PrivacyPolicy

Legal

Privacy Policy

Last updated: April 2026

1. Introduction

One Belvedere sarl (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data.

Throughout our website, you will find frequent reference to Belvedere1, which is wine&oil operational unit of One Belvedere sarl, located in Castellina in Chianti (SI), Tuscany, Italy.

This Privacy Policy explains:

  • What personal data we collect
  • How and why we use it
  • The legal basis for processing
  • How we store and protect your data (full explanation below)
  • Your rights under applicable data protection laws (full explanation below)

This policy applies to all users of our website, including customers, Wine Club members, and visitors from the European Union and international markets.

2. Contact Details of the Data Controller

One Belvedere sarl
Loc. Casanuova dei Carfini, Castellina in Chianti (SI)

Fiscal code 00310770524 and VAT:04398131005
Tuscany, Italy

Email: wine@onebelvedere.com

certified e-mail address (P.E.C.): aziendabelvederesas@pec.it

Phone: +39 3384120118+39 0577 1607365

3. Personal Data We Collect

Information You Provide

We may collect personal data when you:

  • Make a purchase
  • Join the Wine Club
  • Book a tour or tasting
  • Contact us
  • Subscribe to communications

This may include:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping address
  • Country of residence
  • Date of birth (for age verification)
  • Preferences related to wine and experiences

Payment details are processed securely via third-party providers and are not stored by us. The relevant companies are One Belvedere’s direct partners and are appointed Data Processors pursuant to Article 28 of Regulation No. EU/679/2016.

Automatically Collected Data

When you use our website, we may collect:

  • IP address
  • Device and browser information
  • Pages visited and time spent
  • Referring URLs
  • Cookie and tracking data

This data helps us improve performance, usability, and security.

Wine Club Data

For Wine Club members, we may also process:

  • Purchase history
  • Membership type and status
  • Shipment preferences
  • Loyalty or engagement data

4. Legal Basis for Processing

We process personal data based on:

  • Contractual necessity (orders management, memberships, bookings, wine shipping, invoicing, customer support, payment management);
  • Legal obligations (tax and accounting obligations under It. Or Eurpean law, age verification);
  • Legitimate interests (website security, performance, business operations)
  • Consent (marketing communications such as sending newsletters, promotions, updates on production, event invitations via email or post, analytics cookies)

5. How We Use Your Data

We use personal data to:

  • Process and deliver orders
  • Manage Wine Club memberships
  • Provide customer support
  • Organize experiences and visits
  • Communicate updates, offers, and releases
  • Improve website performance
  • Ensure secure transactions
  • Comply with legal obligations

6. Data Sharing

We may share personal data with trusted third parties, including:

  • Payment providers (e.g. Stripe or similar services)
  • Shipping and logistics partners
  • Email communication platforms
  • IT and hosting providers
  • Analytics services

All third parties are required to process data in accordance with applicable data protection laws. These companies are One Belvedere’s direct partners and are appointed Data Processors pursuant to Article 28 of Regulation No. EU/679/2016.

7. International Data Transfers

Due to the international nature of our business, personal data may be transferred outside the European Economic Area, including to the United States.

Where such transfers occur, we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequate security measures
  • GDPR-compliant agreements with service providers, who are appointed Data Processors pursuant to Article 28 of Regulation No. EU/679/2016.

8. Data Retention

We retain personal data:

  • For as long as necessary to fulfill orders and services
  • As required by tax and accounting regulations
  • Until consent is withdrawn (for marketing)
  • As necessary to comply with legal obligations

Data is securely deleted or anonymized when no longer required.

9. Cookies

Our website uses cookies and similar technologies to:

  • Ensure proper functionality
  • Improve user experience
  • Analyze traffic
  • Support marketing activities

You can manage your cookie preferences through the cookie banner and settings.

For more information, please refer to our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Secure hosting infrastructure
  • SSL encryption
  • Restricted access to data
  • Monitoring and security practices

11. Age Restrictions

Our products include alcoholic beverages.

In compliance with current legislation, One Belvedere sarl uses applications that allow verification of legal age of the buyer.

12. Marketing Communications

You may receive communications related to:

  • Orders and services
  • Wine releases and updates
  • Wine Club information

You may unsubscribe from marketing communications at any time using the unsubscribe link or by contacting us directly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page.

15. DETAILED INFORMATION ON THE PROCESSING OF PERSONAL DATA

AND YOUR RIGHTS

pursuant to Articles 13 and 14 of EU Regulation No. 2016/679

All the above mentioned data will be treated by One Belvedere sarl, as the Data Controller, according to the provisions of Articles 13 and 14 of EU Regulation 679-2016 (GDPR), and informs you that your personal data will be processed lawfully, fairly, and transparently.

1. Purpose of data processing: a) The processing is aimed solely at the correct and complete execution of the information and/or order received, as well as the aforementioned legal obligations; b) Where expressly permitted, the processing may be used for promotional initiatives.

2. Method of data processing: The processing is carried out using electronic and paper-based tools, ensuring adequate security measures to prevent the loss or unlawful use of data. The data will be retained (Article 5 GDPR) for the time necessary to fulfill the contract and, subsequently, for the periods required by law (e.g., 10 years for invoice retention). For the various promotional purposes, the data will be processed in compliance with the regulations for as long as the entitled party maintains their consent.

The processing is carried out by the Data Controller, the Data Processors, or the Data Processors.

3. Data that you provide: The indication of personal data is necessary for the purposes of carrying out the activities referred to in point 1a). Any refusal by the interested party to provide personal data will make it impossible to perform the activities referred to in point 1a).

You may withdraw your consent to the processing of your data for the purposes referred to in point 1b) at any time.

4. Communication of data: Personal data may be disclosed to the Data Processors and may be disclosed for the purposes referred to in point 1 to internal collaborators, who act under the authority of the Controller, and external collaborators (Data Processors), and to public and private entities to whom disclosure is necessary for the proper fulfillment of the purposes indicated in point 1.

5. Disclosure of data: Personal data is not subject to disclosure.

6. Transfer of data abroad: Personal data may be transferred to European Union countries and to countries outside the European Union for the purposes set out in point 1.

8. Rights of the data subject: You have the right to request from the Data Controller, at any time, access to the data that has been processed and to obtain a copy thereof (right to data portability); you have the right to request the rectification of inaccurate data, erasure (right to be forgotten), restriction of processing, or to object to the processing (Articles 15-22 of the GDPR). Requests should be sent by email to: wine@onebelvedere.com.

The Data Controller will provide an appropriate response within one month of receipt, or within two months if the complexity or number of requests so requires. In this case, the data subject will be notified within one month of receipt of the request.

If you believe that the processing violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority.