ads-linkedin Privacy policy – United Cellars

Your cart

Your cart is empty

Check out these collections.

Red Wine
White Wine
Rosé Wine
Sparkling
grid-red
Please verify your age

Are you over 18?

To enter this site you need to be of legal drinking age in your country.

Are you over 18 years old?

No, I am under 18 years old

By clicking yes I agree to the terms and conditions and the privacy policy.

Privacy policy

Privacy Policy

Last updated: 1st April 2026


Introduction

United Cellars operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). United Cellars is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.


Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.


Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law.


We may also create inferences from your personal information, such as your purchasing preferences, interests, and product affinities, to provide you with personalized recommendations and marketing.


We may collect or process the following categories of personal information:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.

  • Financial information including payment card information, financial account information, transaction details, form of payment, and payment confirmation. We do not retain full credit card or debit card numbers; we store only the last four digits for transaction history and dispute resolution purposes.

  • Account information including your username, password, security questions, preferences and settings.

  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.

  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.

  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.

  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.


Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;

  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;

  • From our service providers and partners including Shopify, Klaviyo, Google Analytics, Microsoft Clarity, NetSuite, Stripe, Eway, and customer support providers who collect or process your personal information on our behalf;

  • From other sources including publicly available information, industry data providers, or information you share on social media or public forums. 

  • Collection Notices: When we collect your personal information online (such as during account registration or checkout), we provide a collection notice that informs you at the point of collection about how we use your information. Additionally, this Privacy Policy is available prominently on our website and in the footer of every page, ensuring you have access to information about our data practices before providing personal information.


How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:


Provide, Tailor, and Improve the Services

We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.


Marketing and Advertising

We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.


Security and Fraud Prevention

We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.


Communicating with You

We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.


Legal Reasons

We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.


Automated Decision-Making

We use your personal information to create automated profiles and recommendations based on your browsing history, purchase behavior, and interactions with our Services. These automated systems help us personalize your experience and recommend products you may be interested in.


How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:


  • With Shopify, vendors and other third parties who perform services on our behalf, including:

  • Shopify (for e-commerce platform, payments, and analytics)

  • Klaviyo (for email marketing and engagement tracking)

  • Google Analytics (for website usage analytics and improvement)

  • Microsoft Clarity (for user behavior analytics and session recording)

  • Stripe (for alternative payment processing)

  • Eway (for call centre payment processing)

  • NetSuite (for ERP and customer data management)

  • Google Workspace (for internal communication and collaboration)

  • Google Looker Studio (for data visualization and reporting)


These service providers are contractually required to use your information only for the purposes we specify and to protect it with appropriate security measures. They are not permitted to use your information for their own marketing or business purposes.


  • With business and marketing partners to provide personalized advertising and marketing services. Specifically:


Shopify Cross-Merchant Personalization: We permit Shopify to use your personal information (such as browsing history and purchase activity) to provide personalized product recommendations not only on United Cellars' store, but across Shopify's platform and other merchants' stores. This means your United Cellars activity may be used to improve product suggestions you see on other Shopify stores. Your information is used in accordance with Shopify's privacy policy.


Other Marketing Partners: We may also share your email address and purchase history with third-party marketing platforms to show you targeted advertisements on social media and other websites. These partners will use your information in accordance with their own privacy notices.


Your Opt-Out Rights: Depending on where you reside, you may have the right to opt-out of cross-merchant personalization and targeted advertising. You can:

  • Opt out of Shopify's cross-merchant personalization at: https://privacy.shopify.com/en

  • Manage your marketing preferences by emailing web@unitedcellars.com.au


Note: Even if you opt out, we may still use your information for our own marketing (such as emails about new products). To fully opt out of all marketing, you can unsubscribe from emails using the unsubscribe link in any marketing email we send.


  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.

  • With our affiliates or otherwise within our corporate group.

  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Data Processing by Shopify


United Cellars and Shopify: Division of Responsibility

United Cellars collects your personal information and determines how it is used (e.g., to process your order, send you marketing emails, manage your account). Shopify processes some of your personal information on our behalf as a data processor, providing the technical platform for our store.

What Shopify Processes on Our Behalf:

  • Your account login information and preferences

  • Your order history and transaction details

  • Your contact information (name, email, shipping address)

  • Your browsing activity on our store

  • Payment information (processed securely)


What Shopify Uses Independently:

Shopify also uses your personal information for its own business purposes, including:

  • Analytics about how customers interact with Shopify stores (including ours)

  • Cross-merchant personalization (using your activity across Shopify stores to improve recommendations)

  • Improving Shopify's platform and services


When Shopify uses your data for these independent purposes, Shopify is the data controller and is responsible for compliance with privacy law, not United Cellars.


