Privacy policy

Perfect — here’s a UK-based, legally robust version of your Vinilotus Privacy Policy, fully rewritten for compliance with the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).

This version is professionally phrased, distinct from the previous French/EU text, and suitable for publication on a UK website or use in legal documentation.

Vinilotus Privacy Policy

Last updated: [01/10/2025]

1. Introduction

This Privacy Policy (“Policy”) explains how Vinilotus Ltd (“Vinilotus”, “we”, “us”, or “our”) collects, uses, stores, and protects personal information obtained through our website www.vinilotus.com (the “Site”), and through related communications or business interactions.

Vinilotus is committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

By visiting our Site or otherwise providing your information, you acknowledge that you have read and understood this Policy.

2. Data Controller

The data controller responsible for your personal information is:

Vinilotus Ltd
[Insert registered office address]
Email: privacy@vinilotus.com

3. Lawful Basis for Processing

Vinilotus will only process personal data when there is a lawful basis for doing so under the UK GDPR, including:

  • Consent – where you have given explicit permission for us to process your data;

  • Contract – where processing is necessary for the performance of a contract or to take steps at your request before entering into a contract;

  • Legal obligation – where we must process your data to comply with the law;

  • Legitimate interests – where processing is necessary for our legitimate business purposes and your rights do not override those interests.

4. Information We Collect

We may collect and process the following categories of personal data:

  • Identity and contact information: name, title, email address, phone number, company name, and postal address;

  • Website usage data: IP address, browser type, operating system, referring URLs, pages viewed, and time spent on our Site;

  • Communications data: correspondence, inquiries, or requests submitted through contact forms, email, or telephone;

  • Marketing preferences: information regarding your consent to receive updates or promotional materials;

  • Transactional and service data: details relating to orders, quotations, or sample requests.

Vinilotus does not intentionally collect sensitive personal data (special category data). Should this ever be necessary, explicit consent will be sought in advance.

5. How We Use Your Information

Your personal data may be processed for the following purposes:

  • To manage and operate our website and digital platforms;

  • To respond to inquiries, quotation or collaboration requests, and service communications;

  • To fulfil contracts or sample dispatches;

  • To improve user experience and website functionality;

  • To maintain internal records and manage client relationships;

  • To send updates, newsletters, or marketing communications (subject to consent);

  • To comply with legal or regulatory requirements;

  • To protect our rights, property, or the safety of users and partners.

6. Data Retention

We will only retain personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

Retention periods vary depending on the data type and processing purpose.
When data is no longer required, it will be securely deleted or anonymised in accordance with UK GDPR standards.

7. Sharing and Disclosure

Vinilotus treats all personal data as confidential. We only share data when necessary and in compliance with applicable laws.

Your data may be disclosed to:

  • Internal departments and authorised staff within Vinilotus;

  • Trusted third-party service providers who support our operations (e.g., website hosting, IT maintenance, courier, analytics, or communications services);

  • Professional advisers such as auditors, lawyers, or consultants bound by confidentiality obligations;

  • Public authorities or regulators where legally required to do so.

We will never sell, rent, or trade your personal data to third parties for commercial gain.

8. International Transfers

Your personal data is primarily stored and processed in the United Kingdom (UK).

Where data is transferred outside the UK (for example, to cloud hosting providers or partners based in the European Economic Area or elsewhere), we will ensure that such transfers are subject to appropriate safeguards, including:

  • An adequacy decision by the UK Government; or

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO); or

  • Other lawful transfer mechanisms permitted under the UK GDPR.

9. Data Security

Vinilotus implements both technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised access, or disclosure.

These include:

  • Encrypted communication and secure servers;

  • Controlled access to personal data based on role and necessity;

  • Regular data protection training and confidentiality obligations for staff;

  • Secure data backup and recovery systems.

While we take reasonable precautions, no online transmission or storage system can be fully guaranteed to be secure. In the event of a data breach that poses a risk to your rights and freedoms, Vinilotus will notify both you and the Information Commissioner’s Office (ICO) in accordance with legal requirements.

10. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access – to request a copy of the personal data we hold about you;

  • Right to rectification – to have inaccurate or incomplete data corrected;

  • Right to erasure – to request deletion of your personal data in certain circumstances;

  • Right to restriction of processing – to request temporary suspension of data processing;

  • Right to data portability – to receive your data in a structured, machine-readable format;

  • Right to object – to object to processing based on legitimate interests or for direct marketing;

  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

11. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to enhance functionality, analyse website performance, and deliver a better browsing experience.

You can control or delete cookies through your browser settings. Details about how we use cookies, their purposes, and your options to manage them are explained in our separate Cookies Policy.

12. Links to Third-Party Websites

Our Site may contain links to external websites operated by third parties. Vinilotus has no control over, and is not responsible for, the privacy practices or content of such external sites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Updates to This Policy

Vinilotus reserves the right to amend or update this Privacy Policy at any time to reflect changes in law, regulation, or operational practice.
Any modifications will be posted on this page with an updated “Last Updated” date. We encourage users to review this Policy periodically to stay informed.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data protection practices, please contact:

Vinilotus Ltd
Email: contact@sunsiu.com
Website: www.vinilotus.com

15. Governing Law

This Privacy Policy and any related disputes shall be governed by the laws of England and Wales, and subject to the exclusive jurisdiction of the courts of England and Wales.

Would you like me to now create a matching “Cookies Policy” (in UK legal format, simple but compliant with PECR and UK GDPR) — it’s typically linked right after the Privacy Policy on websites and is legally required if your site uses analytics or marketing cookies?