Effective Date: June 5, 2025
Last Updated: July 11, 2025

Vintory, LLC (“Vintory”, “we”, “our”, “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy (“Privacy Policy”) explains how we collect, use, store, share, and protect your personal data when you visit or use [website] (the “Website”).

We are committed to transparency and accountability in the collection and use of personal information. This Policy is compliant with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), Virginia Consumer Data Protection Act (CDPA), Maryland Personal Information Protection Act (MPIPA), and the New York SHIELD Act.

Table of Contents

• Information We Collect.
• Purposes of Data Collection.
• Cookie Policy.
• Payment Processing.
• Retention Policy.
• Disclosure, Sale, or Sharing of Information.
• Data Sales.
• Consumer/User Rights.
• Data Retention.
• Security Measures.
• International Transfers.
• Children’s Data.
• Data Security and Protection Practices.
• Policy Updates.
• Documentation and Accountability.

By using the Website, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect.

Information you provide to us.
Personal Information directly from you from account creation, surveys, forms, purchases, or communications:

• Name
• Company name and job title
• Contact information (address, phone, email)

Automatically via cookies and tracking tools.
Our service providers, business partners, third-party data providers, and social media platforms may automatically log information about you, your computer, and activity occurring on or through the services. The information that may be collected automatically includes:

• Your computer type and version number, manufacturer, model, and device identifier
• IP address and geolocation
• Browser/device type, OS, referral URLs, and timestamps
• Website usage data and interactions
• Social media identifiers if you sign in via a third party (Google, LinkedIn, etc.)

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies, and our emails may also contain web beacons.

This type of information may be collected over time and across third-party websites.

Public Records.
We may collect personal information from publicly available sources. This includes, but is not limited to, public records such as business registrations, professional licenses, government filings, real estate records, and other legally accessible public databases. We use this information to enhance our services, verify user credentials, support analytics, and provide accurate business insights.

Purposes of Data Collection.

We may use the personal data we collect for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

• Fulfillment of services and customer support
• Improvement and optimization of the user experience
• Account management and personalization
• Communications and marketing
• Analytics and business intelligence
• Compliance with legal obligations
• Security and fraud prevention
• To sell to unaffiliated third parties for their own commercial use

Cookie Policy.

Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of the Service and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit https://www.allaboutcookies.org.

Upon first visit, you will be presented with a cookie consent banner that allows you to:

• Accept all cookies
• Reject all non-essential cookies
• Customize your cookie preferences
• Deny the ability for us to sell your information
• You can modify your preferences anytime via the cookie settings link in the Website footer. For more on cookies, visit [link].
• Consent and Opt-Out. You may withdraw consent or opt out of marketing, data sharing, or profiling at any time via: Email to [email protected]

Payment Processing.

When you make a purchase through our services, we collect payment information necessary to process your transaction. This may include your name, billing address, and credit card or other payment details.

We use third-party payment processors to securely process these transactions. Our primary payment processor is Maxio Payments. This service provider is authorized to use your payment information only as necessary to provide payment processing services to us.

We do not store full credit card numbers on our servers. All payment information is securely handled by our processor in accordance with Payment Card Industry Data Security Standards (PCI-DSS).

Please refer to the privacy policies of Maxio Payments for more information about how they handle your personal information: https://www.maxio.com/privacy-policy

Retention Policy.

We retain personal information only for as long as there is a legitimate business or legal need to do so. This includes maintaining records for tax, accounting, regulatory, contractual, or audit purposes. When such needs no longer exist, we securely delete, anonymize, or otherwise render the personal data inaccessible in accordance with our data retention protocols and applicable law.

Disclosure, Sale, or Sharing of Information.

We may disclose, sell, or share personal information with unaffiliated third parties, partners, and vendors in the following contexts:

• With advertising and analytics providers (e.g., Google, Microsoft, Facebook)
• With technology providers (e.g., Hubspot, Stripe)
• With affiliated business entities or partners for operational or marketing purposes
• With clients who benefit from our data-matching or aggregation services
• With public or private entities if the data was sourced from publicly available records (“Public Data”), such as business directories, professional licenses, and other legally accessible databases
• With government authorities or law enforcement when required by law
• As part of a corporate transaction such as a merger, acquisition, or asset sale

Data Sales.

