PERSONAL DATA POLICY
Saycoffee ApS ("Saycoffee") seeks to protect individual privacy and the safekeeping of personal data in accordance with the current version of EU’s General Data Protection Regulation ("GDPR"). Saycoffee recommends that all users of the website saycoffee.dk read this Personal Data Policy carefully.
This Personal Data Policy explains what type of personal data is collected, how it is collected and for what purposes it is used, transmitted and/or stored. This Personal Data Policy applies when Saycoffee provides services and products in connection with purchases in the web shop, related services and other settings, such as communication via e-mail or an initial visit to the website saycoffee.dk.Saycoffee.dk is subject to the guidelines of EU’s General Data Protection Regulation, which among other things cover:
· that it is clearly expressed what purpose and under what jurisdiction Saycoffee manages personal data.
· that consent to process personal data is always collected in cases where it is required.
· that Saycoffee implement internal processes to protect the personal data collected and to ensures that similar claims are set for any third parties processing personal data on behalf of Saycoffee.
· that Saycoffee respect the right to gain insight into collected personal data and to demand such corrected or (in some cases) deleted.
Saycoffee is the overall responsible for the collection and processing of personal data in connection with this Personal Data Policy.
LEGAL BASIS REGARDING COLLECTION OF PERSONAL DATA
According to General Data Protection Regulation, Saycoffee may only collect personal data for specific and legitimate purposes and all collected data may not be processed if it is incompatible with those purposes. As a result, Saycoffee only process personal data where there is legal basis for doing so - i.e. based on one or more of the following:
· consent to process your personal data, for example by accepting cookies.· data processing is necessary in the preparation of a contract or in order for a concluded contract to be complied with.
· data processing is necessary for other legal interests (such as processing IP addresses in case of misuse of the website).
· data processing is necessary to comply with legal obligations (for example tax requirements).
Please note that in most situations (regarding the collection of personal data), the legal basis is determined either by a contractual purpose or other legal obligation.
THE PURPOSE OF COLLECTING PERSONAL DATA
The purpose of collecting personal data is as follows:
· delivering on a purchase in saycoffee.dk web shop.
· personal communication, for example by responding to feedback, service requests and/or handle complaints.
· input to commercial developments and personalized offerings based on behavior on the website.· automated processing of personal data to evaluate, analyse and prediction of personal preferences and interests, e.g. target marketing.
· statistical purposes and/or functions of the website.
· preference studies, as well as managing participation in campaigns, newsletters or competitions.
The definition of purpose as described in GDPR will always outweigh any local definitions, and Saycoffees Personal Data and Cookie Policies will immediately implement any changes there might occur.
COLLECTION AND PROCESSING OF PERSONAL DATA
A user can share personal data with Saycoffee in several ways, for example by:
·Purchase of coffee or other items from saycoffee.dk web shop
Saycoffee process personal data in connection with the purchase of coffee or other items, partly to be able to fulfill the purchase contract, but also to ensure that Saycoffee lives up to obligations in the Danish Product Liability Law (‘Produktansvarsloven’ in Danish). The legal basis for Saycoffees processing of personal data is therefore the fulfillment of an executed contract.
Saycoffee store personal data for as long as a customer is registered. However, if a user has not visited saycoffee.dk for a period of 5 years, Saycoffee will delete all collected personal data on this user. This is done in accordance with (i) the Danish Accounting Law (‘Regnskabslovgivningen’ in Danish) - stipulating that collectedpersonal data must be stored for 5 years from the end of the financial year and (ii) the Consumer Law (‘Forbrugerlovgivningen’ in Danish) - stipulating that collected personal data must be stored 2-year.·
Communication with customer service via email, phone, social media or in writing
If a customer contacts Saycoffee regarding a complaint or other similar inquiries, is it in most cases relevant to identify the customer and information about any previous purchases. Such personal information typically includes contact information (name, address, email and telephone number).
Complaints which include a monetary refund, a formal complaint case is opened. Such case will in most cases contain personal data, such as the claimant's identity, and in certain situations, the complaint case may also contain other people's identity (if these are relevant to the proceeding of the complaint case). The legal basis for processing personal data in complaint cases is the fulfillment of an executed contract.
