We are committed to protecting the privacy of users of the iBrewCoffee website, iBrewCoffee mobile application(s), and/or other related services (hereinafter collectively the “iBrewCoffee Services” or the “Services”).
By using any of the iBrewCoffee Services, You hereby warrant and represent that:
We collect two basic types of information from You from Your use of the Services: Personal Data and Non-Personal Data.
Personal and non-personal data
The term “personal data” (hereinafter “Personal Data” or “Personal Information”) is defined by the Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR). You can think of Your personal data as any data that allow You to be identified or that can be correlated to you.
On the other hand, “non-personal” data cannot be correlated to any specific person. By removing identifiable parts from and anonymizing personal data, personal data may be converted into “non-personal data.”
Collection of personal data
We collect, process, and use three types of data:
- data You provide to Us voluntarily,
- data We receive when You use Our Services (create an account, publish content, make a purchase, fill any online forms, etc.), and
- data We receive from third parties.
When required, this data may include the following:
- Contact information such as e-mail address;
- Personal details such as first and last name;
- Account details such as username and password;
- Your survey answers, critiques, evaluations, or other responses;
- Connection details such as Your IP address, operating system, browser type, browser version, browser configuration, name of the Internet provider, and any other relevant information regarding Your computer and Internet connection in order to identify the type of Your device, to connect You to the website, to exchange data with Your (mobile) terminal device, or to ensure proper use of the website and an iBrewCoffee application;
- Any other information input or uploaded by You through the Services (e.g., the information You provide when completing an online form, photos You upload, feedbacks You submit, etc.);
- Or data We receive when You log in using an identity provider (e.g., if You log in with Facebook, Google, Apple ID, etc.) such as username, e-mail address, first and last name, and profile picture;
You may create an iBrewCoffee user account through the means offered by the Services such as e-mail and password login, connect using a Facebook account, connect using Google account, and/or connect using Apple ID.
Enabling access rights to Your device
For You to be able to use an iBrewCoffee application to the full extent, We will also need certain access rights to Your smartphone. For example, We need access to Your camera or Your photos if You want to attach a photo to a product. When You want to use such a function for the first time, We will ask You whether You grant Us such access rights, or We will ask You to grant Us access by selecting the appropriate settings. Generally, You may revoke such access rights at any time by changing the appropriate settings.
We offer electronic newsletters to which You may voluntarily subscribe at any time. That way, You will receive regular updates about the iBrewCoffee Services. All You need to receive Our newsletter is to provide Us with a valid e-mail address. We are committed to keeping Your e-mail address confidential and will not disclose Your e-mail address to any third parties except as allowed in the use and processing of personal data section or for the purposes of utilizing a third-party provider to send such e-mails.
In compliance with the CAN-SPAM Act, all e-mails sent from Us will clearly state who the e-mail is from and provide clear information on how to contact the sender. If You are no longer interested in receiving the newsletter, You may unsubscribe at any time using the link that is included in each newsletter. However, You will continue to receive essential transactional e-mails.
You will also transfer certain information to Us when You access Our website or iBrewCoffee application(s), e.g., Your IP address. We will also receive data about which terminal device (computer, smartphone, tablet, etc.) You are using, which browser (Internet Explorer, Safari, Firefox, etc.) You are using, the time at which You access the website, the so-called referrer, and the data volume transferred. Such data cannot be used by Us to identify the user. This data is processed for statistical purposes only. Such analyses help Us make Our Services more attractive and, if necessary, to improve Our Services.
Every time You access Our website, the aforementioned data will be automatically stored in log files. A log file automatically logs all or defined actions on a computer system. Such log files are important, for example, for process control and automation. In the case of databases, a log file tracks changes to the database of correctly executed transactions. In the event of an error (e.g., a system crash), this allows the current dataset to be restored. Log files are also created by web servers. Inter alia, the following data are logged: the address of the accessing computer, authentication fields, date and time of access, access method, the content of HTML access, status code of the web server, and information about the browser and operating system used by the client.
Other possible instances of data collection
Collection of data also happens, for example, when You contact other users or us, i.e., when You open Your iBrewCoffee user account, sign up for a subscription, or use Our Services.
Legal bases for processing Your data
We will collect, process, and use Your personal data and other data to support the delivery of iBrewCoffee Services in accordance with Our Terms and Conditions. In this section, We provide information on the legal basis for Our processing of Your Personal Data as required by Art. 13 and 14 of the GDPR, as well as provide detailed information about the purposes of collection, processing, and use of Your data.
We process Your data based on the Article 6 of the GDPR, relying on the following legal bases:
- performance of Our Services, Art. 6(1)b
- legitimate interest relating to Our Services, Art. 6(1)f
- if You have given Us Your consent to process Your data, Art. 6(1)a
- if it is necessary for Us to comply with a legal obligation, Art. 6(1)c.
We may also process the data if it is necessary to protect the vital interests of Our users and/or other people, or for the performance of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).
In addition to the specific purposes for which We may process Your Personal Data set out in this clause, We may also process any of Your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.
Use and processing of personal data
We do NOT sell or license Your Personal Data to any third party.
We process and use data (including personal data) You make available to Us voluntarily through the iBrewCoffee Services in various situations (e.g., when You send Us feedback, sign up for a newsletter, create an account, backup Your data, etc.). We also use data that are collected automatically on Our website or through the iBrewCoffee application. Finally, We may also receive data about You from third parties, for example, when another user provides Us with information about you.
We collect, process, and use data for the following purposes:
- Run and operate the iBrewCoffee Services;
- Create and manage user accounts;
- Backup Your data and photos, if applicable;
- Fulfill and manage orders;
- Deliver products or services;
- Improve products and services;
- Customize products and services;
- Recognize You when You return to Our Services;
- Send administrative information;
- Send marketing and promotional communications;
- Provide tips, news, and/or updates;
- Conduct analytics;
- Track sales data;
- Respond to inquiries and offer support;
- Respond to Your queries and requests;
- Investigate complaints;
- Request user feedback;
- Improve user experience;
- Post customer testimonials;
- To assess Your right to receive certain types of offers or services;
- Enforce terms and conditions and policies;
- Protect from abuse and malicious users;
- Respond to legal requests and prevent harm;
- To comply with Our legal obligations to prevent any unlawful use of the website or Asana Rebel application(s), to protect the security of Our Service, to detect and prevent fraud or abuse, to settle disputes, and to enforce Our contracts;
- For any other purposes to which You have consented in a particular case,
- or otherwise as permitted by applicable law.
Sharing of personal data
Depending on the requested Services or as necessary to complete any transaction or provide any service You have requested, We may share Your information with Our trusted third parties that work with us, any other affiliates and subsidiaries We rely upon to assist in the operation of the Services available to you.
We do not share Personal Data with unaffiliated third parties. These service providers are not authorized to use or disclose Your information except as necessary to perform services on Our behalf or comply with legal requirements. We may share Your Personal Data for these purposes only with third parties whose privacy policies are consistent with ours or who agree to abide by Our policies with respect to Personal Data. These third parties are given Personal Data they need only in order to perform their designated functions, and We do not authorize them to use or disclose Personal Data for their own marketing or other purposes.
We will disclose any Personal Data We collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when We believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. In the event We go through a business transition, such as a merger or acquisition by another company or sale of all or a portion of its assets, Your user account and Personal Data will likely be among the assets transferred.
List of trusted service providers:
- Apple App Store - https://www.apple.com/legal/privacy/
- Google Play Services - https://www.google.com/policies/privacy/
- Google Cloud - https://cloud.google.com/security/privacy
- Facebook - https://www.facebook.com/about/privacy/update/printable (Facebook login)
- RevenueCat - https://www.revenuecat.com/privacy (subscriptions and purchases)
- Amplitude - https://amplitude.com/privacy (analytics)
- Sentry - https://sentry.io/privacy/ (crash and error reporting)
- Plausible - https://plausible.io/privacy (web only, privacy aware analytics)
Links to other resources
The iBrewCoffee Services contain links to other resources that are not owned or controlled by us. Please be aware that We are not responsible for the privacy practices of such other resources or third parties. We encourage You to be aware when You leave the iBrewCoffee application and Services and to read the privacy statements of each and every resource that may collect Personal Data.
How long We store Your Information
Your Information is kept for as long as necessary to achieve the purposes set out above. Generally, it is stored for as long as You are registered and using Our Services, and then for up to six years from the date You stop using the Services, or promptly following a valid erasure request.
Some information We collect will be stored for longer where We have an overriding legitimate interest to retain such information (for example, information on suspicious behaviour of certain users of Our Services and transaction records). We may use any aggregated data derived from or incorporating Your data after You update or delete it, but not in a manner that would identify You personally.
