data protection
1. ALGEMEINE INFORMATION(1.1) Below we provide information about the collection of personal data when using our websites www.shop.mycoffeecup.de, www.mycoffeecup.de, https://www.my-cups.at/de, (1.2) Responsible person according to Art. 4 Abs. 7 EU General Data Protection Regulation (GDPR) is Unicaps GmbH, Im Technologiepark 6, 15236 Frankfurt (Oder), helpdesk@unicaps.eu. The person responsible for www.my-cups.ch is Unicaps Suisse, Seestrasse 5a, CH-8810 Horgen, helpdesk@unicaps.eu.(1.3) The contact details of our data protection officer are: Mr. Udo Wenzel, Im Technologiepark 6, 15236 Frankfurt (Oder), email: datenschutz@unicaps.eu.(1.4) When you contact us by email, the personal data you provide (your email address, if applicable) will be used. Your name and telephone number) will be stored by us in order to respond to your request. We delete the personal data arising in this context 3 months after storage is no longer necessary, or restrict processing if there are statutory retention requirements.2. YOUR RIGHTS
(2.1) You have the following rights towards us with regard to the personal data concerning you:
- Right to information,
- Right to correction or deletion,
- Right to restriction of Processing,
- Right to object to processing (see section 10),
- Right to data portability.
(2.2) You also have the right to complain to the relevant data protection supervisory authority about our processing of your personal data if you believe that our processing of your personal data is unlawful: https://datenschutz.hessen.de
3. DATA PROCESSING WHEN VISITING OUR WEBSITE
(3.1) LOG FILES (INTERNET PROTOCOLS)
When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you choose to view our website, we may collect the following: personal data that is technically necessary for us to display our website to you and to ensure stability and security (our legitimate interest; legal basis is Art. 6 Abs. 1 S. 1 f) GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)- Access status/HTTP status code
- Amount of data transferred
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
If you register as a My Cups customer, we process the mandatory information marked with an asterisk (e.g.B. name, email address). Other personal data (e.g.B. Address) you can voluntarily enter in your profile.
We process this personal data in order to maintain a user account for you and to enable you to use the website more conveniently and to order more easily. The legal basis is Art. 6 Abs. 1 S. 1 b) DS-GVO.
Your registration data will be deleted if we or you end the usage relationship (e.g.B. upon termination), unless we have the right to continue storing the personal data for another reason.If you place an order in our online shop, we collect personal data from you as part of the ordering process. The fields marked with an asterisk are mandatory. You can provide further personal data voluntarily.
If you are a registered My Cups customer and have logged in, we will take personal data from your user account for the order.
We process this personal data to conclude the contract and process your order. The legal basis is Art. 6 Abs. 1 S. 1 b) DS-GVO.
We are legally obliged to store this personal data for a period of ten years. Your personal data will therefore not be completely deleted even after the contract has been processed. However, processing will only take place to the extent necessary to comply with legal obligations. The legal basis is Art. 6 Abs. 1 S. 1 c) DS-GVO.As a consumer, you can use our contact form to get in touch with us. For this we need the mandatory information marked with an asterisk (e.g.B. name, email address). You can provide further personal data voluntarily.
This personal data will only be used to contact you (our legitimate interest, legal basis is Art. 6 Abs. 1 S. 1 f) DS-GVO) Your personal data will be automatically deleted 3 months after your request has been answered, unless there is a legal basis for longer storage (such as an existing contractual relationship) or statutory retention periods.As an entrepreneur, you can use our contact form for corporate customers to get in touch with us. For this we need the mandatory information marked with an asterisk (e.g.B. name, email address). You can provide further personal data voluntarily.
This personal data will only be used to contact you (our legitimate interest, legal basis is Art. 6 Abs. 1 S. 1 f) DS-GVO) Your personal data will be automatically deleted 3 months after your request has been answered, unless there is a legal basis for longer storage (such as an existing contractual relationship) or statutory retention periods.If you register for our newsletter, we will use the data required for this or provided separately by you to regularly send you our email newsletter based on your consent Art. 6 Abs. 1 S. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After you unsubscribe, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.As an entrepreneur, you can order a business newsletter from us by entering the mandatory information marked with an asterisk on our website and submitting it. You can provide further personal data voluntarily. We will then contact you at the email address and ask you to confirm that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in; legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO).
You can revoke your consent to the use of your personal data for the newsletter at any time. In this case we will delete your personal data. We will also delete your personal data if we have evidence that it is no longer correct. If you do not confirm your email address, we will also delete your personal data 3 months after we receive it. We do not carry out deletions if we have the right to further storage for another reason or if we are obliged to do so due to legal retention obligations.With your express consent, we will regularly inform you about promotions, vouchers and trends and process your email address for this purpose (legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO).
You can withdraw your consent to the use of your personal data for advertising purposes at any time. In this case we will delete your personal data. We will also delete your personal data if we have evidence that it is no longer correct. We do not carry out deletions if we have the right to further storage for another reason or if we are obliged to do so due to legal retention obligations.We can also process your personal data if we offer participation in campaigns, competitions or similar services. You will receive further information about this when you provide your personal data.
4. EXTERNAL SERVICE PROVIDERS
We use external service providers to process your order:
(4.1) We transmit your address details to shipping companies. These shipping companies are obliged to treat your personal data confidentially and to process it exclusively for the purpose of delivery. After delivery, the personal data must be deleted. The legal basis for the transmission of personal data is Art. 6 Abs. 1 S. 1 b) DS-GVO.
(h.2) Except for the payment method “advance payment”, we transmit the personal data required to process the payment (“payment data”) to the commissioned credit institution or passed on to the selected payment service provider in order to enable payment processing. The responsibility for your payment data lies with the respective payment service provider. Information in particular about who is the responsible party for the payment method you have selected and what data processing the payment service provider carries out can be found at the following internet addresses. The legal basis for the transmission is Art. 6 Abs. 1 S. 1 b) DS-GVO.
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. B Name, payment amount, account details, credit card number) processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection regulations of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 Abs. 1 lit. b GDPR (contract processing) and in the interest of making the payment process as smooth, comfortable and secure as possible (Art. 6 Abs. 1 lit. f DSGVO). If your consent is requested for certain actions, Art. 6 Abs. 1 lit. a GDPR legal basis for data processing; Consent can be revoked at any time in the future.
We use the following payment services/payment service providers on this website:
(4.21) PAYPAL
The provider of this payment service is PayPal (Europe) S.has.rl and Cie, St.CA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e.g. B installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can read details about this in Klarna's data protection declaration at the following link: https://www.klarna.com/de/datenschutz/.The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter “VISA”).
Great Britain is considered a safe third country in terms of data protection law. This means that Great Britain has a level of data protection equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For further information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.The provider of this payment service is American Express Europe S.A, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).
American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing- principles/.
For more information, see American Express's privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.The provider of this payment service is Amazon Payments Europe S.CA, 38 avenue J.F Kennedy, L-1855 Luxembourg.
You can read details about how your data is handled in Amazon Pay's privacy policy at the following link:
https://pay.amazon.de/help/201212490?ld=APDELPADirect.
5. COOKIES
(5.1) In addition to the personal data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the place that sets the cookie (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.
(5.2) Use of cookies:
(5.21) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see 5.22)
- Persistent cookies (see 5.23)
(5.22) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
(5.23) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings. We use the following persistent cookies on the website:
- Google Analytics (ga – storage period: 2 years,_gid – storage period: 1 day). You can find more information about Google Analytics under Section 6.
- Google Marketing Platform (IDE – storage period: 390 days). You can find more information about the Google Marketing Platform under Section 7.
- Facebook Custom Audiences (fbp – storage period: 90 days, fr – storage period: 90 days). You can find more information about Facebook Custom Audiences under Section 8.
- as well as a cookie with which we can store the contents of your shopping cart (basketSessionId – storage period: 7 days).
(5.24) The cookies we use are necessary for the technical implementation of interactive user functions. For example, cookies enable the contents of your virtual shopping cart to be retained across multiple websites. In addition, we use cookies in accordance with this data protection declaration to provide our services in a technically error-free and optimized manner. The data processed by cookies may be Personal data is used for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Abs. 1 S. 1 f) GDPR required.
(5.25) We also use cookies to collect statistical data about the general usage behavior of our users. By evaluating this data, we gain a better understanding of the needs of our users, so that we can further develop our website in a more targeted manner and improve the overall user experience. However, these cookies do not contain any personal data and are not linked to such data.
(5.26) We also use cookies for analysis and targeting purposes. Further information on the legal basis can be found in sections 6, 7 and 8.
(5.27) You can configure your browser setting according to your wishes and e.g. B Decline to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all of the functions of this website.
(5.29) Consent with Usercentrics
This website uses Usercentrics' consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website:
https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you enter our website, the following personal data will be transmitted to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Usercentrics also stores a cookie in your browser to give you the consent you have given. to be able to assign their revocation. The data collected in this way will be stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 Abs. 1 lit. c DSGVO.
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract required by data protection law that ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
6. USE OF GOOGLE ANALYTICS
(6.1) This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as: B Page views, length of stay, operating systems used and origin of the user. This data may be used by Google. summarized in a profile that is specific to the respective user or whose terminal device is assigned.
We can also use Google Analytics etc. a Record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to complement the data sets collected and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. B Cookies oder Device-Fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 Abs. 1 lit. f DSGVO The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested (e.g. B consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Abs. 1 lit. a GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
(sh.2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(sh.3) You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also choose to collect the data generated by the cookie and related to your use of the website (incl. Your IP address) to Google and prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
(sh.4) As an alternative to the browser add-on or on mobile devices, you can prevent data collection by Google Analytics by clicking on the following link. An opt-out cookie is set that prevents the future collection of your data when you visit our website/our online shop: deactivate Google Analytics. If you delete your cookies, you will need to click this link again. In order to prevent Google Analytics from collecting data across different devices, you must opt out on all systems used.
(sh.5) We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
(sh.6) We use Google Analytics to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Section 15 Para. 3 TMG or Art. 6 Abs. 1 S. 1 f) DS-GVO Sessions and campaigns end after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns end after 6 months. The time limit for campaigns can be a maximum of 2 years.
(sh.7) Storage durationUser and event-level data stored by Google, which is linked to cookies, user identifiers (e.g. B User ID) or advertising IDs (e.g. B DoubleClick cookies, Android advertising ID) are anonymized after 2 months. deleted Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
(6.8) With your consent, this website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. The legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO
(sh.9) Order processingWe have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
7. USE OF GOOGLE MARKETING PLATFORM
(7.1) This website uses the Google Marketing Platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The Google Marketing Platform uses cookies to serve ads that are relevant to users, improve campaign performance reporting, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which advertisements are shown in which browser and can thus prevent them from being displayed multiple times. In addition, the Google Marketing Platform can use so-called cookie IDs. Track conversions related to ad requests. This is the case, for example, when a user sees an ad and later visits the advertiser's website using the same browser and buys something there. According to Google, Google Marketing Platform cookies do not contain any personal information.
(sh.2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: By integrating the Google Marketing Platform, Google receives the information that you have accessed the corresponding part of our website accessed our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or If you have not logged in, there is a possibility that Google will find out and store your IP address.(sh.3) The legal basis for the processing of your data is your consent (Art. 6 Abs. 1 S. 1 a) DS-GVO). You can revoke your consent at any time [here].(sh.4) Further information about the Google Marketing Platform can be found at https://marketingplatform.google.com, as well as data protection at Google in general: https://policies.google.com/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.8. USE OF FACEBOOK CUSTOM AUDIENCES
(8.1) The website uses the remarketing function “Custom Audiences” from Facebook Inc. („Facebook“). This means that users of the website can be shown interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other websites that also use the process. Our aim is to show you advertising that is of interest to you in order to make our website more interesting for you.
