Privacy Policy - Australia

 

Privacy Policy for the website www.cafeimports.com/australia

 

The responsible handling of your personal data is of particular importance to us. We therefore process personal data in strict compliance with national and European data protection regulations.

This Privacy Policy outlines how we process your personal data and what rights you have under the European data protection law.

 

1. Name and address of the Controller and the Data Protection Officer

 

Responsible controller according to Art. 4 para 7 of the General Data Protection Regulation (GDPR) is

Cafe Imports Australia Pty Limited

26 Bond Street

Abbotsford VIC 3067

E-mail: privacy@cafeimports.com

 

2. Source of the personal data we process

 

We process personal data that we receive from you when you visit our website, including the customer portal.

 

3. Personal data that we process when you visit our website

 

  1. As a matter of principle, we only process personal data that your browser transmits to our server and that is technically necessary to display our website to you and to ensure its stability and security. This includes in particular:
    1. your IP address,
    2. date and time of access,
    3. your browser,
    4. your operating system,
    5. web-page from which the request comes,
    6. amount of data sent.
  2. We use cookies to collect this information from you and store information on your device when you use, access, or otherwise interact with our website. This is technically necessary to grant you the access to our website. For more information on the use of cookies, please refer to section 7.
  3. If you purchase products via our webshop, we process the following additional personal data:
    1. your first and last name,
    2. if applicable, the name of the company you work for,
    3. your or the company’s address,
    4. your phone number and e-mail address and
    5. credit card information.
  4. If you use one of our contact forms, we process the following additional personal data:
    1. your first and last name,
    2. the company you work for,
    3. your or the company’s address and
    4. your phone number and e-mail address.
  5. If you request a log in for our customer portal, we process the following additional personal data:
    1. a contact name (if applicable, your first and last name),
    2. the company you work for,
    3. your or the company’s address,
    4. your phone number and email address,
    5. billing address,
    6. if applicable, freight address,
    7. if applicable, sample/small parcel address and
    8. invoice/sample number.

 

4.  Purpose of and Grounds for data processing

 

We process your personal data for the following purposes based on the following legal grounds:

  • Operation of our website
    We process your personal data in order to operate our website. The legal ground of the processing are our legitimate business interests in accordance with Art. 6 para. 1 lit. f GDPR.
  • Purchase and delivery of products
    We also process your personal data in order to take and handle orders, deliver products and process payments. The legal ground of the processing is the performance of a contract in accordance with Art. 6 para. 1 lit. b GDPR.
  • Answer to your inquiry via contact forms
    We also process your personal data in order to answer your inquiry you sent us via one of our contact forms. The legal ground of the processing is your consent (Art. 6 para. 1 lit. a GDPR), which you give us by sending the contact request. You have the right to revoke this consent at any time and without giving reasons (cf. Section 7).
  • Statistical analysis of our website
    We also process your personal data in order to statistically evaluate the access and use of our website through cookies. We use the gained knowledge to optimize our website. For this purpose, however, your data will only be processed if you previously have submitted your consent (Art. 6 para. 1 lit. a GDPR). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 10). For more information on the use of cookies, please refer to section 7.
  • Offering an extended range of functions of the website
    We also process your personal data in order to offer you an extended range of functions on our website. This includes, in particular, saving your language settings for future visits to our website and recognizing the time zone in which you are located. However, your data will only be processed for this purpose if you have previously submitted your consent (Art. 6 para. 1 lit. a GDPR). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 10). For more information on the use of cookies, please refer to section 7.
  • Marketing 
    We also process your personal data for marketing purposes, e.g. in order to show you ads for our products through the use of cookies on third-party websites and in order to track whether you have seen or clicked on these ads. If you have subscribed to the newsletter, created an account for our customer portal, created an account for our webstore, have signed up for an event, or have subscribed to any of our email marketing materials, we will also process your data to send you information and offers about our products. However, your data will only be processed for marketing purposes if you have previously submitted your consent (Art. 6 para. 1 lit. a GDPR). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 10). For more information on the use of cookies, please refer to section 7. 
  • Compliance with legal obligations
    We also process your personal data in order to comply with legal obligations. These include, in particular, commercial and tax retention requirements under the German Commercial Code (“Handelsgesetzbuch” / “HGB”) and the German Fiscal Code (“Abgabenordnung” / “AO”). The legal ground for the processing is Art. 6 para. 1 lit. c GDPR.
  • Assertion, exercise and defense of legal claims
    Your data may also be processed in individual cases for the assertion, exercise and defense of legal claims. The legal ground for the processing is Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.