Data Locations and International Transfers:

Your information is transmitted to and stored by Shopify in the United States and other countries. Shopify maintains data processing agreements compliant with international privacy standards. For details about Shopify's data handling practices and your rights, visit https://privacy.shopify.com/en or contact Shopify directly.


Your Rights Regarding Data Processed by Shopify:

You can exercise your rights (access, correct, delete) with respect to data processed by Shopify through:

  • Shopify's Customer Data Portal: https://privacy.shopify.com/en

  • United Cellars: web@unitedcellars.com.au (for data we hold directly)

For data access or correction requests, please specify whether you are requesting information from United Cellars or from Shopify, as the processes differ slightly.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of 18. If you are the parent or guardian of a child under 18 who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.


As of the date this Privacy Policy was last updated, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.


Security and Retention of Your Information


Data Security Measures

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, and disclosure, including:

  • Encryption of financial information during transmission (SSL/TLS 256-bit encryption or higher)

  • Secure password hashing for account credentials

  • Restricted access to customer databases (role-based access controls)

  • Regular security assessments and vulnerability testing

  • Secure deletion of information no longer needed

  • Staff training on privacy and data handling practices

  • Compliance with Shopify's security standards (PCI DSS Level 1 for payment data)

  • Incident response procedures for potential data breaches


However, no online system is completely secure. We recommend that you:

  • Keep your login credentials confidential

  • Use a strong, unique password and change it regularly

  • Do not access your account over public Wi-Fi networks

  • Contact us immediately if you suspect unauthorized access to your account


Data Retention

How long we retain your personal information depends on the purpose for which we collected it and our legal obligations. Specific retention timelines include:

  • Account Information: Retained while you maintain an account with us, and for minimum of 7 years after account closure (to comply with tax law and dispute resolution)

  • Transaction and Purchase History: Retained for 7 years (to comply with Australian Consumer Law and taxation law)

  • Payment Card Information: Processed by Shopify and retained per Shopify's schedule (typically 7 years minimum for dispute resolution)

  • Email Communications and Support Records: Retained for 3 years (for customer service history and quality assurance)

  • Marketing and Communication Preferences: Retained for 1 year after you unsubscribe (to prevent re-adding your address)

  • Device and Usage Information: Retained for 12 months (for analytics, security, and fraud prevention)

  • Cookies and Similar Technologies: Retained per the cookie's expiration settings (typically 12 months)

When we no longer need your information for these purposes, we securely delete or de-identify it. You can request deletion of your personal information at any time by contacting us at web@unitedcellars.com.au, subject to any legal obligations that may require us to retain it.

Secure Deletion Process: When we delete your personal information, we use secure deletion methods that make the data unrecoverable, including permanent erasure of physical storage media where applicable. For data stored by our service providers, we require them to certify deletion in accordance with industry-standard practices.

Your Rights and Choices


Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute and may not apply in all circumstances. If we cannot fulfill your request, we will provide you with reasons in writing.


Right to Access / Know

You may have a right to request access to personal information that we hold about you. When you request access, we will:

  • Provide your personal information in a clear, understandable format

  • Respond within 30 days of receiving your complete request (or notify you if an extension is necessary)

  • Provide the information at no charge in most cases (we will advise you if a fee is applicable before processing your request)


Right to Delete / Erasure

You may have a right to request that we delete personal information we maintain about you. Please note that we may not be able to delete information if we need to retain it for legal, tax, or contractual reasons (such as transaction records retained for 7 years). We will explain any reasons we cannot delete your information.


Right to Correct / Rectification

You may have a right to request that we correct inaccurate or incomplete personal information we maintain about you. We will promptly correct inaccurate information and notify service providers who received the incorrect information (where required).


Right of Portability

You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to another service provider, in a commonly used electronic format, subject to certain exceptions (such as information that belongs to another person).


Managing Communication Preferences

We may send you promotional emails, text messages, or other marketing communications. You can opt out of marketing communications at any time by:

  • Using the unsubscribe link in any email we send you

  • Contacting us at web@unitedcellars.com.au with the subject "Unsubscribe"

  • Updating your communication preferences in your account settings


Please note: Even if you opt out of marketing communications, we may still send you non-promotional emails, such as those about your account, orders, security, or legal matters.


