Privacy Policy — Vinho Sem Medo

Vinho Sem Medo takes your privacy seriously. This policy explains what personal data we collect, why we collect it, and your rights under the General Data Protection Regulation (GDPR) and Portuguese law.

1. Who We Are (Data Controller)

Controller	Izhar Perlman (trading as Vinho Sem Medo)
NIF	216 828 023
Address	Largo da Cutelaria 8, 2550-354 Cadaval, Portugal
Email	admin@vinhosemmedo.pt
Supervisory authority	CNPD — Comissão Nacional de Protecção de Dados (cnpd.pt)

2. Data We Collect

From buyers

Name, email address, phone number
Delivery address
Order history (wine purchased, quantity, amount, date)
Tax ID (NIF) — optional, for invoice purposes
Guarantee claims — order number, reason, description

From wineries

Legal name, trading name, NIF, registered address
Contact details (email, phone, WhatsApp)
Stripe account ID
Winery description, logo, cover photo
Wine catalogue data (names, descriptions, prices, photos)
Order and dispatch records
Login credentials (email + hashed password)

From Amigos do Vinho

Name, email, phone, city, region
Biography and Instagram handle
Review content, photos, video links
Assignment and compensation records

Technical data (all users)

Session data (stored server-side, expires on logout)
Language preference (cookie)
Age verification (cookie — records confirmation only, no date of birth stored)

3. How We Use Your Data

Process orders	Pass buyer delivery details to the winery; confirm order by email
Winery management	Manage membership, send order notifications, expiry reminders
VSM Guarantee	Process claims, coordinate returns between buyer and winery
Amigos programme	Assign reviews, coordinate bottle delivery, publish reviews
Communications	Transactional emails only (order confirmations, dispatch notifications, Guarantee updates). We do not send marketing emails without explicit consent.
Legal compliance	Retain records as required by Portuguese tax law

4. Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR) — processing necessary to fulfil orders and membership agreements
Legal obligation (Art. 6(1)(c) GDPR) — retention of transaction records for tax purposes
Legitimate interests (Art. 6(1)(f) GDPR) — fraud prevention, platform security, Guarantee administration
Consent (Art. 6(1)(a) GDPR) — age verification cookie; review publication for Amigos

5. Data Sharing

We do not sell your personal data. We do not share it with advertising networks or data brokers.

We share data only where necessary:

Wineries — receive buyer name, delivery address and order details to fulfil orders
Stripe — payment processor; handles all card data. See Stripe's privacy policy at stripe.com/privacy
Email provider — transactional emails sent via the server's mail function
Legal authorities — if required by law or court order

6. Stripe and Payment Data

All payment card data is processed exclusively by Stripe. Vinho Sem Medo never sees, stores or processes card numbers, CVV codes or full card details. The only payment-related data we store is the Stripe Payment Intent ID and the transaction amount, for order reconciliation purposes.

7. Cookies

vsm_age_ok	Records age verification confirmation. Expires after 365 days. No personal data stored.
vsm_lang (session)	Stores language preference (PT/EN). Session cookie — deleted on browser close.
PHPSESSID	Standard PHP session cookie for cart and login state. Session cookie — deleted on browser close.

We do not use tracking cookies, analytics cookies or advertising cookies. No third-party cookies are set by vinhosemmedo.pt.

8. Data Retention

Order data	7 years (Portuguese tax law requirement)
Winery account data	Duration of membership + 12 months after expiry
Buyer data	Duration of order relationship + 7 years for tax records
Amigo data	Duration of programme participation + 12 months
Guarantee claims	3 years from resolution
Session data	Deleted on logout or browser close

9. Your Rights

Under GDPR you have the following rights regarding your personal data:

AccessRequest a copy of the data we hold about you

RectificationAsk us to correct inaccurate or incomplete data

ErasureRequest deletion of your data (subject to legal retention obligations)

RestrictionAsk us to limit how we use your data

PortabilityReceive your data in a machine-readable format

ObjectionObject to processing based on legitimate interests

To exercise any of these rights, contact us at admin@vinhosemmedo.pt. We will respond within 30 days. You also have the right to lodge a complaint with the CNPD at cnpd.pt.

10. Security

We implement appropriate technical and organisational measures to protect your data, including:

HTTPS encryption for all data in transit
Passwords stored as bcrypt hashes — never in plain text
Payment data handled exclusively by Stripe
Access to personal data limited to the platform operator

11. Children

Vinho Sem Medo is an alcohol marketplace. We do not knowingly collect data from anyone under 18. Age verification is required before accessing the platform. If you believe a minor has submitted data, please contact us immediately at admin@vinhosemmedo.pt.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified to registered wineries by email. The date at the top of this page shows when it was last updated. Continued use of the platform after changes constitutes acceptance.

13. Contact

Data controller	Izhar Perlman (Vinho Sem Medo)
NIF	216 828 023
Address	Largo da Cutelaria 8, 2550-354 Cadaval, Portugal
Email	admin@vinhosemmedo.pt
Supervisory authority	CNPD — cnpd.pt