Privacy Policy
Privacy Policy
Please use any of these quick links below to navigate to the appropriate section of the privacy policy.
Summary of how we use your information
We will use your information in order to comply with your requests, correspond with you, and process any wine orders you make with us or with our related companies.
This information will be shared with our related companies.
Where we rely on your consent (such as to send you marketing), you can withdraw this consent at any time. More details on how to withdraw consent are set out below.
Mancini di Lucca Winery and your privacy
Mancini di Lucca Winery, LLC and its related entities and brands (MDL, we or us) are committed to protecting the privacy of individuals’ personal information. We will only collect, use or disclose personal information in accordance with relevant laws, to the best of our understanding, and this privacy policy. Please do not provide us with your personal information if you are not of legal age to purchase alcohol in the jurisdiction where you live or if you do not agree to the terms in this policy.
Information you give us
You provide us with information about yourself when corresponding with us, entering our competitions, buying our wines or when using or registering on our websites. This may include:
when you transact with us online, over the phone or in person;
when you enter a promotion or competition conducted by us (including via our websites or through social media sites);
when you visit and/or register to use one of our websites or when you participate in discussion boards or other social media functions on our websites; or
when you contact us to request information or support in relation our company, products or services (including about our brands, shares in our company, product quality, visiting our sites for employment opportunities).
If you buy wine from us online for example, we will require you to provide us with your name, address and phone number so we can process your order and deliver your wine to you. We will also require your date of birth to verify that you are of legal drinking age, and your credit card number to process the sale.
Information collected by us and our use of cookies
Apart from the information you give us directly, we also automatically collect information about you when you visit our websites, including through the use of cookies. Cookies are small data files that are downloaded onto your computer when you visit a particular website. The information we collect is:
technical information such as your computer’s IP address, hardware type, browser type, device identifier and screen type/resolution;
any search terms entered on our website;
general location data based on your device or IP address;
any technical errors or exceptions; and
information about your visit such as the products you viewed or searched for, the length of your visit, page load speed, and the pages that you visited.
Cookies help us gather and store information about visitors to our websites. They help our websites remember what you chose on previous pages (to avoid having to re-enter information) and can help us to identify you as a unique visitor, tailor content based on past visitation and provide you with an optimized experience.
We use the following categories of tracking technologies on our websites:
Strictly Necessary tracking technology- these technologies are essential in order to enable you to move around our websites and use their features.
Performance related tracking technology- these technologies collect anonymous information on how people use our websites. For example, we use Google Analytics to help us understand how users arrive at our websites, browse or use our websites and highlight areas where we can improve areas such as navigation, interface experience and marketing campaigns. The data stored by these technologies never shows personal information from which your individual identity can be established.
Functionality related tracking technology– these technologies remember choices you make such as the country you visit our websites from, your completion of the age verification check, language preferences and search parameters. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant. The information these technologies collect may be anonymized and they cannot track your browsing activity on other sites.
Targeting or advertising related tracking technology– these technologies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. These technologies are usually placed by third party advertising networks. They remember the sites you visit and that information is shared with other parties such as advertisers. For example, we use third party companies such as Facebook and Google to provide you with more personalized advertisements when visiting other websites and social networks. A mix of first party and third party cookies are used.
Social Media related tracking technologies- these technologies allow you to share content from our websites on social media such as Facebook and Twitter, or use your login to these social networks to verify your age when visiting our websites. These technologies are not within our control. Please refer to the respective privacy policies for how their technologies work.
Commerce related technologies– these technologies are essential in order to enable a functional online shopping experience across our websites, stores and payment/checkout. They keep track of what products and quantities are in your shopping cart, your membership level, your country / state (if applicable for tax or shipping compliance reasons) and any coupons or discounts you are utilizing.
If you prefer not to receive cookies you can adjust your Internet browser to refuse cookies or to warn you when cookies are being used. However, some parts of our websites will not function if cookies are turned off. We therefore strongly recommend that you leave cookies fully functional. For more information about cookies please see https://www.allaboutcookies.org/cookies/.For information about how to manage cookies, including how to disable cookies in most Internet browsers, see here. You can also opt-out of targeted ads from Facebook and Google by visiting their web sites.
For California residents, additional information regarding the categories of personal information we collect is found in the “Your California Privacy Rights” Section below.
Our use of your information
We will not use your information to carry out electronic marketing unless we have your consent. For example, if you have entered a promotion in relation to our products, we may obtain your consent to send marketing materials about those products. If you receive electronic communications from us, we will always provide you with an opportunity to unsubscribe from receiving further information from us by clicking on the unsubscribe link provided in the communication.
We may use or disclose the personal information we collect for one or more of the following purposes in order to conduct our business and pursue our legitimate business interests (and where required, your consent):
To fulfill or meet the reason you provided the information. For example, if you provide your personal information to purchase our products, we will use that information to process and manage your order.