(8.2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of ours Visited our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or If you have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing responsible (Art. 26 GDPR). The joint responsibility is limited exclusively to collecting the data and passing it on to Facebook. The processing carried out by Facebook after the forwarding is not part of the shared responsibility. The obligations we share have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Rights of those affected (e.g. B You can submit requests for information regarding the data processed by Facebook directly to Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook.
You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.
(8.3) We do not transmit any (hashed) email addresses to Facebook and do not carry out any “automatic extended matching” in which additional user data would be transmitted.(8.4) Third party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries. Terms of use: https://www.facebook.com/legal/terms/update, Data protection overview: https://de-de.facebook.com/privacy/explanation.The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
(8.5) The legal basis for the processing of your data is your consent (Art. 6 Abs. 1 S. 1 a) DS-GVO). You can revoke your consent at any time [here].9. RECIPIENTS OF YOUR DATA / THIRD COUNTRY TRANSFER
(9.1) Apart from the recipients named above in sections 4, 6, 7 and 8, we may disclose or forward your personal data to IT service providers. The IT service providers are carefully selected by us and act as contract processors for us.
(ia.2) In addition, your personal data will only be transferred to third parties if and to the extent that this is legally permissible and is necessary for the fulfillment of contracts concluded with you or to carry out the services (legal basis in this respect is Art. 6 Abs. 1 S. 1 b) GDPR), you have given us your consent to the transfer (legal basis is Art. 6 Abs. 1 S. 1 a) GDPR), the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data (legal basis is in accordance with Art. 6 Abs. 1 S. 1 f) GDPR) or in the event that there is a legal obligation for the transfer (legal basis Art. 6 Abs. 1 S. 1 c) DS-GVO).(ia.3) If personal data is to be transferred to a country outside the European Economic Area (EEA), we will inform you about this in these data protection regulations or when collecting the personal data.10. REVOKAL OF CONSENT OR OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA
(10.1) If you have given your consent to the processing of your personal data, you can revoke this at any time. Such a revocation affects the lawfulness of the processing of your personal data after you have expressed it to us.
(10.2) If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the situation and will either stop data processing or or show you our compelling legitimate reasons on the basis of which we continue processing.(10.3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising under section 1.2 contact details provided.11. LINKEDIN
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
Object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. In order to prevent data collected on our website from being linked by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before you visit our website.
We have concluded an order processing contract with LinkedIn.
2. YOUR RIGHTS
(2.1) You have the following rights towards us with regard to the personal data concerning you:
- Right to information,
- Right to correction or deletion,
- Right to restriction of Processing,
- Right to object to processing (see section 10),
- Right to data portability.
(2.2) You also have the right to complain to the relevant data protection supervisory authority about our processing of your personal data if you believe that our processing of your personal data is unlawful: https://datenschutz.hessen.de
3. DATA PROCESSING WHEN VISITING OUR WEBSITE
(3.1) LOG FILES (INTERNET PROTOCOLS)
When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you choose to view our website, we may collect the following: personal data that is technically necessary for us to display our website to you and to ensure stability and security (our legitimate interest; legal basis is Art. 6 Abs. 1 S. 1 f) GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Access status/HTTP status code
- Amount of data transferred
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
If you register as a My Cups customer, we process the mandatory information marked with an asterisk (e.g.B. name, email address). Other personal data (e.g.B. Address) you can voluntarily enter in your profile.
We process this personal data in order to maintain a user account for you and to enable you to use the website more conveniently and to order more easily. The legal basis is Art. 6 Abs. 1 S. 1 b) DS-GVO.
Your registration data will be deleted if we or you end the usage relationship (e.g.B. upon termination), unless we have the right to continue storing the personal data for another reason.
If you place an order in our online shop, we collect personal data from you as part of the ordering process. The fields marked with an asterisk are mandatory. You can provide further personal data voluntarily.
If you are a registered My Cups customer and have logged in, we will take personal data from your user account for the order.
We process this personal data to conclude the contract and process your order. The legal basis is Art. 6 Abs. 1 S. 1 b) DS-GVO.
