PRIVACY POLICY

Welcome to the Grgich Hills Estate web site, www.grgich.com (the “Site”), operated by Grgich Hills Estate (“we”, “us” or “our”). Your privacy is important to us so we provide this notice explaining our privacy practices and the choices you can make about the ways in which information about you is collected and used from the Site.

Information We Collect
When you create an account, we ask for your name, address, phone number, email address, and a user name and password. We use this information to fulfill your orders and to enable time-saving features like express checkout, wish lists, and saved baskets. We do not share or sell this information.

Your Information
We do not share, sell or trade email addresses, information collected as part of a survey, or specific details about you or your household.

We do not contribute to or participate in shared or cooperative databases, which give other companies access to your personal information. We do not release credit card or financial information for use by other companies.

For both privacy and security purposes, all transactional information communicated between customers and our Web site is transmitted in an encrypted format, and all credit card information is deleted from our servers immediately after card authorization.

Returns & Replacements

At Grgich Hills Estate we have a 100% customer satisfaction guarantee.  Please notify us within ten (10) days of your shipment’s delivery if any issues occur. Upon notification, we will gladly replace any damaged or defective product with the same product. If that product is no longer available, we will gladly replace it with a similar product or refund your payment.

Newsletter
We ask you to provide a name, email address and profile information. We use this information only to fulfill your request and, in the case of profile information, to help make sure we’re sending you the type of email updates you want to receive. We do not buy, share or sell email addresses.

SMS

If you opt in to SMS communications, the website uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS.

 

Gift Cards and Gift Messages
These options allow you to send a personal greeting with your gift order. We make no use of the information contained in these greetings except to complete your order as you have requested.

Your Choices
If you would like to opt out of future communications and/or promotional materials from us, you may indicate this preference by following the unsubscribe instructions at the bottom of our e-mails or by contacting us via e-mail, online, or by phone.

Links to Other Sites
Our Site may contain links to other sites that are not operated by us. These sites operate independently of us and have established their own privacy and security policies. For the best online experience, we strongly encourage you to review these policies at any site you visit.

Our Commitment to Data Security
We have put in place physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to, maintain security of, and correctly use the information we collect. Personally identifiable information and account activity are also protected through the use of e-mail addresses and passwords. In order to maintain the security of your information, you should protect the confidentiality of such information used to log into your account. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your personal information.

How You Can Access and Update Information
If you have previously provided any personally identifiable information to us by way of our Site, you retain the right to review, correct, update, delete or otherwise modify such information.

To access the personally identifiable information that we have collected about you that we maintain, or to correct factual errors in such information, simply log into your account using your e-mail address and password to update your information. Or you may also contact us at our address below.

To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.

Updates to our Privacy Policy
From time to time, we reserve the right to make updates to this Privacy Policy without prior notice to you. We encourage you to periodically check back and review this Privacy Policy so that you always will know what information we collect, how we use it, and to whom we disclose it. Your continued use of the Site following any changes to this Privacy Policy will be deemed to constitute your acceptance of such change.

How to Contact Us
For questions, comments or assistance, please contact us at:

707-963-2784

[email protected]

Grgich Hills Estate
PO Box 450
1829 St. Helena Hwy.
Rutherford, CA 94573

PRIVACY NOTICE TO CALIFORNIA RESIDENTS

 

This supplemental privacy notice applies to California residents (herein referred to as “you,” “the consumer,” or “California residents”) in order to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the Consumer Privacy Rights Act of 2020 (“CPRA”), and other California privacy laws.

 

If you are an employee or job applicant of the Company, please see the CCPA/CPRA Notice to Employees/Job Applicants that is available at this link and is posted in the breakroom for information that is more specific to you and for notice of the categories of information we have collected about our employees and job applicants over the past 12 months.

 

Consumer Rights Under the CCPA and CPRA

 

The CCPA and CPRA establish several rights for you, the consumer. We do not sell your personal information.

