Winerim legal
Privacy Policy
Processing of personal data on the Winerim platform · Final operational version - July 7, 2026 · Applicable to customers located outside Spain, unless otherwise agreed in writing.
International privacy policy for Winerim customers, administrators, visitors, diners and contacts outside Spain.
1. Responsible for international treatment
The data controller for clients and users located outside of Spain will be Winerim LLC, a company incorporated under the laws of the State of Florida, United States of America, with address at 1210 Washington Ave 213, Miami Beach, FL 33139, USA, unless an offer, contract or local policy indicates another responsible entity. When Winerim processes data on behalf of a Client, the Client will be responsible for the processing and Winerim will act as processor or service provider in accordance with the contract, the Processing Order Annex, the documented instructions and the applicable regulations. When this Policy is applicable to interested parties from the European Economic Area, the United Kingdom or Switzerland, Winerim will apply the rights, guarantees and bases of legitimacy required by applicable regulations, including the GDPR when applicable. If it is mandatory to designate a formal representative in the European Union, Winerim will update this Policy with your data; in the meantime, info@winerim.com will be the operational point of contact for privacy inquiries.
2. Who this Policy applies to
This Policy applies to representatives, administrators, employees, collaborators and authorized users of professional clients; website visitors; application users; diners or end users who consult digital menus; business contacts; suppliers; candidates; people who contact support; and any person whose data is processed in the context of Winerim. Winerim is a B2B platform. Restaurants, hotels or professional clients may be responsible for certain data that they incorporate, connect or publish on the Platform, including data of their staff, users, diners or third parties.
3. Personal data that we can process
Identification and contact data: name, surname, position, company, restaurant, hotel or group, professional address, telephone number, email, username, encrypted password, account identifiers, country and language. Contracting and billing data: entity, CIF/NIF/VAT/CUIT/tax ID, tax address, contracted plan, amount, currency, invoices, payments, collection status, tokenized payment method, data managed by Stripe or other payment providers, collection incidents, returns and contractual communications. Technical and usage data: IP address, device, browser, operating system, logs, date and time, language, approximate location derived from IP, pages visited, events, clicks, sessions, errors, tokens, cookie identifiers, panel activity, security traces and API usage. Account and preferences data: favorites, wines viewed, saved selections, searches, language preferences, interactions with recommendations, account settings and communications. Menu and operational data: wine references, prices, vintages, stock, rotation, sales, availability, notes, pairings, images, categories, filters, visualizations, commercial performance, metrics and integration data, when the Client provides or connects them. Support and communications data: emails, tickets, messages, attachments, calls, meetings, incidents, requests, responses, support history and any information that the user voluntarily provides. Contractual cancellation data: requests sent to cancel@winerim.com, Customer identification, sender email, date and time, affected subscription, associated communications and evidence necessary to prove receipt or lack of valid receipt. We do not request special categories of data. Users and clients should not provide data on health, ideology, religion, union membership, biometrics, genetics, sex life, sexual orientation, criminal offenses or other specially protected data unless it is strictly necessary, there is a legal basis and Winerim expressly accepts it.
4. Origin of data
The data may come directly from the user or Client; of administrators authorized by the Client; from payment providers; from integrations activated by the Client, such as POS, PMS, ERP, CRM or other tools; from technical suppliers; from application stores; cookies and similar technologies; from public sources; and data generated by the use of the Platform. When the Client incorporates third party data into Winerim, they declare that they have sufficient legal basis and have provided the corresponding privacy information.
5. Purposes of the treatment
Create and manage accounts, authenticate users, manage permissions, allow access to the Platform and maintain security. Provide the contracted service, including configuration, upload, publication, visualization, translation, enrichment, maintenance, analysis and management of digital wine lists. Manage registrations, renewals, cancellations, cancellations, payments, billing, accounting, taxes, returns, chargebacks, non-payments and contractual relationship. Provide technical and functional support, answer queries, resolve incidents, communicate changes, perform maintenance, send security, billing or service notices. Analyze sales, stock, rotation, availability, interactions, preferences, menu performance, use of filters and exploitation metrics to offer panels, recommendations, alerts, insights and management improvement. Develop, train, tune, test and improve internal systems for analysis, recommendation, classification, pairing, translation, normalization, error detection, security and other functionalities, preferably with aggregated, anonymized or minimized data when feasible. Prevent fraud, abuse, unauthorized access, scraping, crawling, automated extraction, reverse engineering, competitive use, breaches of contract, security incidents and attacks. Send your own commercial communications about Winerim, news, functionalities, events or similar services when there is a legal basis and respecting the right of opposition or cancellation. Comply with legal obligations, respond to authorities, address claims, preserve evidence, defend rights, manage audits and corporate operations.