In some cases, it is not possible for Us to specify in advance the periods for which Your Personal Data will be retained. In such cases, We will determine the period of retention based on Our legitimate interests, namely the proper administration of Our Services. Notwithstanding the other provisions of this Section, We may retain Your Personal Data where such retention is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.
Your data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (‘EEA‘) for the purposes of Us providing the Services. It may also be processed by staff operating outside the EEA who work for us, another corporate entity within Our group, or any of Our suppliers. By submitting Your data, You explicitly consent to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Policy.
When deleting Information, We will take measures to make the Information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.
Although the transmission of Information via the internet is not completely secure, We strive to minimize this risk as much as possible. We may also take extra steps to protect Your Information and minimize the Information We process, and when We send or receive Your Information, it is encrypted with TLS 1.1 or above. Additionally, We are not responsible for how third party integration services may collect, use or share the Information You send from the Services.
Your data privacy rights
You may exercise certain rights regarding Your information processed by us. In particular, You have the right to do the following:
- You have the right to withdraw consent where You have previously given Your consent to the processing of Your information;
- You have the right to object to the processing of Your information if the processing is carried out on a legal basis other than consent;
- You have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing;
- You have the right to verify the accuracy of Your information and ask for it to be updated or corrected;
- You have the right, under certain circumstances, to restrict the processing of Your information, in which case, We will not process Your information for any purpose other than storing it;
- You have the right, under certain circumstances, to obtain the erasure of Your Personal Information from us;
- You have the right to receive Your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
This provision is applicable provided that Your information is processed by automated means and that the processing is based on Your consent, on a contract which You are part of or on pre-contractual obligations thereof.
Data protection rights under GDPR
If You are a citizen of the EU, We have summarized the rights that You have under the General Data Protection Regulation (GDPR) in this Section. Some of the rights are complex, and not all of the details have been included in Our summaries. Accordingly, You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
In certain circumstances, You have the following data protection rights:
- You have the right to request access to Your Personal Information that We store and have the ability to access Your Personal Information.
- You have the right to request that We correct any Personal Information You believe is inaccurate. You also have the right to request Us to complete the Personal Information You believe is incomplete.
- You have the right to request the erase Your Personal Information under certain conditions of this Policy.
- You have the right to object to Our processing of Your Personal Information.
- You have the right to seek restrictions on the processing of Your Personal Information. When You restrict the processing of Your Personal Information, We may store it but will not process it further.
- You have the right to be provided with a copy of the information We have on You in a structured, machine-readable and commonly used format.
- You also have the right to withdraw Your consent at any time where the Operator relied on Your consent to process Your Personal Information.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Information. For more information, please contact Your local data protection authority in the European Economic Area (EEA).
California Privacy Rights
If You are a California resident, California Civil Code Section 1798.83 permits You to request and obtain from Us information regarding the disclosure of Your Personal Data to the third parties for direct marketing purposes in the preceding calendar year, free of charge, once a year.
How to exercise these rights
Any requests to exercise Your rights can be directed to Us through the contact details provided in this document. Please note that We may ask You to verify Your identity before responding to such requests. Your request must provide sufficient information that allows Us to verify that You are the person You are claiming to be or that You are the authorized representative of such person. You must include sufficient details to allow Us to properly understand the request and respond to it. We cannot respond to Your request or provide You with Personal Information unless We first verify Your identity or authority to make such a request and confirm that the Personal Information relates to you.
How We respond to DNT signals
Your browser settings may allow You to automatically transmit a Do Not Track signal to websites and other online services You visit. We do not alter Our practices when We receive a Do Not Track signal from a visitor’s browser because We do not track Our visitors to provide targeted advertising. To find out more about Do Not Track, please visit https://www.allaboutdnt.com.
Privacy of children
We do not knowingly collect any Personal Information from children under the age of 16. The Services are intended for use only by persons who are at least 16 years of age. By using the services, You confirm to Us that You meet this requirement. If You are under the age of 16, You confirm You have received permission from Your parent or guardian before using the Services or sending Us personal information.
If We discover that a child under the age of 16 has provided Us with Personal Data and We do not have parental consent, We will immediately delete that child’s information.
In the event We become aware that the security of the Services has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, We reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, We will make reasonable efforts to notify affected individuals if We believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When We do, We will send You an e-mail.
Contact details of the Data Controller and Data Protection Officer
If You have questions or concerns regarding this policy or if You need to make a request please contact Us at:
Contact Data Controller:
Contact Data Protection Officer:
This document was last updated on November 1, 2020