info@belgiumwinestore.eu
+32 475 24 99 88
Prices excl. VAT
Belgium Wine Store

BelgiumWineStore.eu — Privacy Policy

Overview

This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit our website, create an account or buy our products. We act as the data controller for the processing described here. We comply with the EU General Data Protection Regulation (GDPR) and applicable national laws.

Who We Are

Data Controller: DP Sales BV ("Belgium Wine Store")
Registered Office: Koning Boudewijnlaan 20A, 3500 Hasselt, Belgium
Company/VAT: BE0466.596.922
Returns Address: Breitwaterstraat 35/1, 3630 Maasmechelen, Belgium
Website: www.belgiumwinestore.eu
Contact for privacy matters: support@belgiumwinestore.eu
Effective Date: September 03, 2025

Scope

Scope: this Policy covers personal data processed through BelgiumWineStore.eu, including checkout, account, support, age‑verification and delivery workflows. Separate terms may apply to business‑to‑business sales handled by direct invoice.

Categories of Data

Categories of data we process:

  • Identification and contact data (name, email, phone, billing and delivery addresses).
  • Account credentials (hashed password), order history, preferences.
  • Age‑verification data (date of birth; yes/no verification status; timestamp; method; verifier). We avoid storing ID images and only retain minimal verification logs unless a regulatory incident requires extended retention.
  • Payment and risk signals (payment method token, authorization result, fraud‑screening signals from our PSP). We do not store full card PANs.
  • Delivery data (carrier tracking numbers, delivery confirmations, adult‑signature confirmations where applicable).
  • Communications (support emails, complaints, product feedback).
  • Device/usage data (IP address, user agent, cookie identifiers, consent preferences, pages viewed).

Sources of Data

Sources of data:

  • Directly from you during checkout, account creation and support.
  • From our payment service provider (Mollie) for payment status and fraud‑screening signals.
  • From carriers for delivery events and age‑verified handover.
  • From age‑verification providers if we deploy them for legal compliance.
  • From your device via cookies and similar technologies. See our Cookie Policy.

Purposes and Legal Bases

Purposes and legal bases:

  • Fulfilling orders, delivering products, handling returns and customer support — Art. 6(1)(b) GDPR (contract performance).
  • Age verification for alcohol sales and preventing underage delivery — Art. 6(1)(c) (legal obligation) and 6(1)(f) (legitimate interests in regulatory compliance and responsible retailing).
  • Payments, fraud prevention and security monitoring — Art. 6(1)(b) and 6(1)(f) (legitimate interests in safeguarding transactions and accounts).
  • Tax, accounting, excise and regulatory compliance — Art. 6(1)(c) (legal obligation).
  • Service improvement, analytics with privacy safeguards — Art. 6(1)(f) (legitimate interests). Non‑essential analytics may rely on consent via the cookie banner.
  • Direct marketing by email or SMS (where enabled) — Art. 6(1)(a) consent or Art. 6(1)(f) legitimate interests for similar‑products marketing to existing customers where permitted; you can opt out at any time.
  • Defending legal claims and preventing abuse — Art. 6(1)(f).

Age‑Verification

Age‑verification details:

  • We sell alcoholic products only to persons of legal age in the delivery country. At checkout, we require age affirmation and may request the date of birth.
  • We may use third‑party age‑verification services or manual checks where necessary. At delivery, the carrier may verify ID and obtain an adult signature.
  • By design, we avoid storing ID document images. Our logs record only the fact of verification (pass/fail), the method, and the timestamp. Extended retention may apply where we must evidence compliance to authorities or resolve disputes.

Disclosures and Recipients

Disclosures and recipients:

  • Payment processing: Mollie (and underlying payment networks) to process payments and perform fraud checks.
  • Logistics: carriers, customs brokers and warehousing partners for delivery, returns and age‑verified handover.
  • IT and security: hosting, content delivery, email and customer‑service platforms.
  • Age‑verification providers (if deployed) strictly for legal compliance.
  • Authorities, auditors and regulators where required by law.

We enter into data‑processing agreements with processors and require appropriate safeguards.

International Transfers

International data transfers:

Some service providers may be located outside the EEA/UK. Where personal data is transferred internationally, we rely on adequacy decisions or the European Commission's Standard Contractual Clauses, and implement additional technical and organizational safeguards where appropriate.

Retention

Retention:

  • Account profile and order history: for the life of the account and then deleted or anonymized after 24 months of inactivity, unless a longer period is required for legal claims.
  • Transaction records (invoices, tax, excise): retained for 7 years to meet legal obligations.
  • Age‑verification logs: retained for up to 24 months after delivery unless an incident requires longer retention.
  • Customer support communications: 24 months after resolution.
  • Marketing consents and suppression lists: until you withdraw consent or object; suppression lists are kept to honor your opt‑out.
  • Cookies and online identifiers: see cookie lifetimes in our Cookie Policy.

Security

Security:

We implement appropriate technical and organizational measures including encryption in transit, access controls, logging, minimization of verification data, and regular review of processors. No system is perfectly secure; we maintain incident response procedures and will notify authorities and users when required by law.

Automated Decision‑Making and Profiling

Automated decision‑making:

We use rule‑based tools for fraud and age‑risk screening. Decisions with significant effects are reviewed by a human on request. You may contest a decision, express your point of view and obtain human review.

Your Rights

Your rights:

  • Access your data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data in certain cases ("right to be forgotten").
  • Restrict processing in certain cases.
  • Object to processing based on legitimate interests and to direct marketing at any time.
  • Data portability for data you provided to us, processed by automated means under Art. 6(1)(b) or (a).
  • Withdraw consent at any time without affecting prior processing.
  • Lodge a complaint with a supervisory authority. In Belgium: the Data Protection Authority (GBA/APD).

How to Exercise Your Rights

How to exercise your rights: contact us at support@belgiumwinestore.eu. We will respond within one month (extendable by two months for complex requests). We may ask you to verify your identity. Where permitted by law, we may refuse manifestly unfounded or excessive requests.

Updates to this Policy

Updates to this Policy:

We may update this Privacy Policy from time to time. Material changes will be communicated on the Site. The version and effective date appear at the top of this page.

Back to Store