Our name is Vinta Definita Limited. We are a company incorporated under the laws of Ireland and our registered and contact address is 35 Linnetfields Square, Clonee, Dublin 15, Ireland. We describe ourselves in this Privacy Notice as “we”, “ourselves”, “us”, “our”, and “Vinta”. We are issuing this Privacy Notice in accordance with the General Data Protection Regulation “GDPR” and the Data Protection Act 2018. We are doing so to let you know in respect of any of your personal information we deal with (including by way of collection, use, and disclosure/sharing) as a result of your engagement with us (including using this website) how we will deal with it and your rights in respect of that information and dealing.
Types of personal information
The most common types of your personal information we are likely to deal with are:
- Your identity such as name, gender, and date of birth
- Contact details, such as shipping address, billing address, email address, and telephone number
- Security details, such as username and password
- Profile information, such as your size, and your interests and preferences
- Financial and transactional information, such as details of purchases and other transactions, purchase history, and card details
- Information about your usage of (eg search terms) and interaction with (eg when we provide you with vouchers) this website
- Feedback and correspondence
Legal basis for dealing
The principal legal bases on which we deal with your personal information are:
- The dealing is necessary for taking steps at your request before you enter into a contract with us – for example, enquiries and information submitted before you click the “Pay” option
- The dealing is necessary for the performance of a contract between you and us – for example, to process your payment and deliver the product you ordered
- To advance our legitimate interests, such as permitted direct marketing, where this does not disproportionately affect your rights, and subject to you right to opt out; this basis also covers matters arising from operating the website and optimizing it for you
- To comply with a legal duty, such as under consumer or tax law
- With your consent for a specific purpose, such as providing you with an account: if we are dealing with your personal information with your consent, you may withdraw that consent at any time by means as easy as those you used to provide it, but this may reduce the services we are able to provide for you.
In general terms, we must only deal with your personal information on a basis consistent with why we originally collected it, but this does not apply if the dealing is required by law, or we need the information to establish, exercise, or defend a legal right or claim, or it is necessary in order to prevent fraud or ensure cybersecurity.
Where we may only engage in extended direct marketing with your consent, we will ensure that your necessary consent is obtained beforehand.
Sensitive data (including criminal allegations and convictions)
Data protection law affords strict safeguards in relation to personal information about your race, ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, genetics, biometric identifiers, health, sex life, or sexual orientation. Similar protection apply to personal information about criminal allegations against a person, whether proven or not. We don’t see why we should need to deal with any personal information of these descriptions in the course of engaging with you, and ask you not to provide it. Any such dealing can only be with your explicit consent.
Data protection duties.
Our fundamental duties with regard to your personal information are to deal with it lawfully, fairly, and transparently, only to deal with it for specified, explicit, and legitimate purposes, to deal with no more of your personal information than is necessary for those purposes, to keep your personal information accurate and up-to-date, to keep it no longer than is necessary, and to keep it secure.
We would respectfully ask you to assist us in maintaining the accuracy of your personal information by updating us if any of the information we have about you changes during your engagement with us. We will retain your personal information no longer than is necessary for the purposes set out in this Privacy Notice unless longer retention is required by law.
We do not sell your personal information to third persons.
We decide why and how your personal information is dealt with. Therefore, we are known as “controllers”. We will engage other businesses to deal with your personal information on our behalf. These are known as “processors”. We will do this, for example, for the purposes of email provision, payment processing, couriering, hosting, database management, analytics, and storage. We will ensure that disclosure to any such processor only takes place pursuant to a contract that guarantees that your data protection rights are respected.
We will also, where necessary, share your personal information with our contracted service providers, such as banks, insurers, and accountants, advisers such as solicitors and barristers, and to public authorities as required by law.
Transfer outside the EEA.
The GDPR applies within the EEA. This, currently, is the EU, Iceland, Liechtenstein, and Norway. It guarantees you a very high level of data protection. If it is necessary for us, our service providers (including processors), or their staff, to deal with your personal information outside the EEA, we will ensure this is only done in a country the EU recognizes as affording an equivalent level of protection, or pursuant to standard contractual terms or other arrangements that have been approved by the EU.
We do not intend to offer products or services to persons under the age of 16, or older to the extent they are incapable in law of concluding an unimpeachable relevant contract. Please let us know if you believe a child under your guardianship has provided us with information without your permission, and we will expunge it as soon as practicable.
Third person links
We will offer links to other websites from our own. But your access to these sites is at your own risk and is not covered by this Privacy Notice. We would encourage you to consult the privacy information provided by the operators of those sites.
You have the following rights in respect of personal information about you that we are dealing with:
- To be told its sources, recipients, description by category, and retention criteria, and the purposes of the dealing, and to have access to it, usually in the form of a copy
- To have it corrected and/or updated
- In some circumstances, especially if we no longer have lawful need of it, to have it deleted
- To have us restrict dealing with it until other rights have been exercised or the right to exercise them has been demonstrated
- To have personal information in electronic form we deal with with your consent or under a contract with you transmitted to a third person
- To object to our dealing with your personal information on the basis of our legitimate interests and make us show compelling grounds that continued dealing would respect your rights.
You also have the right to opt out of direct marketing where we don’t need your consent because you bought something from us during the last 12 months.
We may make reasonable requests to you to allow us to confirm your identity.
While we hope that we can resolve any issue about how we deal with your personal information (including respecting the foregoing rights in respect of it), you also have the right to complain at any time to the Data Protection Commission at www.dataprotection.ie or to your local supervisory authority if the issue arises outside Ireland.
We reserve the right to vary this Privacy Notice from time to time, and publication on this webpage will for all purposes be sufficient notice of that variation.