Legal

Privacy Policy

Last updated: 1 January 2026. This policy applies to collectorvault.vip and any associated services operated by COLLECTORVAULT.

1. Who We Are

COLLECTORVAULT ("we", "us", "our") operates the website at collectorvault.vip. We are an education, qualification, and introduction platform for private collectors interested in rare Scottish whisky, fine wine, and prestige champagne.

For the purposes of UK GDPR and the Data Protection Act 2018, COLLECTORVAULT is the data controller in respect of personal data collected through this website.

Data controller contact: privacy@collectorvault.vip

2. What Personal Data We Collect

We collect personal data you provide directly to us through our information request form, contact form, and any exit-intent email capture. This data may include:

• Full name
• Email address
• Phone number (optional)
• Country of residence
• Stated interests in collectible categories
• Acquisition budget range (anonymised bracket)
• Source of funds (anonymised category)
• Collecting experience level
• Acquisition timeline
• Advisory context
• How you heard about us
• Free-text responses to optional questions

We also collect limited technical data automatically when you visit our website, including IP address, browser type, pages visited, and referring URL, for security and analytics purposes.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• Delivering your Collector Guide: To send you the complimentary Private Collector Guide you requested by email.
• Specialist introduction: To share relevant details of your enquiry (name, email, stated interests, and acquisition parameters) with a vetted member of our Private Collectors Network so they may contact you directly.
• Compliance screening: To carry out internal compliance checks in accordance with our obligations. Lead submissions are scored and categorised internally.
• Communication: To send you educational content, market commentary, and updates related to the categories you have expressed interest in, where you have consented to this.
• Analytics and improvement: To understand how visitors interact with our website and improve our services.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Consent (Article 6(1)(a)): Where you have provided explicit consent on our information request form to be contacted regarding your enquiry.
• Legitimate interests (Article 6(1)(f)): For internal compliance, fraud prevention, and website security purposes, where our legitimate interests do not override your fundamental rights.
• Legal obligation (Article 6(1)(c)): Where we are required to retain records for legal or regulatory compliance purposes.

5. Who We Share Your Data With

We share relevant personal data with vetted members of our Private Collectors Network — specialist alternative investment houses and boutiques — for the purpose of making an introduction as you have requested. These parties receive only the data necessary to facilitate that introduction.

We use the following third-party service providers who process data on our behalf:

• SendGrid (Twilio Inc.) — for email delivery of your Collector Guide and follow-up communications.
• Supabase Inc. — for secure database storage of enquiry records in production.
• Vercel Inc. or Netlify Inc. — for website hosting.
• Google Analytics — for website analytics (where enabled).

We do not sell, rent, or otherwise transfer your personal data to any third party for their own marketing purposes.

6. Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Typically:

• Active enquiry records: retained for up to 24 months from the date of submission.
• Disqualified records: retained for 12 months for compliance review purposes, then deleted.
• Records subject to legal hold: retained for as long as required by the applicable obligation.

You may request deletion of your data at any time (see Section 8 below).

7. Cookies

Our website uses cookies — small data files stored on your browser — for the following purposes:

• Essential cookies: Required for the basic functioning of the website. These cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with our website. These are only set with your consent via our cookie banner.
• Preference cookies: Used to remember your cookie preferences.

You may manage your cookie preferences at any time using our cookie banner. Most browsers also allow you to refuse cookies through browser settings.

8. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in respect of your personal data:

• Right of access: To request a copy of the personal data we hold about you.
• Right to rectification: To request correction of inaccurate data.
• Right to erasure: To request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restriction: To request that we restrict processing of your data in certain circumstances.
• Right to data portability: To receive your personal data in a structured, commonly used format.
• Right to object: To object to processing of your personal data based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@collectorvault.vip. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International Transfers

Some of our third-party service providers (including SendGrid and Supabase) operate in the United States. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO or equivalent mechanisms.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, loss, or destruction. Our website uses HTTPS encryption for all data transmission. Access to personal data is restricted to authorised personnel on a need-to-know basis.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact

For any questions about this Privacy Policy or your personal data, please contact:

COLLECTORVAULT — Data Controller
Email: privacy@collectorvault.vip

Note: This Privacy Policy is a template and should be reviewed by a qualified solicitor before go-live to ensure full compliance with UK GDPR, the Data Protection Act 2018, and PECR.