If a complaint case is registered with Saycoffees customer service, personal data is stored during the entire processing period and 3 months thereafter.
· By logging on to social media, i.e. Instagram or LinkedIn
Saycoffee is active on social media platforms such as Instagram and LinkedIn, through which a user can comment on Saycoffees posts and/or send private messages. For social media platforms in general, all public comments with personal data will be deleted as soon as possible. Private messages are deleted after 3 months and will only be shared with relevant employees in Saycoffee.
The legal basis for the processing of personal data is considering interests of the involved (‘interesseafvejning’ in Danish).
· Cookies placed by Saycoffee or third parties on your computer or mobile device
The legal basis for the processing of data is consent – which a user provides when acknowledging cookies entering saycoffee.dk.
Saycoffee stores and process only personal data where consent has been granted, and Saycoffee will never use personal data for purposes other than listed in this policy. The following personal data may be processed by Saycoffee:
· contact information (first and last name, postal address, e-mail address and telephone number).
· other personal data (gender, date of birth (optional) and nationality).
· preferences, interests, previous purchases, incomplete purchases, location;
THE APPLICATION PROCESS FOR A NEW EMPLOYEE
Saycoffee sometimes searches for new employees, in which case a job opening is posted on various social media or other relevant platforms. In the hiring process, it is expected that a potential new employee submits an application which often contains personal data
- data which is used to evaluate the applicant, provide feedback and to meet legal requirements. Saycoffee does not collect more information than to ensure a thorough and fair recruitment process, and following the end of the application process, all personal data received in connection with the hiring process is deleted.
If Saycoffee use a recruitment agency, will Saycoffee always execute a data supplier agreement to ensure, that the agency meets all GDPR requirements, in accordance with Saycoffees own Personal Data Policy.
SHARING OF PERSONAL DATA
Unless permitted to do so, Saycoffee never sells personal data to third parties. Saycoffee can, however, share personal data with a third-party service partners, which performs certain processing activities on our behalf. Such activities can include the execution of a purchase agreement (e.g. a provider of payment or supplier services) or marketing activity (e.g. distributing newsletters or sales campaigns).
Saycoffee always assesses the GDPR policy of third-party partners and if this policy is not sufficiently comprehensive, Saycoffee will execute its own private policy agreements. Such agreements set out clear guidelines for how personal data may be processed. Please note that Saycoffee and any third-party service partner are separate legal entities, and Saycoffee are not considered responsible for any law breach by the third-party partner.
Saycoffee protects personal data through various security measures, for example by encrypting data and inter-corporate restrictions of access to collected personal data. Such include, if deemed necessary, data processing agreements with all data process partners, who process collected personal data on Saycoffees behalf. Security measures such as these are done to ensure that the partners are legally obliged (i) to store processed data confidential, (ii) implement the necessary security measures and (ii) inform Saycoffee, if there is a breach of data.
Note further that Saycoffee will release personal information if required by law, or where given circumstances outweigh the protection of personal data. Such circumstances may include, for example, the security of Saycoffees employees.
Personal data collected by Saycoffee are not stored longer than is necessary to fulfill the purposes noted in this policy. That said, a longer storage period may however be required given Danish law. See section 'The Collection and processing of personal data’ for details.
Saycoffee use cloud services to store personal data and as a result, personal data is subject to Saycoffees permission, processed by a cloud service provider.
Cloud services operate globally and can store data on different servers in the EU (but never outside EU). If Saycoffee has entered into a contract with a cloud service provider for the processing of personal data, Saycoffee will always ensure the necessary measures to protect personal information. Personal information will in any case be used only for the purposes for which is given in this policy.
According to General Data Protection Regulation, a user of saycoffee.dk always has the right to information about when and how Saycoffee processes personal data. A user can therefore request to see, correct or delete personal information which previously has been given to Saycoffee. In addition, the user may request an electronic copy of personal information (to the extent that this right to data portability is available to you in accordance with applicable law). To this, a user will at all-time be able to unsubscribe a subscription of newsletters or marketing letters for commercial purposes.
If you as a user have questions or comments about cookies or GDPR, these can be sent to Saycoffees' data protection e-mail GDPR@saycoffee.dk or via letter to Saycoffee ApS, Bygstubben 14, DK-2950 Vedbæk (CVR no .: 41872543).