 

You have the right to submit several requests regarding the personal information we have collected about you.  You may make such a request for disclosure or deletion of personal information twice within any given 12-month period.  We will provide responsive information for a period of 12 months preceding the date of your request.  We will provide this information to you within a period of 45 days from the date of your request.  If needed, we may require up to an additional 45 days to complete the request but will provide notice to you of the need for the additional time prior to the expiration of the initial 45-day period.

 

In order to respond to your request, we will need to obtain enough information from you to verify that yours is a valid and legitimate request.  This provides further protection for your personal information.

 

Right to Request Disclosure of Sensitive and Personal Information

 

You may request that we disclose the categories of sensitive and personal information that we have collected about you, the specific pieces of sensitive and personal information that we have collected about you, or both. 

 

Right to Correct Inaccurate Personal Information

 

In the event that any of the personal information we maintain about you is incorrect, you have the right to request that we correct it.

 

Right to Limit Use and Disclosure of Sensitive Personal Information

 

You may request that we limit the use and disclosure of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, and other specific uses delineated in the CCPA and CPRA. 

 

The CCPA and CPRA define “sensitive personal information” as personal information that reveals any of the following:

 

  • A consumer’s social security, driver’s license, state identification card, or passport number;
  • A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • A consumer’s precise geolocation;
  • A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
  • The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication;
  • A consumer’s genetic data;
  • The processing of biometric information for the purpose of uniquely identifying a consumer;
  • Personal information collected and analyzed concerning a consumer’s health; and
  • Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

 

Right to Opt-Out

 

You may request that we stop sharing your personal information for cross-context behavioral advertising. We do not share your information for this purpose, but are simply informing you of this right under the CCPA and CPRA.

 

Right to Request Deletion of Personal Information

 

You also have the right to submit a request that we delete the personal information we have collected about you.  There are several exceptions to the consumer’s right to deletion; namely, we may retain your information despite your request for deletion if we require the information in order to do any of the following:

 

  • Complete the transaction for which the personal information was collected;
  • Provide a good or service requested by the consumer or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer;
  • Otherwise perform a contract between the business and the consumer;
  • Detect security incidents and protect against “malicious, deceptive, fraudulent, or illegal activity;”
  • Use for internal debugging purposes or to repair software errors;
  • Exercise free speech, ensure the right of another consumer to exercise free speech, or any other right provided by law;
  • Use the information to comply with the California Electronic Communications Privacy Act;
  • Engage in research in the public interest that follows all other privacy laws (with consumer consent);
  • Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
  • Comply with a legal obligation; or
  • Otherwise use the information internally in a lawful manner that is compatible with the context in which the consumer provided the information.

 

How to Submit a Request

 

We offer consumers two distinct methods for submitting requests to exercise their rights under the CCPA and CPRA:

 

 

Submitting a verifiable consumer request does not require that you have an active account with us, nor are you required to create an account.  As previously noted, we will need to obtain enough information from you to verify your request in protection of your information before responding to your request.  Information that we may need from you to verify your request may include the following:

 

  • Legal name;
  • Email address;
  • Phone number;
  • Date of birth;
  • Last four digits of your social security number; and
  • Billing address.

 

We may decline a consumer request if the time and resources that must be expended in order to respond to the request outweigh the reasonably foreseeable impact to the consumer from not responding, as provided by California law.

 

Requests by an Authorized Agent

 

A California resident may use an authorized agent to submit a right to know request or a request to delete.  To use an authorized agent to submit such a request, the California resident must provide the agent with written authorization.  In addition, the California resident may be required to verify their own identity with us or to authenticate the agent’s authorization.  We may deny a request from an agent that does not submit proof, including written authorization from the resident, that the agent has been authorized by the California resident to act on their behalf.  However, such requirements will not apply where a California resident has provided the authorized agent with power of attorney pursuant to California Probate Code Sections 4000 to 4465.

