Privacy Policy

Privacy Policy

Stone Castle Vineyards & Winery

Last Updated: 10/03/2026

Welcome to Stone Castle Winery (“we,” “our,” “us”). At Stone Castle Winery (“Site”), accessible from stonecastlewine.com, we understand that your privacy is important. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase.

This Privacy Policy is drafted in compliance with the Law on Personal Data Protection of the Republic of Kosovo (Law No. 06/L-082), and where applicable, the EU General Data Protection Regulation (GDPR). For customers in Albania, this policy also aligns with the Law on the Protection of Personal Data (Law No. 9887, dated 10.03.2008, as amended). For customers in North Macedonia, this policy aligns with the Law on Personal Data Protection (Official Gazette No. 42/2020). We are committed to protecting your personal data and being transparent about how we use it.

1. Data Controller

The data controller responsible for processing your personal data is:

Company: Stone Castle Vineyards & Winery SH.P.K.

NUI: 810518392

Address: Bernjaka P.N., Rahovec, 21000 Kosovo

Email: info@stonecastlewine.com

Phone: +383 29 276 053

If you have any questions about how your data is processed, you may contact us at the details above.

2. Information We Collect

We may collect the following categories of personal information:

  • Contact details: name, email address, phone number, billing address, and shipping address
  • Account information: username and password (encrypted)
  • Order information: purchase history, delivery details, payment method used
  • Technical information: IP address, browser type and version, device information, operating system, pages visited, time and date of visits, time spent on pages, and referring URLs
  • Marketing preferences: your choices regarding receiving promotional communications from us
  • Age verification data: date of birth or age confirmation to verify you meet the minimum legal drinking age
  • Communication records: correspondence with our customer support team, including emails and any feedback you provide

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Performance of a contract: Processing is necessary to fulfill your orders, manage your account, and provide customer support (Article 6(1)(b) GDPR).
  • Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our Website, preventing fraud, and ensuring security (Article 6(1)(f) GDPR).
  • Consent: Where you have given explicit consent, such as for receiving marketing communications. You may withdraw consent at any time (Article 6(1)(a) GDPR).
  • Legal obligation: Processing is necessary to comply with applicable laws, including age verification for the sale of alcohol and tax or accounting requirements (Article 6(1)(c) GDPR).

4. How We Use Your Information

Your information may be used for the following purposes:

  • Processing, fulfilling, and managing your orders and payments
  • Verifying your age to ensure compliance with alcohol sale regulations
  • Communicating with you about order updates, delivery status, and customer service inquiries
  • Creating and managing your online account
  • Improving our Website, products, and user experience through analytics
  • Sending marketing communications, newsletters, and promotional offers (only with your consent)
  • Preventing and detecting fraud, unauthorized transactions, and other security concerns
  • Complying with legal and regulatory obligations

5. Cookies and Tracking Technologies

We use cookies, log files, and similar tracking technologies to collect data about your interactions with our Website. These technologies help us to:

  • Remember your preferences and settings
  • Analyze website traffic and performance
  • Deliver relevant content and advertising
  • Understand how visitors navigate and interact with our Website

You may manage or disable cookies through your browser settings. Please note that disabling certain cookies may limit your ability to use some features of our Website. For detailed information on the cookies we use, please refer to our Cookie Banner displayed when you first visit the Website.

6. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your data with the following categories of recipients, only to the extent necessary:

  • Payment processors: Paysera (for secure payment processing via Visa, Mastercard, Apple Pay, Google Pay)
  • Shipping carriers: Courier and logistics providers for order delivery
  • IT and hosting providers: Website hosting, maintenance, and analytics services
  • Legal authorities: Where required by law, regulation, or legal process
  • Professional advisors: Accountants, lawyers, and auditors as needed

All third-party service providers are required to process your data in accordance with applicable data protection laws and only for the specific purposes for which it was shared.

7. International Data Transfers

Your personal data is primarily stored and processed within Kosovo and the European Economic Area (EEA). If any data is transferred outside of Kosovo or the EEA, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with applicable data protection laws.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods include:

  • Order and transaction data: Retained for 6 years from the date of the transaction for tax, accounting, and legal compliance purposes.
  • Account data: Retained for as long as your account remains active. If you request account deletion, your data will be removed within 30 days, except where retention is required by law.
  • Marketing data: Retained until you withdraw consent or unsubscribe from marketing communications.
  • Technical and analytics data: Retained for up to 24 months.
  • Customer support records: Retained for up to 3 years from the date of the last communication.

After the applicable retention period, personal data will be securely deleted or anonymized.

9. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted through our Website
  • Secure payment processing through Paysera’s PCI DSS-compliant payment gateway
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security assessments and monitoring

While we take every reasonable precaution, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

10. Your Rights

Under the Law on Personal Data Protection of the Republic of Kosovo and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
  • Right to restrict processing: You have the right to request that we limit how we use your data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
  • Right to object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at info@stonecastlewine.com. We will respond to your request within 30 days. We may ask for verification of your identity before processing your request.

11. Right to Lodge a Complaint

If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with the Information and Privacy Agency of the Republic of Kosovo:

Kosovo: Agjencia e Informimit dhe e Privatesise (AIP) — https://aip.rks-gov.net

Albania: Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale (IDP) — https://www.idp.al

North Macedonia: Agencija za zaštita na ličnite podatoci (AZLP) — https://www.dzlp.mk

You may also contact us directly, and we will do our best to resolve your concern promptly.

12. Third-Party Links

Our Website may contain links to third-party websites, including social media platforms. We are not responsible for the content, privacy practices, or security of any third-party websites. We encourage you to review the privacy policies of any external websites you visit through links on our site.

13. Children’s Privacy

Our Website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal data, please contact us immediately.

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Website after any changes constitutes your acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Company: Stone Castle Vineyards & Winery SH.P.K.

NUI: 810518392

Address: Bernjaka P.N., Rahovec, 21000 Kosovo

Email: info@stonecastlewine.com

Phone: +383 29 276 053

Fax: +383 29 276 051

0
    0
    Your Cart
    Your cart is emptyReturn to Shop
    Continue Shopping