Privacy & GDPR Policy

MyOwnSomm.com Effective: Controller: MyOwnSomm.com

We’re committed to protecting your personal data. This notice explains what we collect, why, how long we keep it, who we share it with, and your rights under the GDPR and UK GDPR.

1) Who we are & how to contact us

Controller: [PLACEHOLDER: Full legal name], trading as MyOwnSomm.com, [PLACEHOLDER: Registered address in Ireland].

Privacy contact: info@myownsomm.com · General: info@myownsomm.com

Role clarity: We act as controller for your account, subscription, site operations and analytics. Each licensed retailer/sommelier (“Seller”) acts as an independent controller for alcohol order fulfilment. Stripe acts as an independent controller for card details.

2) What data we collect

  • Account & profile: name, email, phone, address (if you add it).
  • Authentication: hashed passwords (bcrypt), tokens, login logs.
  • Orders & interactions: wines saved, reviews you post, messages with Sellers.
  • Payments: subscription status, plan, billing history via Stripe (we do not store full card numbers).
  • Device/technical: IP address, user-agent, device IDs, referrer, cookie identifiers, error logs.
  • Support: enquiries and their metadata.
  • Sources: data you provide; data from Sellers/Shopify/WooCommerce for order handling; payment metadata from Stripe; analytics tools and cookies (see below).

3) Why we use your data & lawful bases

  • Provide the service (accounts, features, subscriptions). Legal basis: contract (Art. 6(1)(b)).
  • Connect you with Sellers to fulfil alcohol orders. Legal basis: contract; our & Sellers’ legitimate interests in order fulfilment (Art. 6(1)(f)).
  • Payments via Stripe (no card storage by us). Legal basis: contract; legal obligation for financial records.
  • Reviews & community content. Legal basis: contract; legitimate interests in maintaining a trustworthy platform.
  • Security, fraud prevention, age/abuse prevention. Legal basis: legitimate interests; legal obligation where applicable.
  • Analytics, product improvement. Legal basis: legitimate interests; consent where cookies are non-essential.
  • Direct marketing (optional). Legal basis: consent; you may withdraw at any time.
  • Legal & compliance (records, tax). Legal basis: legal obligation.

Right to object: Where we rely on legitimate interests, you can object at any time; we will stop unless we have compelling grounds or need to establish/exercise/defend legal claims.

4) Who we share data with

  • Sellers (independent controllers): details needed to fulfil your alcohol orders (e.g., name, contact, delivery address).
  • Payments: Stripe for processing subscriptions (see Stripe’s privacy notice). We do not store card numbers.
  • Commerce platforms: Shopify/WooCommerce for order creation/management for participating shops.
  • Infrastructure & support processors: hosting, email, support, analytics, error logging (see “Vendors & Sub-processors” list at /subprocessors).
  • Law & protection: where required by law or to protect rights, safety, and security.

5) Cookies, analytics & marketing

On your first visit we show a cookie banner to obtain consent for any non-essential cookies. You can review or change choices anytime via Cookie Settings.

  • Strictly necessary: essential for login, security, load-balancing.
  • Analytics: e.g., GA4 — helps us understand usage. Loaded only with consent.
  • Marketing: e.g., ad pixels — loaded only with consent.

Direct marketing: We only send marketing with your consent. You can unsubscribe via email links or Account.

6) International transfers

Our primary hosting is in the EEA/UK [PLACEHOLDER e.g., AWS eu-west-1]. Some vendors may process data outside the EEA/UK. Where they do, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where relevant, the UK IDTA/Addendum, plus supplemental measures.

7) Security

  • Encryption at rest for stored personal data and in transit via TLS.
  • Password hashing using bcrypt (we cannot see your plaintext password).
  • Role-based access controls, logging, and vendor due diligence.
  • Regular backups and vulnerability patching.
  • Data breaches: If a breach poses a risk to you, we will notify you and the Irish DPC as required.

8) Retention

  • Account data: kept while your account is active and deleted within 30 days of closure, unless we must retain for legal reasons.
  • Subscription & billing records: retained for up to 6 years to meet tax/accounting obligations.
  • Support records: typically 24 months.
  • Logs & security data: typically 90–365 days depending on system.
  • Reviews/UGC: retained and may remain publicly visible; you can delete your own reviews or contact us.

Where feasible we may anonymise data for analytics so it’s no longer personal data.

9) Your rights

You have rights to access, rectify, erase, restrict, object (including to direct marketing), and data portability. You may withdraw consent at any time.

To exercise rights, email info@myownsomm.com. We’ll respond within one month (extendable by two further months for complex requests). We may need to verify your identity.

10) Children

Our Services are for adults (18+). We do not knowingly collect children’s data. If you believe a child has provided data, contact us and we will delete it.

11) Changes to this notice

We may update this notice from time to time. For material changes we will provide reasonable notice (e.g., email or in-app). See the “Effective” date above.

12) Supervisory authority & complaints

If you have concerns, please contact us first. You also have the right to complain to the Data Protection Commission (DPC), Ireland: dataprotection.ie. If you are in the UK, you may complain to the ICO: ico.org.uk.