We are committed to respect your privacy by complying with all applicable data protection laws and regulations, including but not limited to General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Strauss Coffee BV (hereinafter: “Strauss”) acts as data controller in relation to this website strausscoffee.com (hereinafter: the “Website”). Strauss is a Dutch company with its headquarters in 2 Prof. J.H. Bavincklaan 1183 AT Amstelveen, registered with the Dutch Chamber of Commerce under no. 24196661. For more information regarding Strauss, please click here.
Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Personal data do we process, for what purposes and on what legal grounds?
In the process of operating this Website, Strauss will collect certain information (“personal data”) relating to identified natural persons or which can identify natural persons, which are provided by the users of this Website directly (e.g. name, location, e-mail address, telephone number) or indirectly (e.g. IP Address, preferences, behavior on the website).
When you are visiting the Website, Strauss is using cookies to automatically collect technical information that could identify the user, such as the IP address, the type of internet browser used for navigating our website, your operating system, domain name or domain host through which the user is browsing the website.
1.2. Answering your questions, requests or complaints
Strauss will process your personal data, such as name, location, e-mail address, telephone number and any other information or details you may provide us with in the correspondence, in order to address and answer your queries, complaints or requests, depending on the communication channel you are contacting us.
This processing activity is based on our legitimate interest, allowing us to provide answers to your queries, complaints or requests.
1.3. Automated decision making and profiling
The personal data you provided to us and the navigational information referred to herein are subject to automated decision making, including profiling, as follows:
1.3.1. we will retain and evaluate information on your recent visits to the Website and how you move around different sections of the Website for analytics purposes to understand how people use the Website so that we can make it more intuitive;
1.3.2. we will keep a record of the articles on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests, which we have identified based on articles you have read.
We do this in order to maximize your experience with our products and to make available to you personalized offers of your liking. We always rely on your consent for our direct marketing activities.
You can oppose to this anytime by writing at [●].
We do not use profiling or automated decision making on children’s personal data.
2. To whom we disclose your personal data?
For the purposes described in this policy we use the services of various contractors, mainly digital service providers. These contractors process specific categories of personal data on our behalf to help us manage the Website, manage clients’ information and contracts, store data, analyze and organize data.
In order for you to benefit from quality services and products we engage contractors to process data on our behalf. These contractors are bound by confidentiality and other contractual requirements to keep your data safe and secure. With each of these contractors we have contractual agreements which ensure that your personal data is protected and that the processing of personal data is limited to the minimum necessary to perform the contracted services. We make sure that our contractors do not process your data for other purposes than those for which we agreed. We make every effort to ensure that all the entities we are working with are storing your personal data in safe locations and that they implement proper security measures.
Some of the contractors are third parties who are not intended to process the personal data but may have access to it upon fulfilling their tasks or interacting with us, such as technical maintenance companies, financial or legal auditors.
We may also provide personal data to third parties in the following situations:
- to public authorities, auditors or institutions competent to exercise inspections on Strauss, which may ask us to provide information, based on their legal obligations. Such public authorities or institutions may be relevant data protection authorities or authorities for consumer protection;
- to comply with a legal requirement or to protect the rights and assets of Strauss or other entities or people, such as courts of law;
- to third parties’ acquirers, if Strauss’ business would be subject to a change of control or other similar procedure or acquisition and your personal data would be part of the transaction.
3. Transfer of personal data abroad
In the context of the activities described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”).
Strauss hereby informs you that any transfer performed in an EU or EEA member state will observe the legal requirements laid down by the GDPR. In what concerns transfer to states that do not provide adequate protection for the processing of personal data, Strauss will use the following mechanisms for ensuring the safeguards required by the GDPR: standard clauses that can be obtained from Strauss.
4. For how long do we store your personal data?
We will store your personal data only for the period of time necessary to achieve the processing purposes set out above, also by observing the legal requirements in force. In case Strauss will ascertain that it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be properly informed on this.
We estimate that the processing activities detailed above will require storing the personal data for the following periods:
1 year/ session
Answering to your questions, requests or complaints
Automated decision making and profiling
1 year or until the consent is withdrawn
After the duration of the processing indicated above expires and Strauss no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymizing, destroying it.
5. Processing of data of children under the age of 16
All personal data processing presented herein refers exclusively to persons that are at least 16 years old. The use of the systems, as well as the results of the processing is forbidden to children under this age without the consent of their parents/tutors. In case despite our reasonable efforts to prevent it, such processing occurs, we will cease it upon noticing the fact that the users are under the age mentioned above.
6. Security of the data processing
Strauss hereby informs you that it constantly evaluates and upgrades the security measures implemented as to ensure a secure and safe personal data processing.
7. Rights of the data subjects
Within the context of the processing of your personal data, you have the following rights:
- a) The right of access to the processed personal data: you have the right to obtain a confirmation whether or not your personal data are being processed, and, if affirmative, to have access to the type of personal data and to the conditions of processing, by addressing a request in this respect to the data controller;
- b) The right to request the rectification or erasure of personal data: you have the possibility to request, by sending a request in this respect to the data controller, the rectification of inaccurate personal data, the supplementation of incomplete data or the erasure of your personal data in case (i) the data are no longer needed for their original purpose (and no new lawful purpose exists), (ii) the lawful basis for the processing is the data subject’s consent, the data subject withdraws that consent, and no other lawful ground exists, (iii) the data subject exercises the right to object and the controller has no overriding grounds for continuing the processing, (iv) the data have been processed unlawfully, (v) erasure is necessary for compliance with EU law or Romanian law, or (vi) the data were collected in connection with the informational society services offered to children (if the case), where specific requirements regarding consent are applicable;
- c) The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, however you don’t want us to erase your personal data, but to restrict the use of data; (iii) in case the data controller no longer needs your personal data for the above-mentioned purposes, but you are requiring the data for establishing, exercising or defending a legal claim or (iv) you have objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject;
- d) The right to withdraw your consent for processing, when the processing is based on consent, without affecting the lawfulness of processing undertaken until that moment;
- e) The right to object to the data processing on grounds relating to your particular situation, when the processing is based on legitimate interest and to object at any moment to the data processing for direct marketing purposes, including profiling;
- f) The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner;
- g) The right to data portability, meaning the right to receive your personal data, which you provided to the data controller in a structured, commonly used and machine-readable format and the right to transfer those data to another controller, if the processing is based on your consent or the performance of a contract and is undertaken by using automatic means;
- h) The right to file a complaint with the competent Data Protection Authority and the right to address to the competent courts of law.
The exercising of the above rights may be performed at any time. For using these rights, we encourage you send us a written notice, dated and signed or in electronic format at the following address: 2 Prof. J.H. Bavincklaan 1183 AT Amstelveen or by email at [email address to be inserted].
9. Contact us
You may address any questions regarding this document to the Data Protection Officer who may be contacted using the following contact details: