PRIVACY POLICY
Last Updated: December 2, 2025
20 Deep Winery, LLC Privacy Policy
We are committed to protecting your privacy. This Privacy Policy describes how 20 Deep Winery collects, uses, and shares certain personal information from you to improve our products and services. This Privacy Policy explains:
• What information we collect and why we collect it.
• How we use that information.
• How long we keep that information.
• The choices we offer, including how to access, update, opt out, or delete that information.
By submitting information to us and/or using our website, mobile sites, or applications (the “Site”), you agree to the terms and conditions of this Privacy Policy.
Who We Are
Our website address is: https://www.20deep.com
20 Deep Winery, LLC
187 Mendon Ionia Road
Honeoye Falls, NY 14472
(585) 204-7953
info@20deep.com
Scope of Privacy Policy
This Privacy Policy applies when you visit the Site, the websites of any of our affiliated brands, mobile sites, or mobile applications; when you make a purchase from us; subscribe to any of our mailing lists, newsletters, or wine-club programs; sign up for our events; register for our promotions; and when you engage with one of our brand pages on social media platforms including, but not limited to, Facebook, Pinterest, Twitter, or Instagram.
This Privacy Policy does not apply to our employees, employment applicants, suppliers, distributors, or trade contacts except when they are acting in a “customer” capacity. Also, this Privacy Policy does not apply to any data that may be collected through sites, applications, platforms, materials or entities that are not operated by us, even when we may include links or references to those third-party sites. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications.
Any information we collect when you enable or use a third-party application is processed under this Privacy Policy. Information collected by a third party is governed by its privacy policies, and we have no control over, and shall not be responsible for, the third party’s use of your personal information. We encourage you to read the privacy policies of those websites and applications. Our Site may also contain links to social media platforms, and you may be given the choice of connecting to or engaging with one or more social media platforms from this Site. If you choose to do so, then depending upon your social media privacy settings, the personal information that you post, transmit, or otherwise make available on the social media platform may be viewed and/or used by third parties, and we will have no control over such viewing and use. We do not control, and are not responsible for, any use of your information by or through any of the social media platforms. By linking to or engaging with any social media platform, you will be assuming the risk that the information you provide on that platform may be viewed and/or used by third parties for any purposes and agree that we have no control or responsibility for such third party viewing and uses.
What Personal Data We Collect and Why We Collect It
PERSONAL INFORMATION
We may collect certain personally identifiable information (“personal information” or “personal data”) from you, such as:
• Name
• User Name
• Mailing and/or Shipping Addresses
• Telephone Number (including home and mobile phone numbers)
• Date of Birth
• Email Address
• Credit and/or Debit Card Numbers (processed securely through Square—we do not store your full credit card details)
We may also collect other information that we request from you, and that you provide to us. In many cases, such information will be collected directly from you but information may also be gathered from our affiliated brands, third-party sources such as marketing and fulfillment companies, opt-in lists, publicly available data, and other companies and referrals. We may use this information to contact you, and as otherwise permitted by this Privacy Policy.
COMMENTS
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
MEDIA
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
WOOCOMMERCE – STORE DATA
When you visit our site, we’ll track:
• Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
• Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
• Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
We’ll also use cookies to keep track of cart contents while you’re browsing our site.
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our store
• Comply with any legal obligations we have, such as calculating taxes
• Improve our store offerings
• Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
EVENT, VENUE, ORGANIZER, AND ATTENDEE INFORMATION
Through the usage of The Events Calendar and Event Tickets plugins, information may be collected and stored within your website’s database.
If you create, submit, import, save, or publish Event, Venue, or Organizer information, such information is retained in the local database:
• Venue information: name, address, city, country, state, postal code, phone, website, geographical coordinates (latitude and longitude)
• Organizer information: name, phone, website, email
• Event information: website, cost, description, date, time, image
• Attendee information (RSVPs and Tickets): name and email address
• Ticket information: name, email address, and ticket number
• Ticket purchaser information: name, email address, and billing address
To create or register for events, a user must hold a website account on this domain. This information is retained in the local database.
COOKIES
We may also collect certain personal information gathered from you passively through automated means (“other information”), such as the referring URL, your IP address, which browser you used to come to the Site, the country, state or province from which you access this Site, cookie IDs and segment IDs associated with cookie IDs, the pages of our Site that you viewed during your visit, duration and frequency of visit, any search terms entered on our Site, anonymized demographic information, log file data, and/or other anonymous usage statistics.
