Privacy Policy
This policy regulates the processing of personal data that users provide when registering, browsing, or making purchases on this platform, in accordance with Law No. 18,331 on the Protection of Personal Data and Habeas Data, and Law No. 17,250 on Consumer Protection of the Oriental Republic of Uruguay.
Data controller
This site is operated by Chipicop S.A., a Uruguayan corporation that conducts business under the brand Bodegas Punta del Este. References to “we,” “our,” or “us” refer to Chipicop S.A.
1. Applicable principles
Our data processing is based on the principles of lawfulness, truthfulness, purpose, prior and informed consent, security, confidentiality, and proactive responsibility established by Law No. 18,331. Furthermore, in accordance with Article 29 of said law, all personal databases we maintain shall be duly registered in the registry enabled by the URCDP, with the technical data, purpose, and access required by the regulations.
2. Data we collect
We may collect, as applicable: Identification and contact information: name, surname, identification document (when required), email address, phone number, shipping/billing address. Transaction and payment information: purchase and booking history, receipts, billing details, and the secure token provided by the payment provider (we do not store complete card data). Technical/usage data: IP address, device identifiers, access logs, cookies, and similar technologies. Additional data: information required to manage bookings (e.g., date of birth, preferences needed for the contracted service). Some data is essential to complete a booking or purchase. If not provided, we will be unable to finalize the transaction.
3. Purposes of data processing
The data collected will be used for: Managing user accounts, bookings, and purchases. Processing payments and issuing invoices. Sending confirmations, modifications, or communications related to the booked experience. Addressing inquiries, claims, or support requests. Analyzing aggregated site usage to improve the platform and services. Sending promotions, updates, or commercial communications, only if the user expressly authorizes it (consent).
4. Legal basis for processing
The legal bases for data processing are: The user’s free, prior, express, and informed consent. The execution of the booking or purchase contract. Compliance with legal obligations (fiscal, accounting, consumer protection). Legitimate interest in protecting the platform, preventing fraud, and improving services. Consent may be revoked at any time, without affecting the lawfulness of processing carried out prior to revocation.
5. Sharing data with third parties / data processors
We may share data with third parties acting as data processors, such as: Payment processors and financial institutions. Hosting and cloud storage services. Email, marketing, or support platforms. Logistics providers related to the booking. These third parties are contractually obligated to ensure confidentiality, security, and limited use of the data according to our instructions. We do not sell personal data.
6. International data transfers
If data is stored or processed outside of Uruguay, such transfers will only occur if adequate safeguards are in place (standard contractual clauses, recognized levels of protection, or other authorizations in accordance with URCDP regulations).
7. Security and incident management
We implement technical and organizational measures (encryption, access controls, backups, monitoring) to protect data against unauthorized access, alteration, loss, or misuse. In the event of incidents that could affect users’ rights, we will notify the URCDP and affected users within the legal deadlines.
8. User declarations and profiling
The user guarantees that the data provided is truthful, accurate, complete, and up to date, and agrees to keep it that way. With explicit consent, we may: Analyze how the user interacts with the platform (pages viewed, language, device, duration). Receive demographic or behavioral data from third parties (Google, social networks) to build aggregated interest profiles. Use these profiles to personalize experiences or communications, without individually identifying the user without express authorization.
9. Digital bookings (QR code + tracking number)
When an experience booking is confirmed, the user will receive a confirmation only by email, containing a QR code and a tracking number that identify the transaction. In such cases: Law No. 18,331 and complementary regulations will apply. We may share data with third parties when necessary to coordinate the experience, access, logistics, or comply with legal obligations. We may store: full name, identification document, address, phone number, date of birth, gender, and email address. We do not store complete financial payment data; we only manage the secure token issued by the payment gateway. Data will be processed with appropriate security measures to ensure confidentiality and integrity.
10. Minor / age limit
To use the platform, the user must be at least 18 years old. Minors are not permitted to register without parental or guardian authorization. If we identify an unauthorized minor user, we may suspend or delete their account and bookings.
11. Marketing / commercial communications consent
Commercial communications (promotions, updates) will be sent only with the user’s explicit and verifiable consent. We may use mechanisms such as double opt-in or email confirmations to validate this consent. Each message will include a clear and cost-free unsubscribe link.
12. Specific offer terms / contractual limits
Each experience offered on the platform is subject to its own specific terms (schedules, cancellations, requirements). This Privacy Policy does not modify or replace those specific terms. The user acknowledges that those specific terms apply and that this policy operates separately.
13. Disclaimer for misuse or force majeure
We shall not be liable for situations beyond our reasonable control, such as server technical failures, third-party interruptions, force majeure events, or acts of third parties, in relation to data processing, provided we have taken reasonable measures to prevent harm and restore services.
14. Data subject rights
The user may exercise the rights recognized by Law 18.331: Access to the personal data we hold. Rectification, updating, or inclusion of incorrect, incomplete, or outdated data. Deletion of data when it is no longer necessary or when consent is revoked. Part of these rights can be exercised directly through your user profile, based on available functionality. For other requests, you may send a message to our contact email, providing proof of identity. We will respond within a maximum of 5 business days.
15. Use of cookies
This site uses cookies for the following purposes: To maintain the user’s active session. To remember language and preferences. To facilitate the checkout / shopping cart flow. To collect aggregated metrics on navigation and usage. Users may configure their browser to reject or delete cookies; however, some features may not function properly as a result.
16. Data retention
Data will be retained for as long as necessary to fulfill the purposes stated herein and to comply with legal obligations. Once this period expires, it will be securely deleted or anonymized.
17. Truthfulness and updating
The user declares that the data provided is true, complete, and up to date. They agree to inform us of any changes and may request corrections when they detect errors.
18. Modifications to this policy
We may modify this Policy due to legal, technological, or operational changes. The current version will always be published on the website. Continued use of the platform constitutes your acceptance of such modifications.
19. Governing law and jurisdiction
This Policy is governed by the laws of the Oriental Republic of Uruguay. Any dispute arising from its interpretation or application shall be submitted to the ordinary courts of Montevideo, unless otherwise provided by law.