We know that you care how information about you is used and shared, and so do we. That is why we Vincario s.r.o., ID no. 05011833, with its registered office at: Vlčí Vrch 433, 257 21 Poříčí nad Sázavou as, maintained by the commercial register of Municipal court in Prague under C 256769 (the “Vincario” or “we”) as a data collector we are committed to protecting your privacy, and we support a general policy of openness about how we collect, use and disclose your personal information.
The purpose of this Privacy Policy is to inform you about our practices relating to the collection, use and disclosure of personal information through your access to or use of our Offerings. This Privacy Policy explains how we comply with the GDPR and other applicable data protection legislation. U.S. residents especially in California also have rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), which are detailed below. If you are a California resident, read this Privacy Policy for relevant California law references and review the section titled “Your U.S. State Privacy Rights” for detailed information about your rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
This Privacy Policy also explains how you can contact us if you have a question about, want to make a change to or delete any personal information that we may be holding about you. We strongly recommend that you take the time to read this Privacy Policy and retain it for future reference.
As it relates to this policy, “Personal Data or data” (also called “Personal Information” in certain privacy laws) means any information that can be used, alone or together with other data, to uniquely identify any living person and any information deemed as personally identifiable information by applicable privacy laws.
Primarily your first and last name, date of birth, or place of residence, postal code: we need to know who our customers, or employees are, or who is acting on their behalf.
Primarily your phone numbers and email addresses, that you upload, post or input into any of our Offerings or give us in any other way in the course of you accessing or using any of our Offerings so we can contact you and communicate with you—whether in the performance of your work duties (if you are our employee), during contract negotiation and fulfilment, or on other occasions.
We process data related to your payment methods, bank accounts, and information from invoices and other tax and accounting documents to properly track and settle payments for services and products provided. Similarly, we process data about your salary and deductions if you are our employee.
During various forms of communication, you may share personal data with us. We process this data along with information about when and how the communication occurred.
If you are our employee, we also process certain data related to your experience and qualifications for the job. This includes information and documents about your education, previous work experience, language skills, marital status, and family members.
When you use our website, certain data is automatically sent from your device such as the Internet protocol (IP) address used to connect your computer to the Internet; login credentials you use to access any Offering; computer and connection information such as browser type and version, operating system, and platform; the full Uniform Resource Locators (URL) clickstream to through, and from our Website, including date and time; cookie number; products you viewed or searched for. From logs—where user activity is also recorded for security reasons—we can read the actions you performed on the website and information entered into forms. For optimal display of our website and services, we use information about your operating system (e.g., iOS or Android), its version, and technical data about the devices you use to access our site (e.g., type of smartphone). This helps us continuously improve our services and adapt them to current technical capabilities.
If cookies are enabled in your browser, they send us additional information, such as which pages you visit and your user preferences on your device. This also includes data from similar tracking technologies.
As a company regulated by Czech law, we are subject to certain legal obligations. These typically include the obligation to record payments and maintain proper accounting documentation, comply with consumer protection laws (where applicable), and properly identify our customers. This also includes laws related to maintaining employee records and handling tax and payment-related matters. For this purpose, we may process identification data, contact details, payment, payroll and accounting data, communication data and data derived from communication, as well as data on services and products provided.
The legal basis for this processing is compliance with legal obligations. We usually obtain the data directly from you, either during the contract conclusion process or through mutual communication.
We process personal data for these purposes for the duration specified by applicable legal time limits, usually not exceeding 10 years, in accordance with accounting regulations.
We also need personal data to properly protect our rights and claims and to maintain internal records of our customers and clients, including data necessary for debt collection or effective defense in potential disputes (i.e., to be able to defend ourselves in court or in out-of-court, enforcement, or similar proceedings, where the absence of such data could jeopardize or prevent the protection of our rights). For this purpose, we may process identification data, contact details, payment, payroll and accounting data, employment-related data, communication data and data derived from communication.
The legal basis for this processing is our legitimate interest in protecting our rights, legal claims, and maintaining records of performance.
Personal data is generally retained for the duration of the statutory limitation period, including any suspension or interruption of that period, but usually not longer than 16 years after the provision of services, delivery of products, or termination of the contract with us.
