Privacy Policy Kaffee-Konzepte

1) Introduction and contact details of the person responsible


1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 Responsible for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Kaffee-Konzepte GmbH & Co. KG, Am Dreilingsberg 15, 23570 Lübeck (Travemünde), Germany, Tel.: +49 4502 - 7709 059, Fax: +49 4502 - 7709 058, E-mail: info@kaffeekonzepte.de. The person responsible for the processing of personal data is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.

 

2) Data collection when visiting our website

2.1 When using our website for information purposes only, i. e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

 

  • Our website visited
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source / reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if necessary: ​​in anonymous form)

Processing takes place in accordance with Art. 6 (1) (f) f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e. g. orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the string "https: //" and the lock symbol in your browser line.

 

3) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow us to save your website settings (so-called "persistent cookies"). In the latter case, you can find information about the storage duration in your web browser's cookie settings. If any of the cookies we use also process personal data, this processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract, in accordance with Article 6(1)(a) GDPR if you have given your consent, or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in ensuring the best possible website functionality and a user-friendly and effective website experience. You can configure your browser to notify you when cookies are being set, allowing you to decide whether to accept them individually, or to block cookies in certain cases or entirely. Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact us

When you contact us (e.g., via contact form or email), we process your personal data solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) GDPR. If your contact relates to a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted when it is clear from the circumstances that the matter has been resolved and provided that no statutory retention obligations apply.

 

5) Data processing when opening a customer account and for contract processing

In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for account opening is indicated in the input fields of the corresponding form on our website. You can delete your customer account at any time by sending a message to the data controller's address listed above. After your customer account is deleted, your data will be deleted provided that all contracts concluded through it have been fully processed, no statutory retention periods apply, and we have no legitimate interest in continuing to store the data.

6)  Data processing for order processing

6.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be forwarded to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR. If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact details you provided when placing your order in order to inform you personally within the scope of our legal information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of notifying you about updates owed to us and will only be processed by us to the extent necessary for the respective information. Furthermore, we work with the following service provider(s) to process your order, who support us in whole or in part in the performance of concluded contracts. Certain personal data will be transferred to these service providers in accordance with the following information.

6.2 Use of payment service providers (payment services)
- DHL

We use the following shipping provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

In accordance with Article 6 Paragraph 1 Letter a of the GDPR, we will forward your email address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or announcing the delivery, provided you have given your express consent during the ordering process. Otherwise, in accordance with Article 6 Paragraph 1 Letter b of the GDPR, we will only forward the recipient's name and delivery address to the provider for the purpose of delivery. This data is only shared to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can withdraw your consent at any time with effect for the future by contacting the data controller named above or the provider.

- DPD

We use the following shipping provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany In accordance with Article 6 Paragraph 1 Letter a of the GDPR, we will forward your email address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or announcing the delivery, provided you have given your express consent during the ordering process. Otherwise, in accordance with Article 6 Paragraph 1 Letter b of the GDPR, we will only forward the recipient's name and delivery address to the provider for the purpose of delivery. This data is only shared to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can withdraw your consent at any time with effect for the future by contacting the data controller named above or the provider.

- UPS

We use the following provider as our shipping service provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany In accordance with Article 6 Paragraph 1 Letter a of the GDPR, we will forward your email address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or announcing the delivery, provided you have given your express consent during the ordering process. Otherwise, in accordance with Article 6 Paragraph 1 Letter b of the GDPR, we will only forward the recipient's name and delivery address to the provider for the purpose of delivery. This data is only shared to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can withdraw your consent at any time with effect for the future by contacting the data controller named above or the provider.

 

6.3 Use of payment service providers (payment services)
- Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select a payment method from this provider where you pay in advance, your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to them in accordance with Article 6 Paragraph 1 Letter b GDPR. In this case, your data will be transmitted exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. If you select a payment method where we pay in advance, you will also be asked to provide certain personal data during the ordering process (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, details of an alternative payment method).

In order to protect our legitimate interest in assessing your creditworthiness in such cases, we forward this data to the provider for the purpose of a credit check in accordance with Article 6 Paragraph 1 Letter f GDPR. Based on the personal data you provide, as well as other data (such as shopping cart contents, invoice amount, order history, and payment history), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks. The credit report may contain probability values ​​(so-called score values). If score values ​​are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data is among the data used to calculate the score values, but is not the only factor. You can object to this processing of your data at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.


