1. General provisions
This Privacy Policy (the 'Policy') sets out how 5TH PLANET LIMITED (Hong Kong) — hereinafter 'VINOACCS' or 'we' — processes personal data when you use the website vinoaccs.com (the 'Site').
The Policy meets the requirements of:
- Russian Federal Law No. 152-FZ 'On Personal Data' of 27.07.2006
- The General Data Protection Regulation (GDPR) of the European Union
- The Hong Kong Personal Data (Privacy) Ordinance (PDPO)
By using the Site and submitting enquiries through forms, you confirm that you have read this Policy and consent to the processing of your data on the terms set out herein.
2. What data we collect
2.1. Data you provide to us yourself
When submitting an enquiry, filling in forms or subscribing to the newsletter, you provide us with the following data:
- First name and surname
- Company name and job title
- Email address
- Telephone number
- Country and city
- The content of your enquiry, brief files and any other materials you attach
- Comments and messages you submit through the contact forms
2.2. Data collected automatically
When visiting the Site we automatically collect:
- IP address and approximate geographical location
- Device type, browser, operating system
- Screen resolution, language settings
- Pages viewed and time spent on them
- The source of the visit (referrer)
- Cookie data (see section 6)
3. Why we collect the data
We process your data solely for the following purposes:
- Handling your enquiries and commercial requests — preparation of commercial proposals, price calculation, discussion of order terms
- Communication — responses to your questions by email, phone, WhatsApp, Telegram
- Performance of contractual obligations — if we have signed a contract or framework agreement with you
- Informational newsletter — sending articles, case studies, news (only if you have subscribed)
- Site improvement — visit analytics, user-experience optimisation
- Compliance with legal requirements — retention of transaction documentation for the periods set by law
4. How we store data
Your data is stored on the servers of our technical partners, meeting security requirements:
- Enquiry and client database — Supabase (AWS infrastructure, SOC 2 Type II certified, ISO 27001)
- Files you attach — Cloudflare R2 (AES-256 encryption)
- Spam-bot protection for forms — Cloudflare Turnstile in invisible mode (no visible challenge); processing is governed by the Turnstile Privacy Addendum
- Email correspondence — Brevo (GDPR-compliant) and internal mail on Google Workspace
Data is transmitted over a secure HTTPS connection using TLS 1.3.
Retention periods
- Unanswered enquiries and enquiries without follow-up — 3 years from the date of last communication, then deleted
- Client data for active deals — for the entire period of cooperation plus 5 years after its end (to meet accounting and tax requirements)
- Newsletter subscribers — until unsubscription, after which the email is deleted within 30 days
- Analytical data — anonymised, up to 2 years
5. To whom we transfer data
We do not sell your personal data to third parties and do not transfer it for advertising purposes.
Your data may be transferred only in the following cases:
- Technical partners (hosting, email services, cloud databases) — to the minimum necessary extent, under confidentiality agreements
- Manufacturing factories in China — only anonymised technical requirements for the product; your personal data and your company name are not transferred to factories without your consent
- Government authorities — only upon receipt of an official request that complies with the law
- Legal and accounting advisers — where necessary to defend rights or comply with the law
Cross-border transfer
Your data may be processed on servers located outside your country (primarily in the EU, USA and Hong Kong). All partners hold certifications for data protection in line with GDPR and other international standards.
6. Use of cookies
Our Site uses cookies — small text files stored in your browser. We use:
- Technical cookies — required for the Site to operate (basket, enquiry form). They cannot be disabled without loss of functionality.
- Analytics cookies — help us understand how visitors use the Site so we can improve it. We currently use Cloudflare Web Analytics — privacy-first statistics with no cookies and no personal data. If we add Google Analytics later, it also falls under the “Analytics” category and loads only with your consent.
- Marketing cookies — may be used to show relevant advertising on other sites. Not used at present; enabled only with your consent.
- Functional cookies — remember your settings (language, region).
On your first visit to the Site you are asked to consent to cookies. You can change your choice at any time via the “Cookie settings” link at the bottom of any page, or in your browser settings.
7. Your rights
In relation to your personal data you have the right to:
- Obtain information — what data of yours we hold and how we use it
- Correct data — if any information is incorrect or out of date
- Delete data ('right to be forgotten') — in full or in part, where this does not conflict with legal requirements to retain financial documentation
- Restrict processing — suspend the use of your data for marketing purposes
- Withdraw consent — at any time
- Obtain a copy of your data — in machine-readable format (portability)
- Lodge a complaint — with the supervisory authority (in Russia — Roskomnadzor, in the EU — the relevant Data Protection Authority)
To exercise any of these rights, email us at privacy@vinoaccs.com. We will reply within 30 calendar days.
8. How to contact us on data protection matters
Data controller
9. Changes to the policy
We may update this Policy periodically. In the event of material changes we will notify you:
- By email (if you subscribe to the newsletter or are our client)
- By a banner on the Site on your next visit
The date of the latest update is always shown at the top of this document. By continuing to use the Site after an update, you confirm your agreement to the new version.