We are legally obliged to store this personal data for a period of ten years. Your personal data will therefore not be completely deleted even after the contract has been processed. However, processing will only take place to the extent necessary to comply with legal obligations. The legal basis is Art. 6 Abs. 1 S. 1 c) DS-GVO.
As a consumer, you can use our contact form to get in touch with us. For this we need the mandatory information marked with an asterisk (e.g.B. name, email address). You can provide further personal data voluntarily.
This personal data will only be used to contact you (our legitimate interest, legal basis is Art. 6 Abs. 1 S. 1 f) DS-GVO) Your personal data will be automatically deleted 3 months after your request has been answered, unless there is a legal basis for longer storage (such as an existing contractual relationship) or statutory retention periods.
As an entrepreneur, you can use our contact form for corporate customers to get in touch with us. For this we need the mandatory information marked with an asterisk (e.g.B. name, email address). You can provide further personal data voluntarily.
This personal data will only be used to contact you (our legitimate interest, legal basis is Art. 6 Abs. 1 S. 1 f) DS-GVO) Your personal data will be automatically deleted 3 months after your request has been answered, unless there is a legal basis for longer storage (such as an existing contractual relationship) or statutory retention periods.
If you register for our newsletter, we will use the data required for this or provided separately by you to regularly send you our email newsletter based on your consent Art. 6 Abs. 1 S. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After you unsubscribe, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.
As an entrepreneur, you can order a business newsletter from us by entering the mandatory information marked with an asterisk on our website and submitting it. You can provide further personal data voluntarily. We will then contact you at the email address and ask you to confirm that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in; legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO).
You can revoke your consent to the use of your personal data for the newsletter at any time. In this case we will delete your personal data. We will also delete your personal data if we have evidence that it is no longer correct. If you do not confirm your email address, we will also delete your personal data 3 months after we receive it. We do not carry out deletions if we have the right to further storage for another reason or if we are obliged to do so due to legal retention obligations.
With your express consent, we will regularly inform you about promotions, vouchers and trends and process your email address for this purpose (legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO).
You can withdraw your consent to the use of your personal data for advertising purposes at any time. In this case we will delete your personal data. We will also delete your personal data if we have evidence that it is no longer correct. We do not carry out deletions if we have the right to further storage for another reason or if we are obliged to do so due to legal retention obligations.
We can also process your personal data if we offer participation in campaigns, competitions or similar services. You will receive further information about this when you provide your personal data.
4. EXTERNAL SERVICE PROVIDERS
We use external service providers to process your order:
(4.1) We transmit your address details to shipping companies. These shipping companies are obliged to treat your personal data confidentially and to process it exclusively for the purpose of delivery. After delivery, the personal data must be deleted. The legal basis for the transmission of personal data is Art. 6 Abs. 1 S. 1 b) DS-GVO.
(h.2) Except for the payment method “advance payment”, we transmit the personal data required to process the payment (“payment data”) to the commissioned credit institution or passed on to the selected payment service provider in order to enable payment processing. The responsibility for your payment data lies with the respective payment service provider. Information in particular about who is the responsible party for the payment method you have selected and what data processing the payment service provider carries out can be found at the following internet addresses. The legal basis for the transmission is Art. 6 Abs. 1 S. 1 b) DS-GVO. We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. B Name, payment amount, account details, credit card number) processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection regulations of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 Abs. 1 lit. b GDPR (contract processing) and in the interest of making the payment process as smooth, comfortable and secure as possible (Art. 6 Abs. 1 lit. f DSGVO). If your consent is requested for certain actions, Art. 6 Abs. 1 lit. a GDPR legal basis for data processing; Consent can be revoked at any time in the future.
We use the following payment services/payment service providers on this website:
(4.21) PAYPAL
The provider of this payment service is PayPal (Europe) S.has.rl and Cie, St.CA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e.g. B installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can read details about this in Klarna's data protection declaration at the following link: https://www.klarna.com/de/datenschutz/.