To provide, support, personalize, and develop our Website, products, and services and to help us gain a better understanding of your likes and dislikes in order to improve our websites and the services we offer.
To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (where we do not need your consent).
To allow you to participate in interactive features of our websites and administering our promotions and competitions.
To verify that you are of legal drinking age in your jurisdiction (if applicable).
To make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.
To fulfil a contract we may have with you, such as where you make a purchase from us or enter one of our competitions.
In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations).
To produce consumer insights (e.g., general research on our consumers; conduct consumer testing, surveys, and panels; data analytics and modeling).
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of MDL’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by MDL about our Website users is among the assets transferred.
In some instances, the provision of information to us is mandatory. If for example you want to buy wine from us and certain personal information is not provided (such as your age, your contact details and delivery address), then we will not be able to fulfil your order. We will always ensure that we minimize the amount of data we collect and will only ask for data that we need to process your request.
MDL will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, and to object to profiling we carry out for direct marketing purposes, at any time. You can do this by following the instructions in the communication (where this is an electronic message) or by contacting us using the details set out below.
How long we keep your information
Generally, we will retain your personal information for the period necessary to fulfil the purposes for which your personal information has been collected (as outlined in this privacy policy) unless a longer retention period is required by law.
Where we process registration information, we retain this for as long as we consider that you are an active user of our sites and for 2 years after this.
Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your information indefinitely so that we can respect your request in future.
Where we process personal information in connection with performing a contract (such as when you purchase wine from us) or for a competition, we keep the information for 6 years from your last interaction with us.
Where we process personal information for site security and/or fraud management purposes, we retain it for 3 years.
Our disclosure of your information
We will not disclose your personal information to third parties except:
with your consent;
where we are required or authorized by law to do so, for example to law enforcement agencies;
where third parties appointed by us require access to personal information held by us to perform services (in which case we require these third parties to keep that personal information confidential and not to use or disclose it for any purpose other than the purpose of performing those services). The types of third parties we may transfer information to include vendors, service providers, agencies and other partners who globally support our business and help us administer certain activities on our behalf, such as providing technical infrastructure services, marketing services, customer service, data hosting and management services, processing credit card payments services for us, and providing logistics and delivery services to help us deliver our products and services; or
to our related companies in order to operate our business and in accordance with the law.
We may also transfer personal information to a related company or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
Our websites sometimes contain links to other websites. With the exception of other sites owned by us, we do not control the privacy practices of sites reached through links from our websites. If you have any questions about the privacy practices of those websites then you should contact the relevant companies directly.
Your rights in relation to your information.
Under applicable law, you may be entitled to ask us for a copy of the personal information we hold about you, including to correct, delete or restrict processing of your personal information. In some jurisdictions, applicable law may also entitle you ask us to transmit your data to another controller where the processing is based on your consent carried out by automated means, or entitle you to object to the processing of your personal information in certain circumstances (in , where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing or profiling). However, these rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.
Security
We take appropriate measures to keep your personal information secure. We have implemented appropriate physical and electronic procedures to protect the personal information we collect. If you have an account with us, you are responsible for maintaining the confidentiality of your account details including your password, and are responsible for any activity under your account. We will not be responsible for any loss arising from your failure to comply with this obligation.
Due to its nature, transmission of information via the internet is not completely secure. Although we will protect your personal data in accordance with this policy, we cannot guarantee the security of any data transmitted to our websites and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorized access.
Contact Us
If you have any questions or concerns about our collection, use or disclosure of personal information, wish to exercise your rights in relation to data protection or you wish to make a complaint in relation to our privacy practices, please contact us at info@mdlwines.com. If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.
Your California Privacy Rights
If you are an eligible California resident, the California Consumer Privacy Act (“CCPA”) provides you with specific rights with respect to our collection and use of your personal information over the past twelve months. This California Privacy Rights Section supplements this Privacy Policy and applies solely to eligible residents of California as of January 1, 2020. Any terms not defined in this section have the same meaning as defined in the CCPA.
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, MDL’s Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
A. Identifiers
Collected: Yes
Examples: This category may include: name, postal address, unique personal identifiers, online identifiers, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Under the CCPA, “unique identifiers” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Collected: Yes
Examples: This category may include: name, signature, Social Security number, physical characteristics, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education or employment information, financial account numbers, medical information, or health insurance information.
C. Protected classification characteristics under California or federal law.
Collected: Yes
Examples: This category may include: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex and gender information, veteran or military status, or genetic information.
D. Commercial information.
Collected: Yes
Examples: This category may include: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Collected: No
Examples: This category may include: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
F. Internet or other electronic network activity information.
Collected: Yes
Examples: This category may include: browsing history, search history, and information regarding interactions with an Internet Web site, application, or advertisement.