- “SOFORT”

This website offers one or more online payment methods from the following provider: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. If you select a payment method from this provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be transmitted to them in accordance with Article 6(1)(b) GDPR. In this case, your data will be transmitted exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

7) Web Analytics Services

7.1 Matomo

This website uses a web analytics service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”). The service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information. Pseudonymized user profiles can be created and analyzed from this data for the same purpose. Cookies may be used for this. Cookies are small text files that are stored locally in the cache of the website visitor's internet browser. Among other things, cookies enable the recognition of the internet browser. The pseudonymized information generated by the cookie is not used to personally identify the visitor to this website and is not merged with personal data about the holder of the pseudonym. If data is also transferred to the provider's servers and the web analytics service is not installed locally on our server, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. All processing described above, in particular the setting of cookies for reading information on your device, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) GDPR. Without this consent, Matomo will not be used during your visit to our website. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service in the "Cookie Consent Tool" provided on the website. Data will only be transferred to the provider if the service is not hosted on our servers. In the case of self-hosting, no data collected via the service will be transmitted to the provider. If the service is not hosted on our servers, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. For data transfers to New Zealand, an adequacy decision by the EU Commission applies in this case, which attests to compliance with European data protection standards for international data transfers.

 

7.2 PayPal Marketing Solutions

This website uses the web analytics service of the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information, in order to evaluate it for statistical analysis of user behavior on our website and to create pseudonymized user profiles. Among other things, this allows for the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally precludes any direct identification of individuals. This data is not combined with other personally identifiable information collected about you. All processing described above, in particular the reading or storage of information on the device used, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

8) Website Functionalities

- Google reCAPTCHA This website uses the CAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data may also be transferred to: Google LLC, USA. The provider uses "Google Fonts," i.e., fonts downloaded from the internet by Google, for the visual design of the CAPTCHA window. No further information beyond that already transmitted to Google via the reCAPTCHA functionality is processed. The service verifies whether an entry is made by a human or abusively by automated processing and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system used, as well as the date and duration of the visit, and transmits this information to the provider's servers for evaluation. Cookies may be used in this process; these are small text files that are stored in the browser of your device. If the processing described above is based on cookies, they will only be set if you have given us your explicit consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam in accordance with Article 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

 

9) Tools and Other Information

Cookie Consent Tool

This website uses a "cookie consent tool" to obtain valid user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users upon visiting the site as an interactive interface, where consent for specific cookies and/or cookie-based applications can be granted by ticking boxes. By using this tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the boxes. This ensures that such cookies are only placed on the user's device if consent has been given. The tool uses technically necessary cookies to store your cookie preferences. No personal user data is processed in this process. If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in the legally compliant design of our website. A further legal basis for processing is Article 6(1)(c) GDPR. As the data controller, we are legally obligated to make the use of cookies that are not technically necessary dependent on the respective user's consent. Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website. Further legal basis for processing is Article 6(1)(c) GDPR.

 

10) Rights of the Data Subject

10.1 Applicable data protection law grants you the following rights as a data subject (rights of access and intervention) with regard to the processing of your personal data by the controller. The legal basis for exercising these rights is specified below:

  • Right of access pursuant to Article 15 GDPR;
  • Right to rectification pursuant to Article 16 GDPR;
  • Right to erasure pursuant to Article 17 GDPR;
  • Right to restriction of processing pursuant to Article 18 GDPR;
  • Right to be informed pursuant to Article 19 GDPR;
  • Right to data portability pursuant to Article 20 GDPR;
  • Right to withdraw consent pursuant to Article 7(3) GDPR;
  • Right to lodge a complaint pursuant to Article 77 GDPR.

 

10.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS IN OUR PREVIOUS LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING.

YOU MAY OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.

 

11) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data based on explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data in question will be stored until you withdraw your consent. If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, unless it is still required for the performance of a contract or for taking steps prior to entering into a contract and/or we have a legitimate interest in its continued storage.

When processing personal data based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims. When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR. Unless otherwise specified in this privacy policy regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.