We collect this other information through cookies, web beacons, navigational and location data, clear gifs, clickstream data, and other similar technologies. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We also may use third-party website analytics tools (such as Google Analytics), that collect information about visitor traffic on our sites and mobile applications, and these third-party service providers may collect certain data from our Site as well. You can set your browser to notify you when a cookie is sent or refuse cookies altogether, but certain features of our website might not work without cookies. We may also use web beacons in emails and newsletters so that we know when such communications have been opened and to otherwise help us tailor our communications to you. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile tracking activities via their device settings.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
ANALYTICS
We use Google Analytics to track website usage and visitor behavior. Google Analytics collects anonymized data about your interactions with our site. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout
Online Advertising and Tracking
We may use third-party advertising networks and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this Site or other websites because we partner with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). We also use Square Marketing to send promotional emails to customers who have opted in to receive marketing communications. You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests by editing or opting out of your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/. You can opt-out of receiving targeted ads on Facebook at https://www.facebook.com/settings/?tab=ads. To exercise your choices with respect to targeted advertising and tracking on your mobile device or browser, we recommend you explore your options to reset, limit or turn off your advertising ID on your particular device.
API Keys
We make use of certain APIs, in order to provide specific features. These APIs may include the following third party services: Google Maps (for venue location display).
How We May Use Your Information
We use your personal data only for specific and limited purposes. We use the information described above to process your requests, wine club orders, and event registrations; communicate with you about our products, services, offers, and events; offer you products and services we believe may be of interest to you; analyze trends and enhance our communications strategies with you; and to improve the quality of our online guest services.
We may also use this information for system administration to diagnose problems with our servers and software or to administer our site.
Who We Share Your Data With and How We May Disclose Your Information
Your personal data or other information may be shared with and used by any of our other affiliated brands, for their direct marketing purposes, in accordance with this Privacy Policy.
WHO ON OUR TEAM HAS ACCESS
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
• Order information like what was purchased, when it was purchased and where it should be sent, and
• Customer information like your name, email address, and billing and shipping information.
• Event and attendee information
Our team members have access to this information to help fulfill orders, process refunds, manage events, and support you.
THIRD PARTY SERVICE PROVIDERS
In certain cases, we may disclose your personal data to third parties under limited circumstances if we conclude that we are required by law or have a good faith belief that access, preservation, or disclosure of such information is reasonably necessary to protect the rights, property, or safety of our winery, our customers, or the public. We do not sell your personal data to third parties.
We may also contract with other companies and individuals to perform certain functions and services, including processing, storing, tracking, and organizing information on our behalf. These third-party service providers may have access to your personal data to perform their functions and to provide services to us. We require our third-party service providers to maintain industry-appropriate security measures to protect your personal information. Such third-party service providers include:
• Square (payment processing and marketing) – When processing payments, some of your data will be passed to Square, including information required to process or support the payment, such as the purchase total and billing information. Please see the Square Privacy Policy for more details.
• Shipping carriers (order fulfillment)
• Google Analytics (website analytics)
If you request a password reset, your IP address will be included in the reset email.
In some cases, we may partner with other companies, affiliates, clients, data vendors and third parties that we’ve carefully chosen to enhance your customer experience, usually through co-branded partnerships, promotions, and wine club experiences. In such cases you may need to opt in with those third-party partners to enable them to market their or other selected third parties’ products and services to you. You will have an opportunity to opt-out of those communications by unsubscribing from any third-party communications you do not wish to receive subject to those third parties’ privacy policies. We may also use non-personal data from these third parties pursuant to their own privacy policies.
We may aggregate your personal data so that the aggregated information does not personally identify you or anyone else. If we combine any non-personal information with personal information, the combined information will be treated by us as personal information as long as it is combined. We may collect, use, and disclose non-personal information for any purpose.
How Long We Retain Your Data
We will retain your personal information for the time period necessary to fulfill the relevant services and purposes outlined above and to maintain our business records, as required by applicable law. We may continue to retain and use aggregated, anonymous data previously collected and/or anonymize and aggregate your personal information.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We will store order information (including name, email address, billing and shipping addresses) as required for tax and accounting purposes. Event and attendee information is retained in the local database indefinitely, unless otherwise deleted.
What Rights You Have Over Your Data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Subject to certain exceptions prescribed by law, you will be given reasonable access to your personal information, entitlement to challenge the accuracy and completeness of the information, and the ability to have it amended or deleted as is appropriate.
If you have an account with us, go to the My Account page on the Site and access your account using your log-in and password. Any changes you make on your account profile page through the Site will be reflected on that same Site (however, it may not be reflected on other sites that we or our affiliated brands operate).
Where Your Data Is Sent
Visitor comments may be checked through an automated spam detection service.
The Events Calendar and Event Tickets plugins do not send any user data outside of your website by default. If you have extended our plugin(s) to send data to a third-party service such as Google Maps, user information may be passed to these external services. These services may be located abroad.
INTERNATIONAL DATA TRANSFERS
If you are a resident of the European Economic Area, we may transfer your personal information to countries outside of the European Economic Area that have different data protection standards, including the United States. Your personal information will be held and processed on 20 Deep Winery, LLC servers in the United States. We take appropriate security measures to keep transferred personal data secure. By using our Site, you consent to international transfer of your personal information and understand that data stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States.
Not Directed to Individuals Under the Legal Drinking Age
Our Site is not intended for people under the legal drinking age of 21. We do not seek or knowingly collect any personal information from or about individuals under the age of 21. If we become aware that we have unknowingly collected personal information from an individual under the legal drinking age, we will make commercially reasonable efforts to delete such information from our database.