G. Geolocation data
Collected: Yes
Examples: This category may include: physical location or movements.
H. Sensory data.
Collected: No
Examples: This category may include: audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Collected: YES (for prospective employees only)
Examples: This category may include: current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Collected: YES (for prospective employees only)
Examples: This category may include: education records directly related to a student maintained by an educational institution or party acting on its behalf (e.g., grades and transcripts).
K. Inferences drawn from other personal information.
Collected: YES
Examples: This category may include: inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behavior, attitudes, or similar behavioral information.
Please note that some of the categories of personal information described in the CCPA overlap with each other; for instance, your name is both an Identifier and a type of data described in Cal. Civil Code 1798.80(e).
Personal information does not include publicly available information from government records or any deidentified or aggregated consumer information. In addition, the CCPA excludes the following from its scope: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
MDL obtains the categories of personal information listed above directly from you (for example, from forms you complete or products and services you purchase) and/or indirectly from you (for example, from observing your actions on our Website).
Use of Personal Information
We may use or disclose the personal information we collect for the purposes described in the “How We Use Your Information” Section above.
Sharing Personal Information
MDL may disclose your personal information to third parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
MDL shares your personal information with the categories of third parties listed in the “Our Disclosure of Your Information” section listed above. Specifically, in the preceding twelve (12) month period, MDL has disclosed the following categories of personal information for a business purpose: identifiers; California Customer Records personal information categories; protected classification characteristics under California or federal law; commercial information; internet or other similar network activity; geolocation data; professional or employment-related information (for prospective employees only); non-public education information (for prospective employees only); and inferences drawn from other personal information.
Sales of Personal Information
In the preceding twelve (12) months, MDL has not sold personal information.
Your Rights & Choices
(a) Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide certain information to you about our collection and use of your personal information over the past twelve (12) months. Specifically, you have the right to request disclosure of the categories of personal information and specific pieces of personal information we have collected about you over the last 12 months. Upon the submission of a verifiable consumer request (see Exercising your California Privacy Rights), we will disclose to you:
The categories of personal information we collected about you;
The categories of sources for the personal information we collected about you;
Our business or commercial purpose for collecting that personal information;
Our business or commercial purpose for which we sold or disclosed that personal information; and
The categories of third parties with whom we share that personal information.
We will also provide the specific pieces of personal information we collected about you if you also request access to such information (subject to certain exceptions under applicable law). In addition, if we sold or disclosed your personal information for a business purpose, we will also identify: (i) the categories of personal information that we sold about you; (ii) the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom your personal information was sold; and (iii) the categories of personal information that we disclosed about you for a business purpose.
(b) Right to Request Deletion of Personal Information
If you are a California resident, you also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will conduct a reasonable search of our records in order to locate any personal information we have collected about you that is eligible for deletion, and delete such personal information. To the extent we have shared any personal information collected about you with service providers that is eligible for deletion, we will direct those service providers to delete that personal information as well. For the sake of clarity, however, MDL may not be able to comply entirely with your request to delete all of your personal information as set forth under the CCPA. For example, if you placed an order with us, the CCPA allows us to keep records related to these types of transactions in order to complete a transaction for which your personal information was collected. Specifically, we are not required to delete any personal information we have collected about you that is necessary for us and our service provider(s) to:
Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between MDL and you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with a legal obligation, such as retaining records for a period of time as set out in local, state, or federal laws.
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided your information.
Following a deletion request, any personal information about you that was not deleted from our systems will only be used for the purposes provided for by the applicable exceptions. Thus, all personal information about you that is not subject to a deletion exception will either be (1) permanently deleted on our existing systems (with the exception of archived or back-up systems maintained for emergency disaster recovery and business continuity purposes); (2) de-identified; or (3) aggregated so as to not be personal to you.
(c) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable law, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
(d) Exercising Your California Privacy Rights
To exercise your access and deletion rights described above, please initiate a verifiable consumer request by emailing info@mdlwines.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. However, you may make a verifiable consumer request on behalf of your minor child. You can designate an authorized agent to submit a verifiable consumer request on your behalf by having the agent submit a request. Additionally, you may only make a verifiable consumer request for access twice within a 12-month period.
Your verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us.
(e) Response Timing and Format
We will make our best effort to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Within ten (10) days of receiving the request, we will confirm receipt and provide information about its verification and processing of the request. MDL will maintain records of consumer requests made pursuant to the CCPA as well as our response to said requests for a period of at least twenty-four (24) months.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Your Rights Under “Shine the Light”
In addition to your rights under the CCPA, California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure, if any, of their personal information to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal information shared and the names and addresses of all third parties that received personal information for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2018 will receive information about 2017 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response.
Effective Date of Policy
This Privacy Policy is effective and was last updated in September 2021.