/ Legal

Privacy Policy

Operated by VINTR GLOBAL LIMITED, a company incorporated in Hong Kong. Contact: Hello@vintr.co · vintr.co

Effective date: [to be confirmed on publication]

This policy explains what personal data vin/tr handles, why, and the rights you have. The data controller is VINTR GLOBAL LIMITED, a Hong Kong company contactable at Hello@vintr.co. As a Hong Kong data user, we are subject to the Personal Data (Privacy) Ordinance (PDPO) and its data protection principles. Because we also serve producers in Europe, the Americas and Oceania and reach importer contacts in many markets, we additionally apply the standards of the EU General Data Protection Regulation (GDPR) and respect the equivalent rights given by other applicable laws.

1. Who this policy covers

We handle two distinct groups of personal data, and your rights are the same for both:

  • Clients and website visitors — producers who sign up or enquire, and people who browse the Website;

  • Importer and prospect contacts — the business contacts in our outreach database, who receive campaigns we run on behalf of our producer clients.

2. Information we collect

2.1 Information clients provide

When you enquire or sign up, we collect the details you give us, which may include: your name and role, your winery or company, region and website, email and phone number, information about your wines (style, volume, production approach, price positioning), the markets you want to reach, and your outreach preferences and exclusions. Payment is processed by Stripe; we do not store full card numbers.

2.2 Information we collect automatically

When you visit the Website, our hosting and security provider (Cloudflare) and our server logs may receive technical data such as your IP address, browser type and version, operating system, referring pages, and the pages you view. The Website also loads a script library from a third-party public CDN, which means that provider receives your IP address when the page loads.

2.3 Importer and prospect data

Our outreach database contains business contact details of importers, distributors and buyers, which may include name, role, company, business email, country and market focus. This data is compiled from publicly available business sources, from our own professional network built over years in the wine trade, and through data enrichment. Because this data is not collected from the individuals directly, we make this policy available to them and identify ourselves clearly in every message we send.

For clients, we process data to provide the service and perform our agreement with you (running your campaigns and account), to meet legal obligations such as invoicing and tax, and on the basis of our legitimate interest in operating, securing and improving the service.

For website visitors, we process technical data on the basis of our legitimate interest in operating and securing the Website.

For importer and prospect contacts, we process business contact data to carry out business-to-business outreach on behalf of our producer clients. Where the EU or UK GDPR applies, our basis is our legitimate interest in B2B prospecting. Rules for commercial messages differ by country: some markets allow B2B outreach on an opt-out basis (for example the United States, and broadly the EU and Australia), while others require prior consent (for example Canada). We therefore build every campaign to a common standard: each message identifies the sender and the producer it is sent for, states why the contact is approached, and includes a simple, working opt-out that we process promptly and record as a suppression. A recipient can object or opt out at any time, after which we stop contacting them and remove or suppress their details. In line with the direct-marketing provisions of the PDPO, the first time we use a contact’s data for outreach we make their opt-out right clear at no cost to them.

4. Who we share data with

We share personal data with service providers who help us run the Website and the service, acting on our instructions. These currently include:

  • Stripe — payment processing;

  • Make — workflow automation;

  • Softr and Airtable — account, forms and database;

  • Cloudflare — website hosting, delivery and security;

  • Google Workspace — email and internal operations;

  • Mailreach and Instantly — email deliverability and outreach sending;

  • Anthropic — AI processing used in parts of our workflow;

  • Public CDN — website scripts.

We may also disclose data where required to comply with law, to enforce our terms, or in connection with a merger, acquisition or sale of assets, in which case data may transfer to the successor subject to this policy. We do not sell personal data.

5. International transfers

We are based in Hong Kong and several of our providers are based in the United States or other countries, so your personal data may be transferred to and processed in countries outside your own, which may have different data-protection rules. As a Hong Kong data user, we remain responsible for personal data handled on our behalf by overseas providers, and we use contractual safeguards to that end, including the kind of model contractual clauses recommended by the Hong Kong Privacy Commissioner. Where we transfer personal data out of the European Economic Area or the United Kingdom, we rely on appropriate safeguards such as standard contractual clauses or our providers’ own transfer frameworks.

6. How long we keep data

We keep client data for as long as you are a client and for the periods afterwards required for legal, tax and accounting purposes. We keep importer and prospect data for as long as it remains relevant for outreach, and we remove or suppress it on objection or opt-out. Reply data generated by a campaign is provided to the client it was generated for. When data is no longer needed, we delete or anonymize it.

7. Your rights

Subject to the law that applies to you, you have the right to: request access to the personal data we hold about you; ask us to correct inaccurate data; ask us to delete your data; object to processing, including our outreach; ask us to restrict processing; request a copy of certain data in a portable form; and withdraw any consent you have given. Importer and prospect contacts can object or opt out at any time and we will act on it. The exact rights, and the authority you can complain to, depend on your location and may arise under the Hong Kong PDPO, the EU or UK GDPR, Brazil’s LGPD, the California CCPA and CPRA and other US state laws, Canada’s PIPEDA, Australia’s Privacy Act or New Zealand’s Privacy Act, among others. To exercise any right, or to complain, email Hello@vintr.co;

8. Security

We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Where the law requires it, we will notify the relevant authority and affected people of a personal-data breach.

9. Children

The Website and service are intended for businesses and are not directed at children. We do not knowingly collect personal data from anyone under 18.

10. Changes and contact

We may update this policy to reflect changes in our practices or the law, and will update the effective date when we do. For any privacy question or request, contact VINTR GLOBAL LIMITED at Hello@vintr.co.