Culemborg, The Netherlands

Privacy & Cookie Policy

Version: 23 December 2025

This Privacy Policy explains how Wine Wizz C.V. (trading as “Cellarworthy”) (“we”, “us”, “our”) collects and uses personal data when you visit cellarworthy.com (the “Website”), create an account, place an order, use our Storage Service, or contact us.

1. Who we are (data controller)

Wine Wizz C.V. (Cellarworthy)
Waldeck Pyrmontdreef 22, 4101KJ, Culemborg, The Netherlands
KvK: 83473815
VAT (BTW): NL862888086B01
Email (privacy requests): info@cellarworthy.com

Wine Wizz C.V. is the data controller for the processing described in this Privacy Policy.

2. What personal data we collect

Depending on how you use the Website and our services, we may collect:

A) Account & identity data

  • Name, email address, password (stored in encrypted/hashed form)

  • Billing and delivery addresses

  • Country, language, account preferences

B) Order & transaction data

  • Products purchased, quantities, prices, order history

  • Invoice details, payment status, refunds/credit notes

  • Communications related to your orders

C) Payment data (via Mollie)

We use Mollie B.V. to process payments. We do not store full payment card details on our servers.
We may receive limited information from Mollie such as:

  • Payment status (paid/failed/refunded)

  • Transaction reference/ID

  • Fraud/risk indicators (where applicable)

D) Delivery data

  • Recipient name, delivery address

  • Tracking details and delivery status

  • Where applicable: confirmation that an age check was performed (without collecting more than necessary)

E) Storage Service data

If you use our Storage Service, we may process:

  • Your storage plan, fees, billing records, service communications

  • Inventory records: producer, wine name, vintage, format, quantities, intake/withdrawal history, identifiers/lot references

  • Dispatch/withdrawal instructions and recipients

F) Customer support data

  • Messages you send us (email/contact forms), support history and attachments you provide

G) Website, device & cookie data

  • IP address (or derived location), device/browser information

  • Pages viewed, clicks, timestamps, referring pages

  • Cookie identifiers and consent preferences

H) Marketing data (Mailchimp)

  • Newsletter subscription status and preferences

  • Email engagement (e.g., opens/clicks) where enabled

3. How we collect personal data

We collect personal data:

  • directly from you (checkout, account registration, email/contact forms)

  • automatically through cookies and similar technologies

  • from service providers involved in payments, shipping, analytics, and email delivery (limited to what is necessary)

4. Why we use your personal data (purposes)

We use personal data to:

  1. Provide and secure the Website, shopping cart, checkout, and your account

  2. Process orders and deliver products (including sending transactional messages)

  3. Provide and administer the Storage Service (intake, inventory management, withdrawals, dispatch)

  4. Process payments and prevent fraud (via Mollie and security controls)

  5. Provide customer support and handle disputes/claims

  6. Comply with legal and tax/accounting obligations

  7. Analyse Website usage and improve performance (GA4)

  8. Send marketing communications (Mailchimp) where you have opted in (or where permitted with an opt-out)

5. Legal bases (GDPR/AVG)

We process personal data using one or more of the following legal bases:

  • Performance of a contract
    (e.g., creating accounts, fulfilling orders, providing the Storage Service)

  • Legal obligation
    (e.g., tax/accounting record-keeping and other mandatory compliance requirements)

  • Legitimate interests
    (e.g., Website security, fraud prevention, improving our services, handling customer service efficiently)
    We balance these interests against your rights.

  • Consent
    (e.g., newsletter sign-up and non-essential cookies). You can withdraw consent at any time.

6. Who we share personal data with

We share personal data only when necessary for the purposes above, with:

Payments

  • Mollie B.V. – payment processing, payment confirmations, refunds

Email & marketing

  • Mailchimp (The Rocket Science Group LLC / Intuit group companies) – newsletter and marketing email distribution, subscription management (where used)

Analytics

  • Google Analytics 4 (GA4) – Website usage analytics provided by Google (where enabled)

E-commerce platform & Website operations

  • WordPress / WooCommerce – your account, checkout and order processing are handled through our WordPress/WooCommerce setup

  • Our hosting provider, IT vendors, security services, and backup services (as applicable)

Shipping & logistics

  • Shipping and logistics partners – delivery, tracking, and where applicable age-check at delivery

Professional support

  • Accountants, auditors, legal and other professional advisors (as necessary)

Authorities / legal requirements

We may disclose personal data to authorities if required by law, or to protect our rights (e.g., fraud, claims, chargebacks).

