GDPR Compliance
Last updated: February 28, 2026
OENARI is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU 2016/679).
Data Controller
OENARI is the data controller for personal data processed through the OENARI mobile application.
- Email: support@oenari.com
- Location: Gothenburg, Sweden
Legal Basis for Processing
We process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract (Art. 6(1)(b)) |
| Wine cellar management and tasting notes | Performance of contract (Art. 6(1)(b)) |
| Community features (ratings, likes, follows) | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal obligations | Legal obligation (Art. 6(1)(c)) |
Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access (Art. 15)
You can view all your personal data at any time through the App. For a complete data export, contact support@oenari.com.
Right to Rectification (Art. 16)
You can correct your personal information by editing your profile and cellar data directly in the App.
Right to Erasure (Art. 17)
You can delete your account and all associated personal data through the App (Profile → Delete Account). This action is permanent and irreversible.
Right to Restriction of Processing (Art. 18)
You may request restriction of processing by contacting support@oenari.com.
Right to Data Portability (Art. 20)
You may request a copy of your data in a machine-readable format by contacting support@oenari.com.
Right to Object (Art. 21)
You may object to processing based on legitimate interest by contacting support@oenari.com.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time by deleting your account.
Data Processing
What We Process
- Account information (name, email)
- Wine cellar and tasting data
- Community interactions (likes, ratings, follows)
- Uploaded photos
Where Data Is Stored
All data is stored on Supabase servers hosted within the European Union, ensuring compliance with GDPR data residency requirements.
Data Retention
- Personal data is retained while your account is active
- Upon account deletion, personal data is permanently removed
- Anonymized, aggregated data (community scores) may be retained as it does not constitute personal data under GDPR
Sub-processors
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU |
| Google (optional) | Social sign-in | EU/US (Standard Contractual Clauses) |
| Expo / EAS | App distribution | US (no personal data transferred) |
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected users without undue delay
- Document the breach and remediation measures taken
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Swedish Authority for Privacy Protection (IMY) Integritetsskyddsmyndigheten Box 8114, 104 20 Stockholm, Sweden imy.se
Contact
For any GDPR-related requests or questions:
- Email: support@oenari.com
- Response time: We will respond to all requests within 30 days