6. Legal bases or foundations of the treatment
For international B2B relationships, Winerim will process data on the basis of contractual execution, pre-contractual measures, compliance with legal obligations, legitimate business interests, consent when required or any other basis permitted by applicable regulations. When the GDPR is applicable to interested parties from the European Economic Area, the bases of legitimacy will be execution of contract, compliance with legal obligations, legitimate interest, consent and, where appropriate, instructions from the person responsible for the treatment if Winerim acts as processor. Legitimate interests include security, fraud prevention, service improvement, internal analytics, support, defense of claims, B2B communications, intellectual property protection, scraping detection, reverse engineering, data mining, API abuse and unauthorized competitive use. When local regulations require specific consent, Winerim will request it or the Client must obtain it before incorporating data into the Platform.
7. Public display of wine lists
The essential purpose of Winerim is to allow Clients to publicly display their wine lists in digital format. Therefore, menu data, such as references, prices, vintages, images, descriptions, pairings, categories and availability, may be publicly visible to diners, visitors, search engines and technical third parties necessary for the operation of the Internet. In principle, this information is of a business or commercial nature. If the Client includes personal data within a letter, it will be responsible for having a legal basis and for avoiding publishing unnecessary or unauthorized personal information.
8. Sales data, stock, analytics and benchmarking
Winerim may process sales data, stock, rotation, availability, interactions, filters, visualizations, preferences and commercial performance to provide the service, show analytics to the Client, generate recommendations, improve functionalities, detect errors and offer business intelligence. Winerim may use aggregated, anonymized or dissociated data for sector analysis, benchmarking, internal or external reports, market intelligence, model training, product improvement, commercial studies and development of new features. Winerim will not sell personal data. Nor will it publish individualized data on sales, stock, margins or economic performance of a Client directly identifying it without authorization or legal need. This Policy does not grant Customer, authorized users or third parties any right to extract, copy, sell, resell, license, assign, transfer, publish, market, train models, feed databases, scrape or exploit Winerim data, content, metrics, recommendations, taxonomies, datasets, images, descriptions or assets outside of the use permitted in the Terms.
9. Artificial intelligence and automated decisions
Winerim may use automated or artificial intelligence systems to classify wines, enrich data, generate descriptions, translate, create pairings, sort results, recommend wines, detect anomalies, improve search and optimize functionalities. These functionalities are supportive and may make errors. They do not produce legal decisions or significantly similar effects on natural persons in the strict sense of the GDPR, unless expressly indicated otherwise in a specific functionality. Where personal data is used in automated systems, Winerim will endeavor to apply minimisation, pseudonymisation, anonymisation or aggregation where feasible and proportionate. The Client may not use Winerim data or outputs to train external models or develop competing solutions, in accordance with the Terms.
10. Recipients, suppliers and subprocessors
We may share data with providers who provide services to Winerim, including cloud hosting, storage, security, monitoring, email, support, analytics, payments, billing, artificial intelligence, translation, integration, internal tools, professional advisors and application stores. Stripe or other payment providers may process data necessary for payments, subscriptions, billing, fraud prevention, financial compliance and regulatory obligations in accordance with their own terms and policies. Apple, Google or application store operators may process data when the user downloads or uses mobile applications from their environments. We may also communicate data to authorities, courts, public administrations, security forces, advisors, potential buyers or third parties when there is a legal obligation, valid requirement, defense of rights, corporate operation or sufficient legitimate interest. The specific list of relevant suppliers and subprocessors must be kept up to date and made available upon reasonable request or on a specific Winerim page.
11. International transfers and treatment from the United States
Winerim LLC is located in the United States, so the data may be processed, stored or accessible from the United States and other countries where Winerim suppliers operate. When the processing is subject to the GDPR or other regulations that restrict international transfers, Winerim will apply appropriate guarantees, such as standard contractual clauses, adequacy decisions, supplementary measures, supplier contracts or legally valid equivalent mechanisms. The Client acknowledges that the use of an international SaaS service may involve cross-border transfers, remote access, cloud providers, payments, support, security, analytics and artificial intelligence in different jurisdictions.
12. Data retention
The account and contract data will be kept as long as there is a contractual relationship and subsequently for the periods necessary for legal, accounting, tax compliance, defense of claims, auditing, security and responsibilities. Billing data will be kept for the periods required by applicable tax, commercial and accounting regulations. Cancellation requests, contractual communications and associated evidence will be kept for the periods necessary to process the cancellation, prove their receipt or lack of valid receipt, defend claims and comply with legal obligations. The supporting data will be kept for the time necessary to address the query or incident and subsequently for a reasonable period of time for monitoring, quality, security and defense of claims. Technical data, logs and security will be kept for periods provided for the purposes of security, diagnosis, fraud prevention, detection of scraping, abuse, reverse engineering and service improvement. Letter, stock, sales and operational data will be kept while the account is active and for a reasonable period thereafter for export, recovery, support, backup copies, legal compliance and defense of rights. Aggregated, anonymized or dissociated data may be kept indefinitely because they do not reasonably identify a natural person.