7. Alcohol sales and age verification (18+)

Our products include alcoholic beverages. You must be 18+ to purchase. Age verification may be applied during checkout and/or on delivery. Where delivery age checks are used, we process only what is necessary to support lawful delivery and prevent underage supply.

8. International transfers (outside the EEA)

We are based in the Netherlands. Some of our service providers (such as Google and Mailchimp) may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we use appropriate safeguards as required under GDPR, such as:

  • EU Standard Contractual Clauses (SCCs), and/or

  • other approved transfer mechanisms and supplementary measures where necessary.

You can contact us at info@cellarworthy.com to ask about the safeguards used for a specific provider.

9. Data retention (how long we keep your data)

We keep personal data no longer than necessary for the purposes described above, unless a longer period is required by law.

Typical retention (guidance):

  • Orders, invoices, and accounting records: generally up to 7 years (for Dutch tax/accounting obligations)

  • Customer support correspondence: typically up to 2 years after resolution (unless needed for a dispute/claim)

  • Account data: for as long as your account is active; if you request deletion, we will delete or anonymise where possible (subject to legal obligations)

  • Storage Service records: for the storage period and a reasonable period afterward for administration, audits, disputes, and required record-keeping

  • Marketing data: until you unsubscribe/withdraw consent (then we may keep a minimal “do-not-contact” record)

  • Analytics/cookie data: according to cookie settings and the retention configuration in our tools

10. Security

We use appropriate technical and organisational measures to protect personal data, such as access controls, secure hosting, software updates, and least-privilege access. No system is completely secure; if a personal data breach occurs that requires notification, we will act in accordance with applicable law.

11. Cookies and similar technologies

We use cookies and similar technologies for:

A) Strictly necessary cookies

Needed for the Website to function (e.g., cart, checkout, security, consent settings). These cannot be switched off in our systems.

B) Preferences cookies

Remember choices like language or region.

C) Analytics cookies (GA4)

Used to understand how visitors use the Website and to improve performance. GA4 may collect information such as pages viewed, session events, device/browser details, and approximate location derived from technical signals.

D) Marketing cookies (Mailchimp and/or other tools)

Used to measure the effectiveness of marketing and personalise communications where applicable (only where enabled and consented).

Managing cookies:
You can change your cookie preferences at any time via [Cookie Settings link] on the Website (add this link in your cookie banner/settings page), and you can also manage cookies through your browser settings.

If you want, I can also draft a separate Cookie Policy (often published alongside a Privacy Policy) with a clearer cookie table.

12. Marketing communications (Mailchimp)

If you sign up to our newsletter, we use Mailchimp to send marketing emails. You can unsubscribe at any time using the unsubscribe link in any email, or by contacting info@cellarworthy.com.

If we rely on legitimate interests for limited marketing where permitted (e.g., existing customer relationship), you can object at any time.

13. Your GDPR rights

You may have the right to:

  • access your personal data

  • correct inaccurate data

  • delete data (in certain cases)

  • restrict processing

  • object to processing (including marketing)

  • data portability (in certain cases)

  • withdraw consent at any time (where processing is based on consent)

  • lodge a complaint with the supervisory authority

To exercise your rights, email info@cellarworthy.com. We may ask for additional information to verify your identity.

Supervisory authority (Netherlands): Autoriteit Persoonsgegevens (AP).

14. Children

Our Website and services are not intended for persons under 18. We do not knowingly collect personal data from children.

15. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects, except where basic automated checks may be used for fraud prevention and payment security. If you believe an automated check affected your order unfairly, contact us at info@cellarworthy.com.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on the Website with the updated “Version” date.

17. Contact

For privacy questions or requests, contact: info@cellarworthy.com