 

5. Categories of recipients of personal data

 

  1. Within our company, only persons will have access to your personal data who need the access in order to fulfill our legal or contractual obligations.
  2. We have some of the above mentioned processes and services carried out by carefully selected and data protection compliant commissioned service providers who comply with data protection requirements. These are companies in particular from the areas of IT and marketing services. We have concluded Controller-Processor-Agreements with the service providers in accordance with Art. 28 GDPR.
  3. In addition, recipients of your personal data may be:
    1. Public agencies and institutions (e.g., law enforcement agencies) in the event of a legal or official obligation to provide information or to surrender data, as well as
    2. Courts or other authorities seized for the assertion, exercise or defense of legal claims.

 

6.  Intention to transfer personal data to a third country or an international organization

 

We transfer your personal data to service providers in the USA. We have entered into agreements with all commissioned service providers. These Agreements comply with the standard contractual clauses contained in the Annex to the European Commission's Implementing Decision 2021/914. These agreements provide appropriate safeguards to ensure an adequate level of data protection in the USA.

 

7. Cookies

 

  1. We use Cookies on this website. Cookies are text files which are stored within or by the internet browser you are using. Cookies cannot execute programs or transmit computer viruses.
  2. In particular, we use cookies which are technically necessary in order to enable you to use our website and in order to save and consider your decision about the use of other cookies. Technically necessary Cookies also ensure the security of the website. Without these cookies, certain services cannot be provided.
  3. In addition, we use performance cookies on our website. Performance Cookies allow us to collect statistical information about the access and use of our website. For example, we can determine the number of visitors and the effect of certain pages of our website. Performance Cookies enable us to generate overall statistics, e.g. on the number of views, which areas of the web pages are viewed most frequently and information on locations and on the length of the average stay on the web pages. The information generated from this is used to improve performance and to optimize the website and its content. The use of performance cookies is subject to your consent (see section 4).
  4. We also use functional cookies on the website. We use these cookies to increase the functionality of this website and for example to be able to show you videos and maps. The use of functional cookies is subject to your consent (see section 4).
  5. We also use marketing cookies. These allow us to show you ads for our products on third-party websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads. This allows us, for example, to optimize advertising campaigns. The use of marketing cookies is subject to your consent (see section 4).
  6. More Information about which cookies we specifically use on this website, as well as their functional description and storage period, can be obtained via the Consent banner and the following paragraphs.

 

8. Google Analytics

 

  1. We use Google Analytics on our website, a web analytics service provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter only "Google"). Google Analytics enables us to record and evaluate the usage behavior and website activity of our website visitors. This information enables us to design the website in a user-friendly way.
  2. Google Analytics uses cookies. The use of Google Analytics is therefore subject to your previously consent (see section 7).
    1. If you do not want your usage behavior and website activity to be available to Google Analytics, you can install a browser add-on. Please consider, that the Add-on does only affect the analysis of information by Google Analytics. It does not affect the analysis of data by other tools. Data may still be sent to the website or other web analytics services. For more information, click here.
  3. We use Google Analytics only with IP anonymization. Google will previously shorten your IP address within member states of the European Union (EU) or in other signatory states of the Agreement on the European Economic Area (EEA). The IP address is not merged with other data from Google. Nevertheless, it cannot be ruled out that Google will use this data for purposes of advertising, market research and/or to tailor its services to users' needs.
  4. Your personal data may be transferred within Google to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Your personal data may there be accessed by government authorities. It cannot be ruled out that US authorities can’t access your personal data, even if your personal data is not transferred to the parent organization of Google in the USA.