We may sell business contact information that you have provided to us or that we have sourced from Public Data. Under applicable law, this may include information such as your name, professional title, business address, and email if publicly accessible.

If you would like to opt out of the sale or sharing of your personal information or limit the use of your sensitive personal information, you may do so by emailing our Data Protection Officer at [email protected] with your specific request.

Consumer/User Rights.

Under the GDPR, CCPA, New York SHIELD Act, Virginia Consumer Data Protection Act (VCDPA), and Maryland Online Data Privacy Act (MODPA), you are entitled to specific rights regarding your personal data. These laws are designed to give you greater control over how your information is collected, used, and shared. The rights available to you may vary depending on your jurisdiction. Below is a breakdown of these rights by regulation:

CCPA Rights (California residents)

• Right to know what data is collected, sold, or disclosed
• Right to delete personal information
• Right to correct inaccuracies
• Right to opt out of sale/sharing
• Right to non-discrimination for exercising privacy rights
• Right to limit use and disclosure of sensitive personal information (e.g., social security number, financial account information, geolocation data)

GDPR Rights (EU/UK residents)

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to appeal of consumer rights request
• Rights regarding automated decision-making (including profiling)

VCDPA Rights (Virginia residents)

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects
• Right to appeal a denial of a privacy rights request

MODPA Rights (Maryland residents)

• Right to confirm whether personal data is processed
• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt out of the sale of personal data, targeted advertising, and profiling
• Right to appeal a denial of rights request
• Right to be informed about any profiling or processing using sensitive personal data

New York SHIELD Act Rights (New York residents)

• Right to be notified of unauthorized access or data breaches involving personal information
• Right to know what security measures are in place to safeguard data
• Right to request that companies maintain reasonable administrative, technical, and physical safeguards to protect personal data
• Right to file a complaint with the New York Attorney General for violations of data security obligations

Depending on your location, other state or national privacy laws may also apply. These laws may grant you similar rights concerning your personal information. Where applicable, we will honor such rights upon request. To exercise any of these rights, email: [email protected]. Requests will be confirmed within the timeframes required by law. You may be required to verify your identity.

Security Measures.

We employ reasonable physical, electronic, and managerial procedures, including use of third-party services to protect your data. However, no system is 100% secure. You submit data at your own risk.

International Transfers.

If you are outside the U.S., your information may be transferred to and processed in the U.S. where data protection laws may differ. We use Standard Contractual Clauses or rely on your explicit consent where required. You may request a copy of the Standard Contractual Clauses by contacting us at [email protected].

Children’s Data.

We do not knowingly collect or sell personal data from individuals under the age of 16. Parents may contact us to request deletion of minor’s data.

Data Security and Protection Practices.

We implement industry best practices to safeguard your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include physical security protocols, administrative controls such as employee training and internal policies, and technical protections like encryption, firewalls, and strict access controls. All third-party data processors we engage are contractually required to adhere to equivalent or stronger data protection standards to ensure the confidentiality and integrity of your information. We use physical, administrative, and technical safeguards including encryption, firewalls, access controls, and employee training. Data processors are bound by strict security obligations.

We follow cybersecurity best practices to protect personal data from unauthorized access, disclosure, alteration, and destruction, in line with the requirements of the New York SHIELD Act and global standards.

Policy Updates.

This policy is reviewed and updated annually. You will be notified of material changes via:

• Prominent notice on our homepage

Documentation and Accountability.

We maintain internal records of data processing activities and user consents in accordance with GDPR Article 30 and SHIELD Act standards. Documentation is available upon regulatory request.

Questions?

Contact: Data Protection Officer at: [email protected] or by mail at:

Data Protection Officer
1103 Somerset Place
Lutherville, MD 21093