If you are our employee or subcontractor, we also use some of your data for developing, evaluating, and adapting personnel and compensation systems, processing employee share participation models, managing strategic procedures, creating company presentations, and registering employees for training events. For this purpose, we may process identification data, contact details, image and likeness data, payment, payroll and accounting data, employment-related data, and communication data and data derived from communication.
The legal basis for this processing is our legitimate interest in improving the efficiency of our internal processes and creating new ones. In some cases, your consent may also be required for the processing of personal data.
Personal data is generally retained for the duration of the employment relationship and for one year after its termination. If consent is given, this period may be shortened until the consent is withdrawn.
We also use personal data when offering our services and products or promoting our brand and company, including sending news and newsletters. We aim to avoid unnecessary or inappropriate communication, so we use the collected personal data to better understand your needs and offer suitable solutions. We may use a wide range of communication channels, including traditional mail, email, SMS, notifications, and pop-ups on our website. For this purpose, we may process identification and contact data, data on website usage, and data from cookies and other tracking technologies.
The legal basis for this processing is our legitimate interest in promoting our brand, company, services, products, and website. In some cases, your consent may also be required.
If we process your personal data based on legitimate interest, we do so until you object to such processing or take another action indicating that you no longer wish for your data to be processed for this purpose. You have the right to object to such processing. If you have not opted out of receiving marketing materials or communications, we may also use (but will not disclose) your personal information to promote and market additional goods, services and special offers from us and/or our business associates, including by means of direct marketing.
If we process your personal data based on your consent, we do so until the consent is withdrawn.
We process personal data of visitors to our website when they visit or navigate through it. We use cookies and other technologies that may result in the processing of personal data for the purposes listed below. Cookie is an alphanumeric identifier that enables our systems to recognize your browser and to provide more efficient service of our Website. We may also use cookies and work with third party service providers who use cookies to collect traffic data and other information about your use of our Website. We and our third-party partners (such as analytics providers and advertising networks) service providers will may use this information in aggregated and anonymous form to analyze usage of our Website and to improve the operation of our Website, Services and/or Products. This includes device identifiers, IP address, browser type, pages visited, and other usage data. Some browsers can be set to reject all cookies. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and/or how to disable cookies altogether. If you choose to modify your browser in this manner, some pages of our Website may not function properly. Cookies allow you to take full advantage of some of our most advanced features, and we recommend that you leave them turned on, disabling cookies may affect site functionality.
You can manage cookie settings and opt out of targeted advertising via your browser or our cookie banner. For California users, we honor Do Not Track (DNT) as valid opt-out mechanisms.
The processing of personal data is necessary for the proper operation of our website, including its presentation, functionality, and ensuring secure access. For this purpose, we may identify our visitors while browsing the website and when logging in, if applicable. Therefore, we process data about the use of our website and data from cookies and other tracking technologies to the extent necessary for website operation (essential cookies).
The legal basis for this processing is our legitimate interest in ensuring the functionality and security of the website.
Personal data is generally retained for up to 2 years from the date of your visit to our website.
The processing of personal data is necessary to preserve your preferences and customize our website accordingly, as well as to provide a more pleasant user experience. For this purpose, we tailor the website to your location, selected language, or device. Therefore, we process data about the use of our website and data from cookies and other tracking technologies to the extent necessary for website customization (preference cookies).
The legal basis for processing data about the use of our website is our legitimate interest in customizing the website to visitor preferences. We generally retain your personal data for up to 2 years from your visit to our website.
The processing of personal data is necessary to understand how visitors use our website. For this purpose, we monitor website traffic, optimize our website, ensure its security and the security of your data, and improve the smoothness and user-friendliness of the site. The legal basis for processing data about the use of our website is our legitimate interest in collecting information about website usage and its further development. We generally retain your personal data for up to 2 years from your visit to our website.
The processing of your personal data is also necessary for collecting information about your personal preferences regarding advertising and subsequently presenting recommended products based on those preferences. For this purpose, we promote and sell services and products on our website and display marketing messages related to services and products you have shown interest in, and we promote our brand through online advertising. The legal basis for processing data about the use of our website is our legitimate interest in supporting the sale of our products and services. We generally retain your personal data for up to 2 years from your visit to our website or receiving the e-mail for this purpose.
We collect personal information about you, from you, or from third parties you authorize only when you voluntarily provide it or authorize us to collect it. In jurisdictions where consent is required we will seek consent for the use or disclosure of your personal information at the time of collection. In certain circumstances, consent may be sought after the information has been collected but before use (for example, when we want to use information for a purpose not previously identified). The form of consent that we seek, including whether it is expressed or implied, will largely depend on the sensitivity of the personal information and the reasonable expectations of the individual in the circumstances.