13. Privacy Rights
Interested persons may exercise the rights recognized by the regulations applicable in their jurisdiction. Where the GDPR applies, these rights include access, rectification, deletion, opposition, limitation, portability and withdrawal of consent. Depending on the country or state, there may also be rights to information, correction, deletion, exclusion of sale or sharing, limitation of certain uses, appeal or filing a complaint with competent authorities. To exercise rights, you must contact info@winerim.com, indicating the right you wish to exercise, country of residence and sufficient data to identify the request. Winerim may request additional information to verify identity or representation. If the request refers to data processed on behalf of a Client, Winerim may forward the request to the Client or act according to its instructions. In the case of interested parties from the European Economic Area, they may contact the competent control authority. If there is a formally designated European representative, their details will be indicated in this Policy; in the meantime, info@winerim.com will be the operational point of contact for privacy inquiries.
14. Cookies and similar technologies
Winerim currently does not use its own analytical, advertising or marketing cookies. The Platform may use its own technical cookies strictly necessary for authentication, session, security, abuse prevention and ordinary operation of the Service. For payments, Winerim uses Stripe as a third-party provider, which may install or use cookies and similar technologies necessary to process payments, manage subscriptions, prevent fraud, enhance security, and meet financial or regulatory obligations. If in the future Winerim incorporates non-necessary cookies, such as analytics, advertising, measurement or non-essential personalization, the user will be informed and the acceptance, rejection or configuration mechanism will be enabled when legally applicable. Rejecting non-necessary cookies will not prevent basic use of the Service when such cookies are not essential.
15. Commercial communications
Winerim may send communications regarding service, security, billing, contractual changes, maintenance, incidents or account operation, as they are necessary for the contractual relationship. Winerim may send its own commercial communications about similar services, new features, content, events or news, when there is a legal basis. The recipient may object or unsubscribe using the mechanisms indicated in each communication. The cancellation of commercial communications does not imply the cancellation of the service. Contractual cancellation will only be valid if requested by email to cancel@winerim.com in accordance with the Terms.
16. Security and confidentiality
Winerim will apply reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, loss, destruction, disclosure or misuse. These measures may include access control, roles, authentication, encryption where appropriate, backups, monitoring, logging, incident management, contractual confidentiality, supplier review and reasonable continuity measures. No system is completely secure. Customer and users must safeguard credentials, use strong passwords, limit permissions, and report incidents or unauthorized access.
17. Minors
Winerim is a professional B2B service and is not directed at minors. We do not knowingly request data from minors. The Client is responsible for compliance with applicable regulations when diners or minor end users can access public menus, especially in relation to alcoholic beverages, advertising, legal age and responsible consumption.
18. Responsibility of the Client for incorporated data
The Client will be responsible for the personal data that they decide to incorporate, connect or publish in Winerim, including data of employees, collaborators, suppliers, diners, images, comments, notes or information from third parties. The Client must inform affected persons when appropriate, obtain necessary consents, establish legal bases, respond to rights requests and avoid incorporating unnecessary or specially protected data. Winerim may delete, block or require withdrawal of data when there are indications of illegality, excess, infringement of rights, security risk or breach of contract.
19. Non-sale of personal data and data usage limits
Winerim does not sell personal data in the ordinary sense of transferring identifiable data in exchange for money. Winerim may exploit non-personal data, aggregated, anonymized, dissociated or generated by the Platform for improvement, analysis, benchmarking, AI, product, security and business purposes, in accordance with the Terms and this Policy. Customers, users or third parties may not extract, resell, license, transfer, monetize or use Winerim data or assets for their own products, third parties, external AI, consulting, comparators, catalogs or competing solutions.
20. Changes to this Policy
Winerim may update this Policy to reflect legal, technical, operational changes, suppliers, functionalities, treatments, corporate structure or business model. When changes are relevant, Winerim will try to communicate them by email, platform, website or other reasonable means. Continued use of the Platform after the update implies knowledge of the current version, without prejudice to legally applicable rights.
21. Contact
For privacy and data protection: info@winerim.com. For regular support: info@winerim.com. For contractual cancellations of the service: exclusively cancel@winerim.com, in accordance with the Terms and Conditions.