How to Exercise Your Rights

To exercise any of the above rights:


1. Contact us at:

  • Email: web@unitedcellars.com.au

  • Mail: United Cellars, Level 3, 8 West St North Sydney NSW 2060

  • Subject line: "Data Request [Your Name]" (for clarity)


2. Provide sufficient information for us to locate your information (e.g., your account email, order number, date of transaction)


3. Verify your identity by providing a government-issued ID or other proof (we will explain what we need)


4. We will respond within 30 days, or notify you if we need an extension


Data Held by Shopify

For personal information processed by Shopify (such as transaction history, device information, and cookies), you can also exercise your rights directly through Shopify's Customer Data Portal: https://privacy.shopify.com/en or by contacting Shopify at https://support.shopify.com/


For clarity: Contact United Cellars (web@unitedcellars.com.au) for data we hold directly; contact Shopify for data Shopify holds on your behalf.


Authorized Agents

You may authorize another person (an agent) to make requests on your behalf. We will require:

  • Proof that you have authorized the agent to act on your behalf

  • Your agent to provide your identity information and proof of their own identity


We will not discriminate against you for exercising any of these rights.


Complaints and Data Breaches


Complaints About Our Privacy Practices

If you have a complaint about how we process or handle your personal information, or if you believe we have breached your privacy rights, you may lodge a complaint with us at any time:


How to Lodge a Complaint with United Cellars:

  • Email: web@unitedcellars.com.au (subject line: "Privacy Complaint")

  • Mail: United Cellars, Level 3, 8 West St North Sydney NSW 2060


What Happens When We Receive Your Complaint:

1. We will acknowledge your complaint in writing within 5 business days


2. We will investigate your complaint and consider any information you provide


3. We will provide you with a written response within 30 days of receiving your complete complaint (or notify you if an extension is necessary)


4. Our response will explain:

  • What we found during our investigation

  • Whether we believe we breached your privacy rights

  • What action we will take to resolve the matter (if any)

  • Your rights to escalate if you are not satisfied


Appeals and Escalation:

If you are not satisfied with our response to your complaint, you may:

  • Ask for a review or reconsideration of our decision by contacting us

  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) (see below)


Data Breach Notification

A data breach is an unauthorized disclosure or loss of your personal information. If we discover a data breach that is likely to result in serious harm to you (such as identity theft, fraud, or other misuse of your information), we will:


1. Notify you as soon as practicable, typically no later than 30 days after we discover the breach


2. Provide you with:

  • A description of the breach (what happened and when)

  • The types of personal information affected

  • Likely consequences of the breach for you

  • What steps we have taken to contain the breach and prevent similar incidents

  • What steps you can take to protect yourself (e.g., monitor your accounts, change passwords, watch for suspicious activity)

  • Contact details for where you can get more information


3. Notify the Office of the Australian Information Commissioner (OAIC) as required by law


We take data security very seriously and have implemented measures to prevent breaches. However, if a breach does occur, we are committed to transparency and prompt notification.


Contact the Office of the Australian Information Commissioner (OAIC)

If you have concerns about how we handle your personal information, or if you are not satisfied with our response to your privacy complaint, you have the right to lodge a complaint with Australia's privacy regulator:


Office of the Australian Information Commissioner (OAIC)

  • Website: https://www.oaic.gov.au/

  • Phone: 1300 363 992

  • Email: enquiries@oaic.gov.au

  • Postal Address: 13 Wentworth Street, Parramatta NSW 2150


Online Complaint Form: https://www.oaic.gov.au/making-a-complaint


There is no fee to lodge a complaint with the OAIC. The OAIC will investigate your complaint and can issue findings and recommendations about whether we have breached privacy law.


Your Right to Lodge a Complaint is Not Affected by Our Process

Lodging a complaint with us does not affect your right to lodge a complaint with the OAIC at any time. You do not need to complain to us first before contacting the OAIC.


International Transfers of Personal Information


We Transfer Data Outside Australia

We transfer, store, and process your personal information in countries outside Australia. Below is a summary of where your data goes and how we protect it.


Key Overseas Recipients:


Shopify (United States, Canada, and other jurisdictions)

  • What data: Your account information, transaction history, contact details, device and usage information

  • Purpose: Provide the e-commerce platform, payment processing, and analytics

  • Data locations: Shopify operates data centers in the United States and Canada, with backup and redundancy systems in other countries

  • Protection: Shopify complies with industry-standard privacy and security practices (PCI DSS Level 1)

  • Learn more: https://privacy.shopify.com/en


Klaviyo (United States)

  • What data: Your email address, purchase history, browsing activity

  • Purpose: Send marketing emails and track engagement

  • Data locations: United States

  • Protection: Klaviyo's Standard Contractual Clauses and encryption

  • Learn more: https://www.klaviyo.com/privacy


Google Analytics (United States and global)