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter “VISA”).
Great Britain is considered a safe third country in terms of data protection law. This means that Great Britain has a level of data protection equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For further information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
The provider of this payment service is American Express Europe S.A, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).
American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing- principles/.
For more information, see American Express's privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.
The provider of this payment service is Amazon Payments Europe S.CA, 38 avenue J.F Kennedy, L-1855 Luxembourg.
You can read details about how your data is handled in Amazon Pay's privacy policy at the following link:
https://pay.amazon.de/help/201212490?ld=APDELPADirect.5. COOKIES
(5.1) In addition to the personal data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the place that sets the cookie (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.
(5.2) Use of cookies: (5.21) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see 5.22)
- Persistent cookies (see 5.23)
(5.22) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
(5.23) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings. We use the following persistent cookies on the website: - Google Analytics (ga – storage period: 2 years,_gid – storage period: 1 day). You can find more information about Google Analytics under Section 6.
- Google Marketing Platform (IDE – storage period: 390 days). You can find more information about the Google Marketing Platform under Section 7.
- Facebook Custom Audiences (fbp – storage period: 90 days, fr – storage period: 90 days). You can find more information about Facebook Custom Audiences under Section 8.
- as well as a cookie with which we can store the contents of your shopping cart (basketSessionId – storage period: 7 days).
(5.24) The cookies we use are necessary for the technical implementation of interactive user functions. For example, cookies enable the contents of your virtual shopping cart to be retained across multiple websites. In addition, we use cookies in accordance with this data protection declaration to provide our services in a technically error-free and optimized manner. The data processed by cookies may be Personal data is used for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Abs. 1 S. 1 f) GDPR required.
(5.25) We also use cookies to collect statistical data about the general usage behavior of our users. By evaluating this data, we gain a better understanding of the needs of our users, so that we can further develop our website in a more targeted manner and improve the overall user experience. However, these cookies do not contain any personal data and are not linked to such data. (5.26) We also use cookies for analysis and targeting purposes. Further information on the legal basis can be found in sections 6, 7 and 8. (5.27) You can configure your browser setting according to your wishes and e.g. B Decline to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all of the functions of this website. (5.29) Consent with Usercentrics This website uses Usercentrics' consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website:
https://usercentrics.com/de/ (hereinafter “Usercentrics”).When you enter our website, the following personal data will be transmitted to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Usercentrics also stores a cookie in your browser to give you the consent you have given. to be able to assign their revocation. The data collected in this way will be stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 Abs. 1 lit. c DSGVO.
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract required by data protection law that ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
6. USE OF GOOGLE ANALYTICS
(6.1) This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as: B Page views, length of stay, operating systems used and origin of the user. This data may be used by Google. summarized in a profile that is specific to the respective user or whose terminal device is assigned.
We can also use Google Analytics etc. a Record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to complement the data sets collected and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. B Cookies oder Device-Fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 Abs. 1 lit. f DSGVO The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested (e.g. B consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Abs. 1 lit. a GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.(sh.2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. (sh.3) You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also choose to collect the data generated by the cookie and related to your use of the website (incl. Your IP address) to Google and prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
(sh.4) As an alternative to the browser add-on or on mobile devices, you can prevent data collection by Google Analytics by clicking on the following link. An opt-out cookie is set that prevents the future collection of your data when you visit our website/our online shop: deactivate Google Analytics. If you delete your cookies, you will need to click this link again. In order to prevent Google Analytics from collecting data across different devices, you must opt out on all systems used. (sh.5) We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. (sh.6) We use Google Analytics to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Section 15 Para. 3 TMG or Art. 6 Abs. 1 S. 1 f) DS-GVO Sessions and campaigns end after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns end after 6 months. The time limit for campaigns can be a maximum of 2 years. (sh.7) Storage duration User and event-level data stored by Google, which is linked to cookies, user identifiers (e.g. B User ID) or advertising IDs (e.g. B DoubleClick cookies, Android advertising ID) are anonymized after 2 months. deleted Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
(6.8) With your consent, this website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. The legal basis is Art. 6 Abs. 1 S. 1 a) DS-GVO
(sh.9) Order processing We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
7. USE OF GOOGLE MARKETING PLATFORM
(7.1) This website uses the Google Marketing Platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The Google Marketing Platform uses cookies to serve ads that are relevant to users, improve campaign performance reporting, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which advertisements are shown in which browser and can thus prevent them from being displayed multiple times. In addition, the Google Marketing Platform can use so-called cookie IDs. Track conversions related to ad requests. This is the case, for example, when a user sees an ad and later visits the advertiser's website using the same browser and buys something there. According to Google, Google Marketing Platform cookies do not contain any personal information.
