Privacy Policy

We are committed to protecting the privacy of users of the iBrewCoffee website, iBrewCoffee mobile application(s), and/or other related services (hereinafter collectively the “iBrewCoffee Services” or the “Services”).

In this Privacy Policy, “We”, “Us”, and “Our” refer to iBrewCoffee. For the purposes of this Privacy Policy, iBrewCoffee is the “Data Controller” and ”Data Protection Officer” for all iBrewCoffee Services with respect to the Personal Data of visitors, users, clients, and customers (“You” or “Your”).

This Privacy Policy describes the types of personal and non-personal data We collect and how We use such data. It also describes Your choices regarding Our use of Your Personal Data and how You can access and update this information. This Privacy Policy is part of Our Terms and Conditions and applies to all iBrewCoffee Services. Therefore, please make sure that You read and understand Our Privacy Policy, as well as the Terms and Conditions.

This Privacy Policy does not apply to any third-party websites, services, or applications, even if they may be accessible through the iBrewCoffee Services.

By using any of the iBrewCoffee Services, You hereby warrant and represent that:

  • You have read, understand, and agreed to be bound by this Privacy Policy,
  • You are over 16 years of age (or are a parent or guardian with such authority to agree to this Privacy Policy for the benefit of an individual under 16 years of age).

If You do not accept the terms outlined in this Privacy Policy and the consents associated therewith, please do not use Our Services.

Your Data

iBrewCoffee strives to provide You with the best possible service. In order to provide this service, We may need to collect information from You from time to time. At all times, We try to only collect the information We need for the particular function or activity We are carrying out and use it in accordance with this privacy policy.

We collect two basic types of information from You from Your use of the Services: Personal Data and Non-Personal Data.

Personal and non-personal data

The term “personal data” (hereinafter “Personal Data” or “Personal Information”) is defined by the Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR). You can think of Your personal data as any data that allow You to be identified or that can be correlated to you.

On the other hand, “non-personal” data cannot be correlated to any specific person. By removing identifiable parts from and anonymizing personal data, personal data may be converted into “non-personal data.”

Collection of personal data

We collect, process, and use three types of data:

  • data You provide to Us voluntarily,
  • data We receive when You use Our Services (create an account, publish content, make a purchase, fill any online forms, etc.), and
  • data We receive from third parties.

When required, this data may include the following:

  • Contact information such as e-mail address;
  • Personal details such as first and last name;
  • Account details such as username and password;
  • Your survey answers, critiques, evaluations, or other responses;
  • Connection details such as Your IP address, operating system, browser type, browser version, browser configuration, name of the Internet provider, and any other relevant information regarding Your computer and Internet connection in order to identify the type of Your device, to connect You to the website, to exchange data with Your (mobile) terminal device, or to ensure proper use of the website and an iBrewCoffee application;
  • Any other information input or uploaded by You through the Services (e.g., the information You provide when completing an online form, photos You upload, feedbacks You submit, etc.);
  • Or data We receive when You log in using an identity provider (e.g., if You log in with Facebook, Google, Apple ID, etc.) such as username, e-mail address, first and last name, and profile picture;

Login

You may create an iBrewCoffee user account through the means offered by the Services such as e-mail and password login, connect using a Facebook account, connect using Google account, and/or connect using Apple ID.

By using Our Services, You confirm that You have read Our Privacy Policy and accept Our Terms and Conditions.

Enabling access rights to Your device

For You to be able to use an iBrewCoffee application to the full extent, We will also need certain access rights to Your smartphone. For example, We need access to Your camera or Your photos if You want to attach a photo to a product. When You want to use such a function for the first time, We will ask You whether You grant Us such access rights, or We will ask You to grant Us access by selecting the appropriate settings. Generally, You may revoke such access rights at any time by changing the appropriate settings.

Newsletter

We offer electronic newsletters to which You may voluntarily subscribe at any time. That way, You will receive regular updates about the iBrewCoffee Services. All You need to receive Our newsletter is to provide Us with a valid e-mail address. We are committed to keeping Your e-mail address confidential and will not disclose Your e-mail address to any third parties except as allowed in the use and processing of personal data section or for the purposes of utilizing a third-party provider to send such e-mails.

In compliance with the CAN-SPAM Act, all e-mails sent from Us will clearly state who the e-mail is from and provide clear information on how to contact the sender. If You are no longer interested in receiving the newsletter, You may unsubscribe at any time using the link that is included in each newsletter. However, You will continue to receive essential transactional e-mails.

Website

You will also transfer certain information to Us when You access Our website or iBrewCoffee application(s), e.g., Your IP address. We will also receive data about which terminal device (computer, smartphone, tablet, etc.) You are using, which browser (Internet Explorer, Safari, Firefox, etc.) You are using, the time at which You access the website, the so-called referrer, and the data volume transferred. Such data cannot be used by Us to identify the user. This data is processed for statistical purposes only. Such analyses help Us make Our Services more attractive and, if necessary, to improve Our Services.

Log files

Every time You access Our website, the aforementioned data will be automatically stored in log files. A log file automatically logs all or defined actions on a computer system. Such log files are important, for example, for process control and automation. In the case of databases, a log file tracks changes to the database of correctly executed transactions. In the event of an error (e.g., a system crash), this allows the current dataset to be restored. Log files are also created by web servers. Inter alia, the following data are logged: the address of the accessing computer, authentication fields, date and time of access, access method, the content of HTML access, status code of the web server, and information about the browser and operating system used by the client.