 

09. Google Maps

 

  1. On this website, we also use the Google Maps service of Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter only "Google"). Google Maps enables us to show you interactive maps directly on the website, thereby enabling you to use the map function conveniently.
  2. By accessing the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 3 para. 1 will be transmitted to Google. This occurs regardless of whether you have a user account with Google, in which you are logged in. If you are logged in into your Google user account, your data will be directly assigned to your user account. If you do not want this, you must log out of your Google account before using the map function. It cannot be ruled out that Google will use your data for the purposes of advertising, market research and/or tailoring the services to your needs.
  3. Your personal data may be transferred within Google to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and may be accessed there by government authorities. It cannot be ruled out that US authorities can’t access your personal data, even if your personal data is not transferred to the parent organization of Google in the USA.

 

10. reCAPTCHA

 

  1. In order to find out whether a contact request received via our contact forms was requested by a human being or abusively by an automated so-called bot, we also use Google reCAPTCHA on our website. reCAPTCHA is provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter only "Google").
  2. Through the use of reCAPTCHA your IP address and possibly other data will be transmitted to Google. If you are logged in into your Google user account while using reCAPTCHA, your data will be directly assigned to your user account. If you do not want this, you must log out of your Google account before using reCAPTURE. It cannot be ruled out that Google will use your data for the purposes of advertising, market research and/or tailoring the services to your needs.
  3. It can also be ruled out that your personal data will be transmitted to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and may be accessed there by government authorities. If your personal data will be transmitted to the USA, at least your IP address will regularly be shortened within the EU or EEA before it is transmitted. But even if your personal data is not transferred to the parent organization of Google in the USA, it cannot be ruled out that US authorities can access your personal data.

 

11. Hotjar

 

  1. We also use Hotjar, the web analytics service of Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141, Malta on our website. Hotjar is a tool used to analyze your user behavior on our website. Hotjar allows us to record your mouse and scrolling movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a particular spot. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your input in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
  2. Hotjar uses cookies. The use of Hotjar is therefore subject to your previously consent (see section 7).
  3. You can prevent the collection of the data generated by the cookies and related to your use of the website as well as the processing of the data by Hotjar by using the "Do-not-Track header". If you use the “Do-not-Track header” no data about you website visit will be recorded. If you use our website with different browsers/computers, you must set up the "Do-not-track header" separately for each of these browsers/computers. You can find detailed instructions with information about your browser here.

 

12. Youtube

 

  1. We have embedded Youtube videos on our website. Youtube is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter only „YouTube“). Youtube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter only “Google”).
  2. By accessing the website, YouTube receives the information that you have accessed the sub-page of our website, in which the YouTube video is embedded. In addition, the data mentioned in section 3 para. 1 will be transmitted to YouTube.
  3. However, the Youtube videos are embedded in the "extended data protection mode", which means that no personal data is transferred to Youtube as long as you do not start the videos. Only when you start the videos, data is transferred to Youtube. It can not be ruled out, that Youtube assignes your data to your Google user account or your user account with Youtube – if available. It can also not be ruled out that Youtube or Google uses this data for purposes of advertising, market research and/or to tailor its services to user’s needs. YouTube may also transfer your personal data to the USA, where it may be viewed by government authorities. We have no influence on this data transmission.

 

13. Vimeo

 

  1. On this website we have also embedded videos from Vimeo. Vimeo is – similar to Youtube – a video platform.
  2. By accessing the website, Vimeo receives the information that you have accessed the subpage of our website, in which the video is embedded. In addition, the data mentioned in section 3 paragraph 1 will be transmitted to Vimeo in the USA. This occurs regardless of whether you have a user account with Vimeo in which you are logged in. If you are logged in into you Vimeo User account, your data will be directly assigned to your user account. If you do not want this, you must log out of your Vimeo account before starting the video.
  3. It cannot be ruled out that Vimeo use your data for purposes of advertising, market research and/or tailoring its services to your needs.
  4. It also cannot be ruled out that your data may be viewed by government authorities in the USA.