Security – How We Protect Your Data
We take appropriate organizational, technical and administrative security measures to protect personal information under our control, including encryption and anonymization. Payment processing is handled securely by Square, and we do not store your full credit card numbers on our servers. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure or is ever completely secure or error-free. Please note that you are responsible for maintaining the confidentiality of any user name or password you use.
To Opt-Out, Change or Delete Your Personal Information
To opt out of receiving electronic marketing communications from us, you may (1) follow the “unsubscribe” instructions contained in any emails you receive, (2) send a blank email with “unsubscribe” in the subject line, to info@20deep.com from the email address you would like removed, or (3) send us a request at the address in the Contact Us section below. We will endeavor to comply with all requests as soon as reasonably practicable as required by applicable law.
You may also view, update, change or delete information as described in the “What Rights You Have Over Your Data” section above. You may also submit updated personal information or deletion requests to us as set out in the Contact Us section below. In your request, please make clear what information you would like to have changed or deleted.
Regardless of your opt-out preferences, there still may be times when we will contact you for administrative reasons, such as those related to an order you placed, an event registration, an inquiry you made, a legally required notice, and so on. Please note that we are not responsible for removing information from or updating information in the databases of third parties with whom we have already shared your personal information.
Privacy Notice for California Residents
This Privacy Notice for California Residents supplements the information contained above in 20 Deep Winery, LLC Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“California Consumers” or “customer”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.
As described above, we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“California personal information”). In particular, 20 Deep Winery, LLC has collected the categories of California personal information described in the “What Personal Data We Collect and Why We Collect It” section above from its customers within the last twelve (12) months. We may use or disclose the California personal information we collect consistent with the “How We May Use Your Information” and the “Who We Share Your Data With and How We May Disclose Your Information” sections above. The CCPA provides California residents with specific rights regarding their California personal information. This section describes California Consumers’ CCPA rights and explains how to exercise those rights.
ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
California Consumers have the right to request that we disclose certain information about our collection, disclosure and use of a customer’s California personal information over the past 12 months. To the extent available, once we receive and confirm a California Consumers’ verifiable request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose:
• The categories of California personal information we collected about the customer.
• The categories of sources for the California personal information we collected about the customer.
• Our business or commercial purpose for collecting California personal information.
• The categories of third parties with whom we share California personal information.
• The specific pieces of California personal information we collected about the customer (also called a data portability request).
• If we disclosed the California personal information for a business purpose, a list of such disclosures and categories of information obtained.
DELETION REQUEST RIGHTS
California Consumers have the right to request that we delete any of the customer’s California personal information that we collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable request (see Exercising Access, Data Portability, and Deletion Rights), we will delete the customer’s California personal information from our records, unless an exception applies.
EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, and deletion rights described above, California Consumers may submit a verifiable request to us by either calling us at (585) 204-7953, or sending an email with the request to info@20deep.com. California Consumers, or an authorized agent, may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must provide sufficient information that allows us to reasonably verify the customer is the individual about whom we collected California personal information or an authorized representative and describe the customer’s request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason in writing. For data portability requests, we will select a format to provide the California personal information in a readily useable format and allow the customer to transmit the information from one entity to another entity without hindrance. We will not charge a fee or refuse to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee or refusal, we will notify the customer of such and, if applicable, provide a cost estimate before completing the customer’s request.
NON-DISCRIMINATION
We will not discriminate against a customer for exercising any of their CCPA rights.
OTHER CALIFORNIA PRIVACY RIGHTS
California Civil Code sections 1798.83-1798.84 give California residents the right to ask us for a notice describing the categories of personal information we share with third parties for their direct marketing purposes. Upon request, we will identify the categories of information shared, and will include a list of the names and addresses of third parties with which it has been shared, for the immediately preceding calendar year. If you are a California resident and would like a copy of this notice, please submit a written request using the contact information set forth below. Please allow 30 days for a response. If your request is received by a different method, please allow 150 days for a response. Please note that we are only required to respond to one request per customer each year.
Furthermore, “Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Do Not Track browser settings or signals.
Contact Us
Any questions or requests you may have regarding our Privacy Policy should be directed via email to info@20deep.com. You can also write us at:
20 Deep Winery
ATTN: Customer Service
187 Mendon Ionia Road
Honeoye Falls, NY 14472
(585) 204-7953
Updates to this Policy
The terms of this Privacy Policy may change from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice on the homepage for a reasonable period of time after such changes are made that this Privacy Policy has been updated, and by changing the “Last Updated” date at the top of this Privacy Policy. We encourage you to check this page periodically for any changes. Your continued use of this Site following the posting of changes to this Privacy Policy will mean you accept those changes.
Use of this Site is governed by, and subject to, the legal notices contained at the Terms of Use. Your use, or access, of the Site constitutes your agreement to be bound by these provisions. IF YOU DO NOT AGREE TO THESE TERMS OF USE YOU MAY NOT ACCESS OR OTHERWISE USE THE SITE.