Data protection

PRIVACY POLICY

Status: May 2026

1. Controller

The controller in the sense of the General Data Protection Regulation (GDPR) is:

ESSENTIAL WINES UG (haftungsbeschränkt) Auenstraße 68 80469 Munich Phone: +49 (0) 173 571 11 53 E-Mail: info@essential-wines.com Managing Director: Felix Bitta

2. What data we collect

When you visit our shop or place an order, we collect the following personal data:

Contact data such as name, address, billing address, delivery address, phone number and email address; Payment information such as credit card or debit card details, payment confirmations and transaction details; Account information such as username, password and settings, if you create an account; Order information such as items ordered, shopping cart contents, past transactions, and returns or cancellations; Communication data such as the content of your messages to us, e.g. for customer inquiries; Device information such as IP address, browser type and network connection; Usage data such as your interaction behavior on our website.

3. How we use your data

We use your personal data for the following purposes:

For contract fulfillment – to process orders, handle payments, arrange deliveries and process returns and exchanges (legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR). For communication – to provide you with order confirmations, notifications and customer service (legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR). For security and fraud prevention – to protect your account, detect fraudulent activities and ensure the security of our shop (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR). To comply with legal obligations – to comply with legal requirements or to respond to official requests (legal basis: Art. 6 para. 1 sentence 1 lit. c GDPR). To improve our offerings – to further develop our shop and our services (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR).

4. Shopify as a Processor

Our online shop is operated on the Shopify platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify processes your data on our behalf to provide the online shop and to process orders and payments. We have concluded a data processing agreement with Shopify in accordance with Art. 28 GDPR. Furthermore, Shopify uses your data for its own extended functions, for which Shopify acts as the data controller. Further information can be found at https://www.shopify.com/legal/privacy and at https://privacy.shopify.com/en.

Shopify Payments

Payment processing is handled via Shopify Payments. The data required for payment processing is transferred to Shopify. Processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR.

5. Disclosure of data to third parties

We only disclose your personal data to third parties in the following cases: for contract processing, e.g. to shipping service providers; to Shopify and service providers used by Shopify for IT, payment processing and fulfillment; if you have expressly consented; and if we are legally obliged to do so.

Your data may be transferred to third countries outside the EU/EEA when using Shopify. Shopify relies on the standard contractual clauses of the European Commission as an appropriate safeguard in accordance with Art. 46 GDPR.

6. Cookies

Our shop uses technically necessary cookies, which are required for the operation of the shop, e.g. for the shopping cart and session management. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. You can deactivate cookies in your browser, but this may limit the functionality of the shop. You can adjust your cookie settings at any time via the cookie settings in our shop.

7. Data security

We use SSL/TLS encryption for the transmission of your data. Please note that no security measure can guarantee absolute protection. We recommend that you do not transmit confidential information via insecure channels and keep your access data secure.

8. Storage period

We store your personal data only for as long as necessary for the fulfillment of the above-mentioned purposes or as required by statutory retention periods. After expiry of the respective periods, your data will be routinely deleted.

9. Your rights

You have the following rights regarding your personal data: Right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR) and the right to withdraw a given consent.

To exercise your rights, please contact: info@essential-wines.com

For rights regarding data processing by Shopify, please contact Shopify directly via the Shopify Privacy Portal: https://privacy.shopify.com/en

10. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for us is:

Bavarian State Commissioner for Data Protection (BayLfD) Wagmüllerstraße 18 80538 Munich www.datenschutz-bayern.de

11. Minors

Our shop is not intended for children and minors. We do not knowingly collect personal data from individuals under 16 years of age. Should you, as a parent or guardian, discover that your child has provided us with personal data, please contact info@essential-wines.com.

12. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements. The current version is always available at www.essential-wines.com.