(sh.2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: By integrating the Google Marketing Platform, Google receives the information that you have accessed the corresponding part of our website accessed our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or If you have not logged in, there is a possibility that Google will find out and store your IP address. (sh.3) The legal basis for the processing of your data is your consent (Art. 6 Abs. 1 S. 1 a) DS-GVO). You can revoke your consent at any time [here]. (sh.4) Further information about the Google Marketing Platform can be found at https://marketingplatform.google.com, as well as data protection at Google in general: https://policies.google.com/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. 8. USE OF FACEBOOK CUSTOM AUDIENCES
(8.1) The website uses the remarketing function “Custom Audiences” from Facebook Inc. („Facebook“). This means that users of the website can be shown interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other websites that also use the process. Our aim is to show you advertising that is of interest to you in order to make our website more interesting for you.
(8.2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of ours Visited our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or If you have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features. If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing responsible (Art. 26 GDPR). The joint responsibility is limited exclusively to collecting the data and passing it on to Facebook. The processing carried out by Facebook after the forwarding is not part of the shared responsibility. The obligations we share have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Rights of those affected (e.g. B You can submit requests for information regarding the data processed by Facebook directly to Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook.You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.
(8.3) We do not transmit any (hashed) email addresses to Facebook and do not carry out any “automatic extended matching” in which additional user data would be transmitted. (8.4) Third party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries. Terms of use: https://www.facebook.com/legal/terms/update, Data protection overview: https://de-de.facebook.com/privacy/explanation. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.(8.5) The legal basis for the processing of your data is your consent (Art. 6 Abs. 1 S. 1 a) DS-GVO). You can revoke your consent at any time [here]. 9. RECIPIENTS OF YOUR DATA / THIRD COUNTRY TRANSFER
(9.1) Apart from the recipients named above in sections 4, 6, 7 and 8, we may disclose or forward your personal data to IT service providers. The IT service providers are carefully selected by us and act as contract processors for us.
(ia.2) In addition, your personal data will only be transferred to third parties if and to the extent that this is legally permissible and is necessary for the fulfillment of contracts concluded with you or to carry out the services (legal basis in this respect is Art. 6 Abs. 1 S. 1 b) GDPR), you have given us your consent to the transfer (legal basis is Art. 6 Abs. 1 S. 1 a) GDPR), the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data (legal basis is in accordance with Art. 6 Abs. 1 S. 1 f) GDPR) or in the event that there is a legal obligation for the transfer (legal basis Art. 6 Abs. 1 S. 1 c) DS-GVO). (ia.3) If personal data is to be transferred to a country outside the European Economic Area (EEA), we will inform you about this in these data protection regulations or when collecting the personal data. 10. REVOKAL OF CONSENT OR OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA
(10.1) If you have given your consent to the processing of your personal data, you can revoke this at any time. Such a revocation affects the lawfulness of the processing of your personal data after you have expressed it to us.
(10.2) If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the situation and will either stop data processing or or show you our compelling legitimate reasons on the basis of which we continue processing. (10.3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising under section 1.2 contact details provided. 11. LINKEDIN
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.Object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. In order to prevent data collected on our website from being linked by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before you visit our website.
We have concluded an order processing contract with LinkedIn.
Get a 10% voucher now
Newsletter Sign up
Sign up for our newsletter to keep up with all the latest news from the coffee world