Privacy Policy

Privacy Policy

Last updated: 29 September 2025

We care about your privacy. This Privacy Policy explains what personal data we collect on pittaliwinery.com, why we collect it, how we use it, and your rights under the EU General Data Protection Regulation (GDPR).

Who we are

Pittali Winery
Louveris 33, Agios Theodoros Limassol
Website: https://pittaliwinery.com
Email: info@pittaliwinery.com

For the purposes of applicable data protection laws, Pittali Winery is the data controller for the personal data processed via this website.

What data we collect and why

We collect only what we need to run our website, provide our services (e.g., online shop), and improve your experience.

1) When you browse the website

  • Data: IP address, device/browser type, pages visited, timestamps, referring site, basic diagnostic logs.

  • Purpose: Site operation, security (e.g., blocking spam/abuse), performance and analytics (aggregate).

  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) to run a secure, reliable website.

2) When you place an order (WooCommerce)

  • Data: Name, billing/shipping address, email, phone, order details (products, price, method), and (if provided) account login details.

  • Purpose: Process and fulfill your order, send order updates/receipts, handle returns/support, comply with tax/accounting laws.

  • Legal basis: Contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c)) for record-keeping.

Payment data: We do not store full payment card details on our servers. Payments (if enabled) are processed by our payment provider(s) (e.g., Stripe and/or PayPal). They receive the necessary transaction data directly and process it under their own privacy policies.

3) When you create an account

  • Data: Name, email, (hashed) password, order history, saved addresses.

  • Purpose: Manage your purchases, provide order history, faster checkout.

  • Legal basis: Contract (Art. 6(1)(b)).

4) Contact forms / email

  • Data: Name, email, message content and any information you include.

  • Purpose: Respond to your inquiry and provide support.

  • Legal basis: Legitimate interests (Art. 6(1)(f)) to respond; Contract if your inquiry relates to an order.

5) Comments (if enabled)

  • Data: Comment content, display name, email, IP address, and browser user agent (for spam detection).

  • Purpose: Publish your comment and prevent spam.

  • Legal basis: Consent (Art. 6(1)(a)) for publishing; Legitimate interests (Art. 6(1)(f)) for spam prevention.

If you use Gravatar, an anonymized hash of your email may be sent to Gravatar to check if you use the service. After approval, your profile picture is public with your comment. See Automattic’s privacy policy for Gravatar.

6) Embedded content from other websites

  • Data: As if you visited the other site directly (they may set cookies and track your interaction).

  • Purpose: Show videos, maps, posts, etc.

  • Legal basis: Consent/legitimate interests, depending on the embed and your cookie choices.

  • Note: Your use of embedded content is governed by the third party’s privacy policy.

Cookies

Cookies are small files placed on your device. We use:

  • Strictly necessary cookies for core site functions and security.

  • Functionality cookies to remember preferences (e.g., language).

  • Performance cookies to improve speed and reliability.

  • (Optional) Analytics/marketing cookies only if enabled and, where required, with your consent.

You can control cookies in your browser settings. If a cookie banner is present, use it to manage non-essential cookies.

Who we share your data with (recipients)

We share data only with trusted providers as needed to run the website and fulfill your orders:

  • Hosting & infrastructure: Our web host (e.g., Hostinger or equivalent) and CDN/performance provider (e.g., QUIC.cloud / LiteSpeed) process technical data to deliver the site securely and quickly.

  • Website platform: WordPress (Automattic) and plugins such as WooCommerce (Automattic), Elementor, Polylang, and anti-spam tools process data required for site functionality.

  • Payments: Stripe and/or PayPal (if enabled) receive necessary transaction data to process payments.

  • Email & communications: If we use transactional email or newsletter tools, they will receive your email and message contents (only when you opt-in or contact us).

  • Analytics / security: Services we use for security, fraud prevention, performance, or aggregated analytics may receive technical data (IP, headers, page events). Any analytics that require consent will only run after you accept.

All providers act as processors or independent controllers depending on their service. We have appropriate data processing agreements where required.

How long we retain your data

  • Orders & invoices: Kept for the period required by tax/accounting laws in Cyprus (typically up to 7–10 years).

  • Customer accounts: Kept while your account remains active. You can request deletion; we will retain what we must for legal reasons.

  • Contact messages: Typically up to 24 months, unless needed longer for ongoing support or legal reasons.

  • Comments: Indefinitely (so we can recognize and approve follow-ups automatically).

  • Technical logs: Short retention for security/performance troubleshooting unless a security incident requires longer.

Your rights (EU/EEA including Cyprus)

You have rights over your personal data, including:

  • Access – receive a copy of your data we hold.

  • Rectification – correct inaccurate or incomplete data.

  • Erasure – request deletion where we have no legal reason to keep it.

  • Restriction – limit how we use your data in certain cases.

  • Portability – receive your data in a structured, commonly used format.

  • Object – to processing based on legitimate interests or to direct marketing.

  • Withdraw consent – where processing is based on your consent (this won’t affect prior lawful processing).

To exercise these rights, email info@pittaliwinery.com. We will respond within the timelines set by GDPR.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus) if you believe your rights were violated.

International transfers

Our providers may store or process data outside Cyprus/EU. Where this occurs, we use legal safeguards required by GDPR (e.g., adequacy decisions, Standard Contractual Clauses, or equivalent protections from our providers).

Security

We use appropriate technical and organizational measures to protect your data (TLS encryption, least-privilege access, strong authentication for admin areas, regular updates). However, no system is 100% secure. If we become aware of a data breach likely to result in a high risk to your rights and freedoms, we will notify you and the relevant authority when required by law.

Children

Our website and services are not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to delete it.

Third-party links

Our website may link to other websites. Their privacy practices are their own. Please review their policies.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or security reasons. Updates will be posted on this page with a new “Last updated” date.

Contact

Questions or requests about this policy or your data?

Email: info@pittaliwinery.com
Postal address: Louveris 33, Agios Theodoros Limassol

WordPress-specific notices

Comments
When visitors leave comments, we collect the data shown in the form and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string from your email address may be provided to the Gravatar service to see if you are using it. After approval, your profile picture is visible in the context of your comment. See Automattic’s privacy policy for Gravatar.

Media
If you upload images, avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract location data from images.

Cookies

  • If you leave a comment, you may opt-in to saving your name, email address, and website in cookies for your convenience. These last for one year.

  • Visiting the login page sets a temporary cookie to check if your browser accepts cookies; it contains no personal data and is discarded when you close your browser.

  • When you log in, we set several cookies to save your login information and screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login persists for two weeks. Logging out removes login cookies.

  • If you edit or publish an article, an additional cookie will be saved in your browser (no personal data; indicates the post ID); it expires after 1 day.

Embedded content from other websites
Articles may include embedded content (e.g., videos, images, articles). Embedded content behaves as if you visited the other website directly. Those websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including if you have an account and are logged in to that website.

Who we share your data with
If you request a password reset, your IP address may be included in the reset email.

How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely to recognize and automatically approve follow-up comments. For users who register (if any), we store the personal information provided in their user profile. All users can see, edit, or delete their personal information at any time (except username). Website administrators can also see and edit that information.

What rights you have over your data
If you have an account on this site, or have left comments, you can request an exported file of the personal data we hold about you, including any data you provided. You can also request that we erase personal data we hold about you, except data we must keep for administrative, legal, or security purposes.

Where your data is sent
Visitor comments may be checked through an automated spam detection service.

Notes for transparency about typical services we use

  • Hosting/CDN & performance: Our site uses caching and optimization (e.g., LiteSpeed Cache/QUIC.cloud) to improve speed and security. These providers may process your IP address and request metadata to serve content efficiently and mitigate abuse.

  • Language selection: We use Polylang so you can select your language; a cookie remembers your selection.

  • Design & content building: We use Elementor to build and render pages.

If we enable new features (e.g., newsletters, analytics, or new payment methods), we will update this policy and, where required, seek your consent.

 

Shipping Terms

Age Restriction
 Orders for alcoholic beverages will only be completed if the recipient is over the age of 18.

SHIPPING WITHIN CYPRUS

Orders within Cyprus are shipped via G.A.P. Akis Express. Packages are delivered to the nearest Akis Express pickup point for customer collection.

Pittali Winery will hand your order to the courier within 2–3 business days. Delivery to the pickup point usually requires another 2–3 business days. The estimated total delivery time is therefore 4–6 business days from order confirmation.

Home delivery is not offered. This ensures proper handling and minimizes exposure to heat, sunlight, or unsuitable storage conditions, so that your wine arrives in the best quality.

Shipping costs are calculated at checkout.

For more details, you may contact us at info@pittaliwinery.com or reach Akis Express customer service at 77771777. 

SHIPPING WITHIN THE EU

Pittali Wines are available for shipping to the following EU countries:
 (Austria, Belgium, Bulgaria, Croatia, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden)

Orders are shipped via DHL Express. Pittali Winery will hand your order to DHL within 2–3 business days. Express shipping usually delivers to the destination country within 2–3 business days, with final delivery to the recipient’s address in approximately 2 additional business days. The estimated total delivery time is therefore 4–7 business days from order confirmation.

Shipping costs are calculated at checkout. Any duties, VAT, or other charges applied in the destination country are the responsibility of the recipient.

For more information, contact us at info@pittaliwinery.com or reach DHL directly via their Customer Service. 

Λουβερής 33, Άγιος Θεόδωρος Λεμεσού

+357 96605030

info@pittaliwinery.com

Instagram

© 2025 Pittalis. All rights reserved.