supervisory authority

    UK users can also complain to the Information Commissioner's Office (ICO).

    11. Additional Rights for U.S. Residents

    Depending on your state of residence (e.g., California), you may have additional rights, including:

    • The right to know the categories and specific pieces of personal data collected
    • The right to delete personal data (subject to exceptions)
    • The right to correct inaccurate data
    • The right to opt out of certain data sharing ("sale" or "sharing" as defined by law)
    • The right to not be discriminated against for exercising privacy rights

    We do not sell personal data for money. If you wish to exercise U.S. privacy rights, contact us using the details in Section 14.

    12. Security

    We use technical and organizational measures to protect personal data, including encryption, access controls, audit logging, and least-privilege access. No system is fully secure; you are responsible for safeguarding your login credentials.

    13. Children's Privacy

    The Platform is not intended for individuals under the legal drinking age in their jurisdiction. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact us so we can take appropriate action.

    14. Contact and Requests

    To exercise your rights or ask questions:

    We may need to verify your identity before processing requests.

    15. Updates to This Policy

    We may update this Policy from time to time. We will post changes and update the "Last updated" date. If changes are material, we will provide additional notice as required by law.