California users have rights outlined in the “Your U.S. State Privacy Rights” section.
The personal data we process primarily comes directly from you—through the process of contract conclusion, contract performance, and our mutual communication. You may also provide it to us in other ways, especially via our website. We may also obtain personal data directly from you by monitoring your behaviour on our website.
Additional personal data may be obtained from our partners who act as controllers of your personal data and who transfer it to us based on their own instructions and for their own purposes—in such cases, we act as data processors. There may also be partners with whom we share joint controllership.
All the personal data mentioned is processed by us as the data controller. In exceptional cases, we may also act as a data processor.
If we are the controller, it means we determine the purpose and means of processing your personal data—especially how it is collected, recorded, organized, and possibly disclosed—and we are responsible for ensuring that such processing is carried out properly. If we act as a processor, the purpose and means of processing are determined by another entity that holds your personal data as the controller. This may include your business partners who instruct us to process your personal data.
We may also disclose your personal data to other entities acting as controllers, for example, in connection with fulfilling a contract with you—such as our partners involved in that fulfilment. Your personal data may also be disclosed to third parties if required by law (e.g., law enforcement authorities, courts), or if disclosure is necessary to protect the rights of the controller, or for delivering written communication.
We also use the services of other data processors, who process personal data solely based on our instructions and for the purposes described above.
Such processors include, in particular:
In the course of transferring Personal Information to other controllers or processors mentioned above, we may also transfer your personal data to third countries outside the European Union that do not ensure an adequate level of personal data protection. Any such transfers will only be carried out if the respective processor agrees to comply with the Standard Contractual Clauses issued by the European Commission, available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.
We also use a company The Constant Company, LLC (the “Server provider“) in the US for location of our servers next to the servers in EU, for double protection and security of data by being located simultaneously into two continents. We signed with the Server provider Standard Contractual Clauses issued by the European Commission, altogether with data protection agreement to fulfil all necessary legal obligations required for processing of personal data outside the European Union.
We are committed to ensuring that the personal information collected in the course of you accessing or using any of our Offerings is protected against loss, theft and unauthorized access. This protection applies in relation to information stored in both electronic and hard copy form, and access to collected personal information is restricted to selected employees, representatives and third parties as described above.
The entire site runs on a secure HTTPS protocol, including the user section and the payment gateway. Each API request is signed/encoded by the user’s private "Secret Key" which is not sent in the API request. Even if an API key leak occurs, your account is safe and your account can’t be abused by an attacker. Please keep your Secret key safe and don’t share with anyone unauthorized.
All passwords are encrypted in the database and therefore no one from Vincario knows and cannot decrypt the passwords. For a lost or forgotten password, continue resetting your password and creating a new one.
While we take commercially reasonable measures to protect your information, no system can be 100% secure. In the event of a data breach involving California residents, we will notify affected individuals in accordance with California Civil Code §§ 1798.29 and 1798.82 and may notify regulators, where applicable.
The Website may offer links to third party websites. You should be aware that operators of linked websites may also collect your personal information (including information generated through the use of cookies) when you access their websites. We are not responsible for how such third parties collect, use or disclose your personal information, so it is important to familiarize yourself with their privacy policies before providing them with your personal information.
Just as we have rights and obligations when processing your personal data, you also have certain rights in this regard. These include:
If we collect your consent, it is entirely voluntary, and you are not obliged to provide it.
Refusing or withdrawing consent for any of the purposes listed above will not affect our ability to send you business or marketing communications based on our legitimate interest.
You may withdraw your consent at any time by sending an email to or by taking any other action that clearly indicates your wish to withdraw consent. The request must be sent from the email address we have on file to verify your identity.
Upon withdrawal of consent, we will assume that you no longer wish us to process your personal data for marketing purposes, including any previously granted general or specific marketing consents. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you wish to withdraw your consent at any time, please contact us using the contact information provided in the “Contact Us” section of this Privacy Policy. We will inform you of the implications of withdrawing consent.
Withdrawal of consent does not affect the legality of processing carried out before the withdrawal.
You have the right to know what personal data we process about you, for what purpose, for how long, where we obtained it, to whom we disclose it, who else processes it, and what other rights you have.