 

14. Instagram

 

  1. We also use the social media plug-in from Instagram on our website. We use the so-called Shariff solution. This means that when you access our site, no data is transmitted to Instagram. Only when you activate the plug-in by clicking on it, Instagram receives the information that you have visited our website. In addition, the data mentioned in section 3 paragraph 1 will be transmitted to Instagram.
  2. Instagram belongs to the Meta (formerly: Facebook) group. Therefore, it cannot be ruled out that Instagram transfers your data to the parent organization Meta Platforms, Inc., 1601 Wilow Road Menlo Park, CA 94025 in the USA and that it may be viewed there by government authorities. Even if your personal data is not transferred to Instagram's parent organization in the USA, it cannot be ruled out that US authorities can access your personal data.
  3. It can also not be ruled out that Meta stores the data as usage profiles and uses them for the purposes of advertising, market research and/or to tailor the design of the services. We have no influence on this data processing.

 

15. Mailchimp 

  1. We have engaged The Rocket Science Group LLC d/b/a Mailchimp for our email marketing platform and for various marketing automation services. The processing of your personal data by Mailchimp is governed by their Data Processing Addendum (DPA) that aligns with GDPR and other relevant data protection laws and we abide by their Standard Terms of Use. 
  2. Mailchimp may transfer and process data globally, including to countries outside the European Economic Area. They ensure such transfers comply with the requirements of Data Protection Laws, including the GDPR. Appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission, are implemented to ensure an adequate level of data protection. 
  3. Your personal data may be transferred within Mailchimp to the parent organization Intuit Inc, 2700 Coast Ave, Mountain View, CA 94043, USA and may be accessed there by government authorities. It cannot be ruled out that US authorities can’t access your personal data, even if your personal data is not transferred to the parent organization of Mailchimp in the USA.  
  4. Mailchimp's processing activities include, but are not limited to, storage and processing necessary to provide their services, as well as disclosures required by law or as permitted under the Agreement. The categories of data subjects whose personal data might be processed include our website visitors and contacts such as subscribers and individuals who have interacted with us via our services. This includes our website, web store, customer portal, customer support, and sales teams. Mailchimp may process information you provide such as identification and contact data (including names, addresses, email addresses, personal address, company name, company address), financial information, employment details, IP addresses, usage data, and other relevant personal data as described in Annex A of their DPA. 
  5. Mailchimp is committed to maintaining appropriate technical and organizational security measures. They ensure that any sub-processors they engage also provide at least the same level of data protection as stipulated in their DPA. You can read more about these protection measures in Section 3 of their DPA 

 

17. Criteria for determination of the storage period

 

  1. Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
  2. If your data has been collected to enable you to access our website, the purpose of the processing is achieved as soon as the respective session has ended. If your data has been collected while ordering products in our webshop, the purpose of the processing is achieved after the expiry of the regular statutory limitation periods, which may vary depending on which country is affected.
  3. Statutory storage rights and obligations remain unaffected by this.

 

18. Your rights

 

  1. In accordance with Art. 7 no. 1 GDPR, you have the right to revoke consents you have given for the processing of your data at any time with effect for the future without giving reasons.
  2. In accordance with Art. 15 para. 1 GDPR, you have the right to request information from us as to whether or not we process personal data concerning you, and where that is the case, access to the personal data.
  3. In addition, you have a right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) in relation to your personal data.
  4. For data processing based on our legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object according to Art. 21 GDPR. If you object to the data processing, it will not be carried out in the future, unless we can demonstrate compelling legitimate grounds for further processing that outweigh your interest in objecting.
  5. If you yourself have provided the processed data, you have a right to data transfer according to Art. 20 DSGVO.
  6. Pursuant to Art. 77 GDPR you also have the right to lodge a complaint with a competent data protection supervisory authority.
  7. We kindly ask you to contact us in the aforementioned cases or in case of complaints by e-mail to privacy@cafeimports.com .

 

19. Obligation to provide data and possible consequences of not providing personal data

 

  1. In order to be able to access our website, you must provide the data mentioned in section 3, paragraph 1. Without this data, we will not be able to enable you to access our website.
  2. In order to be able to place an order in our webshop, you must provide those personal data that we have marked with * . Without this data, we will generally not be able to enable you to place an order or to conclude a contract with you.

 

20. Automated decision-making including profiling

 

We do not use automated decision-making including profiling.