1. Introduction

This GDPR Addendum explains how Lesotho Wine complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) when processing personal data of individuals located in the European Union.

This Addendum forms part of and must be read together with our Privacy Policy.

2. Scope of This Addendum

This Addendum applies where we process personal data of individuals in the European Economic Area (EEA), including interactions such as:

  • Visiting our website
  • Subscribing to newsletters or marketing communications
  • Purchasing tickets, wine, or merchandise
  • Engaging with our Wine Club
  • Interacting with our advertising or analytics systems

3. Data Controller

For GDPR purposes, Lesotho Wine acts as the Data Controller for personal data collected through our platforms and services.

4. Personal Data We Process

We may process the following categories of personal data:

  • Identity data (name, surname)
  • Contact data (email address, phone number)
  • Transaction data (purchases, ticketing, subscriptions)
  • Technical data (IP address, device information, browser type)
  • Usage data (website interaction, page visits, engagement)
  • Marketing preferences and communication data
  • Event participation and attendance data

5. Purpose of Processing

We process personal data to:

  • Provide and manage our services and products
  • Process orders, ticketing, and Wine Club subscriptions
  • Communicate with users regarding transactions and support
  • Send marketing communications (where consent is given)
  • Improve website functionality and user experience
  • Conduct analytics and performance tracking
  • Ensure security and prevent fraud
  • Comply with legal obligations

6. Legal Bases Under GDPR

We rely on the following legal bases for processing personal data:

  • Consent (e.g. email marketing, cookies where applicable)
  • Contractual necessity (order fulfilment, ticket sales, subscriptions)
  • Legal obligation (tax, accounting, regulatory compliance)
  • Legitimate interests (service improvement, fraud prevention, analytics, marketing optimisation)

7. Your Rights Under GDPR

If you are located in the EU, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion of your personal data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority in your country

Requests can be made using the contact details provided below.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Website functionality
  • Analytics (e.g. Google Analytics)
  • Advertising and remarketing (e.g. Meta Pixel)
  • Email marketing tracking (e.g. Mailchimp engagement tracking)

Where required by law, we obtain consent before placing non-essential cookies.

9. International Data Transfers

Your personal data may be transferred outside the European Economic Area, including to Lesotho and South Africa, as well as to third-party service providers operating globally.

We implement appropriate safeguards to ensure your data is protected in accordance with GDPR requirements.

10. Marketing Communications

We may send marketing communications where:

  • You have provided explicit consent, or
  • You are an existing customer and applicable GDPR provisions allow it

You may opt out at any time via unsubscribe links or by contacting us directly.

11. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes for which it was collected
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

12. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting and infrastructure
  • Access controls and authentication systems
  • Encryption where appropriate
  • Secure third-party processing agreements

No system is completely secure, but we take reasonable steps to protect your data.

13. Third-Party Processors

We may use third-party service providers, including:

  • Mailchimp (email marketing and communications)
  • Google Analytics (website analytics)
  • Meta Platforms (advertising and tracking)
  • Payfast and Yoco (payment processing)
  • Courier and logistics providers (fulfilment services)
  • Cashless event and POS systems

These providers process data in accordance with their own privacy policies and applicable data protection agreements.

14. Supervisory Authority

If you are in the European Union, you have the right to lodge a complaint with your local data protection authority.

15. Contact Information

Lesotho Wine

Email: info@lesothowine.co.ls
Support: support@lesothowine.co.ls
Phone: +266 2232 4621

Address:
62 Moshoeshoe Road
Industrial Area
Maseru 100
Lesotho