 

Right to Not be Discriminated Against for Exercising the Rights to Disclosure or Deletion

 

We will not discriminate against you for exercising your rights under the CCPA and CPRA.  Unless otherwise permitted by the CCPA, the CPRA, or other California law, we will not deny you goods or services, charge you a different rate for goods or services, provide you a different quality of goods or services, or suggest that any aspect of your service will change if you exercise any of your rights enumerated here in this policy.

 

Categories of Information We Collected About Consumers in the Past 12 Months

 

We collect personal information about you to enable us to provide goods and services to you, to manage and operate our business, to market our goods and services to you, and to comply with our legal and regulatory obligations.

 

We have collected the following categories of information about our consumers in the past 12 months. We have not necessarily collected each category about every consumer. Except as otherwise noted, we retain each of the below categories of information for seven years from the date of your last transaction with us for the same reasons that we collect the information: to enable us to provide goods and services to you, to manage and operate our business, to market our goods and services to you, and to comply with our legal and regulatory obligations.

 

Categories of Information (and Retention Period, if different than indicated above)

Source(s)

Personal identifiers: full name, date of birth

You

Sensitive personal information: credit card information (number, CVC, and expiration date), online account login credentials for your account with us (username and password)

You

Non-sensitive personal information: telephone number, mailing address, business name

You

Commercial information (e.g., transaction information or purchase history)

You

Audio or visual information – this information is generally retained for a period of seven days

Our security system at the Grgich Hills Estate winery

Inferences drawn from any of the above categories to create a profile or summary about a consumer’s preferences and/or characteristics

You

 

If you are an employee or job applicant of the Company, please see the CCPA/CPRA Notice to Employees/Job Applicants that is available at this link and is posted in the breakroom for information that is more specific to you and for notice of the categories of information we have collected about our employees and job applicants over the past 12 months.

 

Disclosure of Personal Information to Third Parties

 

The following chart lists the categories of information that we have collected about our consumers over the last 12 months that we have shared with third parties. We do not sell your personal information.

 

Categories of Information

Categories of Third Parties with Whom Information is Shared

Purpose(s) for Sharing the Information

Personal identifiers: full name, date of birth

Third parties (including government agencies) if required to do so by law, regulation, or court order

To comply with our legal obligations and respond to governmental and/or law enforcement requests

Sensitive personal information: credit card information (number, CVC, and expiration date), online account login credentials for your account with us (username and password)

Third-party payment processors, including in connection with transactions where we require credit or debit card information

Third parties (including government agencies) if required to do so by law, regulation, or court order

To facilitate purchases you make with a debit or credit card

 

To comply with our legal obligations and respond to governmental and/or law enforcement requests

Non-sensitive personal information: telephone number, mailing address, business name

Third parties (including government agencies) if required to do so by law, regulation, or court order

To comply with our legal obligations and respond to governmental and/or law enforcement requests

Commercial information (e.g., transaction information or purchase history)

Third parties (including government agencies) if required to do so by law, regulation, or court order

To comply with our legal obligations and respond to governmental and/or law enforcement requests

 

We Do Not Sell Your Personal Information

 

We do not sell your personal information. However, in the event that we are considering a sale, partial or complete, asset transfer, partial or complete, or other financing matter, we would make any and all necessary disclosures to you before certain information we possess concerning you may be accessed, disclosed, and/or processed by third parties.  Such third party access would be governed by a written agreement that limits such access, disclosure, and processing in accordance with the CCPA, CPRA, and other applicable law.

 

Our Right to Change Privacy Policy

 

The foregoing policy is effective as of 01/01/2023. We reserve the right to change this policy at any time by notifying visitors to our website of the existence and location of the new or revised privacy policy. Changes to the policy will be posted to this page, and if changes are significant, a summary of the changes will be posted at the beginning of the policy. By entering our website and by continuing to use our services, you are accepting all terms and conditions outlined in the above Privacy Policy.

 

If you have any questions about this policy, you may contact us at 707-963-2784.