  • What data: Your IP address, browser information, pages visited, products viewed

  • Purpose: Understand how customers use our website to improve design and performance

  • Data locations: United States and globally distributed

  • Protection: Google's privacy and security standards

  • Learn more: https://policies.google.com/privacy


Microsoft Clarity (United States)

  • What data: User behavior data, session recordings, browsing patterns

  • Purpose: Analyze user interactions and improve website usability

  • Data locations: United States

  • Protection: Microsoft's privacy and security standards

  • Learn more: https://clarity.microsoft.com/


Stripe (United States and multiple jurisdictions)

  • What data: Payment card information, transaction details

  • Purpose: Alternative payment processing for online transactions

  • Data locations: Stripe processes data in multiple jurisdictions

  • Protection: Stripe complies with PCI DSS Level 1 and industry standards

  • Learn more: https://stripe.com/privacy


Eway (Australia and multiple jurisdictions)

  • What data: Payment card information, transaction details

  • Purpose: Payment processing for call centre transactions

  • Data locations: Australia and international data centers

  • Protection: Eway complies with PCI DSS and Australian security standards

  • Learn more: https://www.eway.com.au/privacy


NetSuite (United States and multiple jurisdictions)

  • What data: Customer information, order details, enquiry records, sales data

  • Purpose: ERP system for managing customer data, orders, and business operations

  • Data locations: NetSuite's data centers in United States and global locations

  • Protection: Oracle's (NetSuite's parent) privacy and security standards, Standard Contractual Clauses for international transfers

  • Learn more: https://www.netsuite.com/portal/privacy.shtml


Google Workspace (United States and multiple jurisdictions)

  • What data: Internal communications, collaboration documents, email

  • Purpose: Internal communication, email, and document collaboration

  • Data locations: Google's data centers in United States and globally

  • Protection: Google's privacy and security standards

  • Learn more: https://workspace.google.com/security/


Google Looker Studio (United States)

  • What data: Aggregated analytics data, reporting metrics

  • Purpose: Data visualization and reporting for business analytics

  • Data locations: United States

  • Protection: Google's privacy and security standards

  • Learn more: https://cloud.google.com/security/


United Cellars Group (New Zealand)

  • What data: Customer email address, order history, customer service records, purchase history

  • Purpose: Manage customer enquiries, provide customer service, and conduct shared business operations

  • Data locations: New Zealand

  • Protection: Compliant with New Zealand Privacy Act 2020 and our corporate data handling agreements

  • Your rights: Same rights to access, correct, and delete as you have in Australia


Data Protection Mechanisms

When we transfer your personal information to countries outside Australia, we implement the following protection mechanisms:


  • Standard Contractual Clauses (SCCs): For transfers to the EU and UK, we use the European Commission's approved SCCs to ensure a level of protection equivalent to Australian law

  • Corporate Data Processing Agreements: For transfers within our corporate group (such as to NZ), we use internal agreements that require all recipients to protect your information to the same standard as in Australia

  • Vendor Privacy Policies: For third-party vendors, we rely on their privacy certifications, policies, and contractual commitments (such as Privacy Shield, Standard Contractual Clauses, or Binding Corporate Rules)

  • Encryption: Data in transit is encrypted using industry-standard protocols


Risks of International Transfer

When your personal information is transferred outside Australia, you should be aware that:


  • Different countries have different privacy laws, and some may provide less protection than Australian law

  • Some countries' governments may have the ability to access data held within their borders

  • You may have limited legal recourse if your privacy is breached in another country


Requesting Information About Your Data Transfers

You can request details about where your personal information is stored and processed by contacting us at web@unitedcellars.com.au. We will provide you with specific information about any international transfers of your data and the protection mechanisms we use.


Exercise Your Rights

You have the right to access, correct, or delete your information, regardless of where it is stored internationally. Contact us at web@unitedcellars.com.au to exercise these rights.


Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, new technologies, legal requirements, or regulatory developments. Material changes will be communicated to you via email (if we have your email address) or by prominently displaying the changes on this website.


We will:

  • Update the "Last updated" date at the top of this Privacy Policy

  • Provide notice as required by applicable law

  • Continue to apply the practices described in the previous version for any personal information we collected under that version, unless you consent to the new version


We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal information.


Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us at:


  • Email: web@unitedcellars.com.au

  • Mail: United Cellars, Level 3, 8 West St North Sydney NSW 2060


For complaints specifically about privacy, please see the "Complaints and Data Breaches" section above for additional contact options.