Privacy Policy

Privacy Policy         

                                                                                                                              November 2022

1. General

This privacy policy explains to you the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") on our website and the associated websites, functions, and content, as well as external online presences, such as our social media profile. (hereinafter jointly referred to as the "Online Presence"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulations (GDPR). 

 

2. Responsible authority

The provider of the Online Presence and responsible for data protection is:

 

Coffee perfect GmbH
Netter Platz 1

49090 Osnabrück

Germany

 

 

3 . Legal basis

 

In accordance with art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Data Protection Declaration, the following applies: the legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the execution of contractual measures as well as for replying to enquiries is art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is art. 6 para. 1 lit. f, GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 (d) GDPR applies as the legal basis.

 

4. Security measures

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with art. 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

 

5. Cooperation with data processors and third parties

If we disclose data to other persons and companies (data processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR is required for contract fulfilment), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

6. Transfers to third countries

 

If we process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the particular requirements of art. 44 ff. GDPR are met.. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (called "standard contractual clauses").

7. Access data and log files

We collect data on the basis of our legitimate interests as defined in Art. 6 para. 1 f GDPR regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, report whether the site was successfully retrieved, browser type and version, the user's operating system, the referrer URL (the site visited before coming to our site), the user's IP address, and the requesting internet service provider.

Log file information is stored for a maximum of 90 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence is not deleted until the relevant incident has been ultimately clarified.

8. Hosting service provider,

The hosting of the server for our online offers and website is managed by millepondo services GmbH & Co. KG. Further information is available directly under https://www.millepondo.de/. It has been contractually agreed with millepondo that only rental servers of Hetzner Online GmbH (https://www.hetzner.de) will be used for us. Hetzner owns several data centres in Germany and Finland. A contract has been concluded with millepondo services GmbH & Co. KG  for the processing of personal data (in accordance with the GDPR). 

9. Contact

When contacting us (via contact form or e-mail), the user's details for the processing of the contact enquiry and its handling according to the terms and conditions of this agreement are stored. Art. 6 Para. 1 lit. b. GDPR. User information can be stored in our Customer Relationship Management System ("CRM System"). Information provided by users in contact forms may be stored within the content management system (CMS) WordPress used together with the time of transmission and the IP address of the sender. We delete queries if they are no longer necessary. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, deletion shall take place after their expiry.

10. Performance of contractual services

A) Inventory and contract data

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. used services, name and e-mail address of the customer admin) in order to fulfil our contractual obligations and services acc. to art. 6 para. 1 lit. b, GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. Companies (represented by a customer admin) need to create a customer account to be able to order products and view their orders, invoices, and stored information. During the registration process, the required information will be communicated to customers. Customer accounts are not public and cannot be indexed by search engines. If users have terminated their customer account, their data with regard to the customer account will be deleted, subject to their retention, for commercial or tax reasons, according to art. 6 para. 1 lit. c GDPR. It is up to the users to save their data before the end of the contract if they have given notice of termination. We are entitled to permanently delete all user data stored during the term of the contract.

As part of the registration and use of our online services, we store information required for the registration and product execution and the time of the respective user action. These data are stored on the basis of our legitimate interests, and to protect the user against misuse and other unauthorised use. A passing on of this data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with art. 6 para. 1 lit. c GDPR.

B) Registration in the web portal as customer admin 

To grant you access to our web portal (WebApp), the following company and personal data must be collected. 

  • Company 
  • Title:
  • First name 
  • Surname
  • Email address
  • Company address (street, number, post code and city
  • Country
  • VAT ID number (optional)
  • Different invoice address
  • Title:
  • First name 
  • Surname
  • Email address
  • Team membership
  • Title / Role / Function
  • Short job description
  • Professional Qualification
  • Title:
  • First name 
  • Surname
  • Email address
  • Team membership
  • Title:
  • First name 
  • Surname
  • Email address
  • Company telephone number
  • Designation 

In principle, data will only be stored as long as the online access is desired, i.e. as long as necessary to achieve the purpose. The legal basis is Art. 6 lit. b. GDPR. As soon as paid orders are executed, the following company data must be added:

C) Deposit of information about participants or users in the web portal

The following personal data of participants must be recorded to start products in our web portal (WebApp) for additional participants.

To use the feedback system, the following job-related data must be added:

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The customer admin or a person authorized by the customer can delete participants and thus also their personal data at any time. Results of deleted participants are no longer displayed on the web portal and are no longer available in team profiles. The legal basis is Art. 6 lit. b. GDPR.

D) Events of COFFEE PERFECT

For the planning and execution of events, the organizer requires personal data of participants. Participants agree that their data may be processed and used for the initiation, execution and follow-up of the event.

 

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The legal basis is Art. 6 lit. b. GDPR.

E) Web demo

If you request an appointment for a web demo, we will use your information to contact you and coordinate and arrange an appointment.

 

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The legal basis is Art. 6 lit. b GDPR.

11. Rights of Users and Participants / Transparency Statement

  • You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with art. 15 GDPR.
  • According to art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • In accordance with art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with art. 18 GDPR.
  • You have the right to request the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
  • In accordance with art. 77 GDPR you have the further right to lodge a complaint with the responsible supervisory authority.

 

12. Right of withdrawal and objection

 

You have the right to revoke your consent according art. 7 para. 3 GDPR with effect for the future. Furthermore, you can object to the future processing of your personal data in accordance with art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct advertising purposes.

 

We use temporary and permanent cookies, i.e. small files that are stored on the user's devices (explanation of the term and function, see last section of this privacy policy). In part, cookies serve security purposes or are required for the operation of our online offer (e.g., for the presentation of the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies to measure audience reach and for marketing purposes, about which the users will be informed further down in this Privacy Statement.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, you can deactivate the storage of cookies in the browser settings. Please note that in this case not all functions of the website can be used in full.

 

  1. Deletion of data
  2. Final provisions

The data processed by us will be deleted or their processing restricted in accordance with art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, data stored by us will be deleted at regular intervals, as soon as they are no longer required for their intended purpose, and the deletion does not conflict with any statutory storage obligations. If data are not deleted because their necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

COFFEE PERFECT reserves the right to modify this Privacy Policy at any time to ensure that it complies with the latest legal requirements or to implement changes to the Privacy Policy, such as the introduction of new services or changes to the Website. Any subsequent website access will then be subject to the terms of the new privacy policy.

2025 - Powered by ALEADON