If you are unsure which personal data we process, you may request confirmation of whether we process your personal data, and if so, you have the right to access it.
You may also request a copy of the personal data we process. The first copy is provided free of charge; additional copies may be subject to a fee.
If you find that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or supplemented without undue delay.
In certain cases, you have the right to have your personal data erased. We will delete your personal data without undue delay if any of the following conditions are met:
This right does not apply if the processing of your personal data remains necessary for the protection of our legal interests and internal records, as described in this notice.
In certain cases, you may exercise the right to restrict processing instead of erasure. This allows you to request that your personal data be marked and not subject to further processing operations—though only for a limited time. We must restrict processing when:
You have the right to obtain all personal data you have provided to us, which we process based on your consent or for contract performance.
We will provide your data in a structured, commonly used, and machine-readable format.
This applies only to data processed automatically in our electronic databases.
You have the right to object to the processing of personal data based on our legitimate interest. If the objection concerns marketing activities, we will stop processing your personal data immediately. In other cases, we will stop processing unless we have compelling legitimate grounds to continue.
You may object to processing for the following purposes:
Exercising the above rights does not affect your right to lodge a complaint with the relevant supervisory authority. You may do so especially if you believe that your personal data is being processed unlawfully or in violation of applicable legal regulations. Complaints may be submitted to the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
California users have rights outlined in the “Your U.S. State Privacy Rights” section.
This section provides California residents with additional information regarding our collection, use, and disclosure of their personal information that supplements the disclosures in our Privacy Policy above. This section uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations.
We collect the personal information detailed in the “What Personal Information We Collect” section above. This information includes the following categories of personal information as defined under California law:
If you are a California resident, your personal information is processed in accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). We do not rely on consent to process your personal information under California law, but you have the right to limit certain uses and to opt out of the sale or sharing of your personal information. To exercise these rights, please contact us at . You may also opt out by clicking the “Do Not Sell or Share My Personal Information” link on our Website.
The personal information we process varies based on our relationship and interactions with you. We may disclose the categories of personal information described above for the business purposes outlined in the Privacy Policy. The recipients to whom we may disclose your personal information (and that may have received such information during the last 12-months) for business purposes include: our affiliates and subsidiaries; order processing, fulfillment, shipping, and logistics vendors; payment processors and financial institutions; analytics and research vendors; information technology vendors; fraud prevention and security vendors; vendors supporting legal, compliance, accounting, audits and other internal functions; and certain marketing and advertising vendors. Third parties may process information about your online activities for advertising or analytics. This may count as “sharing” under CCPA/CPRA, so you can opt out by clicking the “Do Not Sell or Share My Personal Information” link on our Website.
We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including for cross-context behavioral advertising. Accordingly, we do not act on Global Privacy Control (GPC) signals. Vincario does not disclose, sell, share, or rent your personal information to third parties in exchange for money or compensation. Further, we do not “sell” or “share” sensitive personal information, nor do we “sell” or “share” any personal information about individuals who we know are under the age of 16.
Below is an overview of categories of third parties with whom we share your information and the categories of personal information they receive.
California residents have the following rights with respect to their personal information:
To exercise rights, contact us at .
Shine the Light. Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. To submit a “Shine the Light” request via email us at and include in your request a current California address and your attestation that you are a California resident.
Similar rights to rights of California residents apply under Virginia, Colorado, Connecticut, and Utah statutes. Please contact us at to exercise any such rights.
We reserve the right to modify this Privacy Policy at any time without notice for any reason, including to reflect changes in legal or regulatory obligations or changes in the manner in which we deal with personal information. The Privacy Policy posted at any time or from time to time via this Website will be deemed to be the Privacy Policy then in effect.
You can help us maintain the accuracy of your personal information by notifying us of any changes to this information. You may contact us to request access to or correction or update of your personal information using the contact information provided in the “Contact Us” section of this Privacy Policy.
In the event that you have any questions about this Privacy Policy or if you have reason to believe that we may have failed to adhere to this Privacy Policy, you may contact us on email:
We will handle your request without undue delay, but no later than within one month. In exceptional cases, particularly due to the complexity of your request, we are entitled to extend this period by an additional two months. If such an extension occurs, we will inform you of the extension and the reason for it.
This Privacy Policy is effective as of 2025-10-12