Other possible instances of data collection

Collection of data also happens, for example, when You contact other users or us, i.e., when You open Your iBrewCoffee user account, sign up for a subscription, or use Our Services.

We will collect, process, and use Your personal data and other data to support the delivery of iBrewCoffee Services in accordance with Our Terms and Conditions. In this section, We provide information on the legal basis for Our processing of Your Personal Data as required by Art. 13 and 14 of the GDPR, as well as provide detailed information about the purposes of collection, processing, and use of Your data.

We process Your data based on the Article 6 of the GDPR, relying on the following legal bases:

  • performance of Our Services, Art. 6(1)b
  • legitimate interest relating to Our Services, Art. 6(1)f
  • if You have given Us Your consent to process Your data, Art. 6(1)a
  • if it is necessary for Us to comply with a legal obligation, Art. 6(1)c.

We may also process the data if it is necessary to protect the vital interests of Our users and/or other people, or for the performance of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).

We may also process any of Your Personal Data identified in this Privacy Policy where necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is Our legitimate interests, namely the protection and assertion of Our legal rights, Your legal rights, and the legal rights of others.

In addition to the specific purposes for which We may process Your Personal Data set out in this clause, We may also process any of Your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.

Use and processing of personal data

We do NOT sell or license Your Personal Data to any third party.

We will use personal data You have provided to Us only if and to the extent necessary for providing Our Services and handling of the contract or if You have consented that We may use Your data for the purposes described in this Privacy Policy.

We process and use data (including personal data) You make available to Us voluntarily through the iBrewCoffee Services in various situations (e.g., when You send Us feedback, sign up for a newsletter, create an account, backup Your data, etc.). We also use data that are collected automatically on Our website or through the iBrewCoffee application. Finally, We may also receive data about You from third parties, for example, when another user provides Us with information about you.

We collect, process, and use data for the following purposes:

  • Run and operate the iBrewCoffee Services;
  • Create and manage user accounts;
  • Backup Your data and photos, if applicable;
  • Fulfill and manage orders;
  • Deliver products or services;
  • Improve products and services;
  • Customize products and services;
  • Recognize You when You return to Our Services;
  • Send administrative information;
  • Send marketing and promotional communications;
  • Provide tips, news, and/or updates;
  • Conduct analytics;
  • Track sales data;
  • Respond to inquiries and offer support;
  • Respond to Your queries and requests;
  • Investigate complaints;
  • Request user feedback;
  • Improve user experience;
  • Post customer testimonials;
  • To assess Your right to receive certain types of offers or services;
  • Enforce terms and conditions and policies;
  • Protect from abuse and malicious users;
  • Respond to legal requests and prevent harm;
  • To comply with Our legal obligations to prevent any unlawful use of the website or Asana Rebel application(s), to protect the security of Our Service, to detect and prevent fraud or abuse, to settle disputes, and to enforce Our contracts;
  • For any other purposes to which You have consented in a particular case,
  • or otherwise as permitted by applicable law.

Sharing of personal data

Depending on the requested Services or as necessary to complete any transaction or provide any service You have requested, We may share Your information with Our trusted third parties that work with us, any other affiliates and subsidiaries We rely upon to assist in the operation of the Services available to you.

We do not share Personal Data with unaffiliated third parties. These service providers are not authorized to use or disclose Your information except as necessary to perform services on Our behalf or comply with legal requirements. We may share Your Personal Data for these purposes only with third parties whose privacy policies are consistent with ours or who agree to abide by Our policies with respect to Personal Data. These third parties are given Personal Data they need only in order to perform their designated functions, and We do not authorize them to use or disclose Personal Data for their own marketing or other purposes.

We will disclose any Personal Data We collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when We believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. In the event We go through a business transition, such as a merger or acquisition by another company or sale of all or a portion of its assets, Your user account and Personal Data will likely be among the assets transferred.

List of trusted service providers:

The iBrewCoffee Services contain links to other resources that are not owned or controlled by us. Please be aware that We are not responsible for the privacy practices of such other resources or third parties. We encourage You to be aware when You leave the iBrewCoffee application and Services and to read the privacy statements of each and every resource that may collect Personal Data.

How long We store Your Information

Your Information is kept for as long as necessary to achieve the purposes set out above. Generally, it is stored for as long as You are registered and using Our Services, and then for up to six years from the date You stop using the Services, or promptly following a valid erasure request.

Some information We collect will be stored for longer where We have an overriding legitimate interest to retain such information (for example, information on suspicious behaviour of certain users of Our Services and transaction records). We may use any aggregated data derived from or incorporating Your data after You update or delete it, but not in a manner that would identify You personally.

In some cases, it is not possible for Us to specify in advance the periods for which Your Personal Data will be retained. In such cases, We will determine the period of retention based on Our legitimate interests, namely the proper administration of Our Services. Notwithstanding the other provisions of this Section, We may retain Your Personal Data where such retention is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.

Your data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (‘EEA‘) for the purposes of Us providing the Services. It may also be processed by staff operating outside the EEA who work for us, another corporate entity within Our group, or any of Our suppliers. By submitting Your data, You explicitly consent to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Policy.

When deleting Information, We will take measures to make the Information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.

Data security

Although the transmission of Information via the internet is not completely secure, We strive to minimize this risk as much as possible. We may also take extra steps to protect Your Information and minimize the Information We process, and when We send or receive Your Information, it is encrypted with TLS 1.1 or above. Additionally, We are not responsible for how third party integration services may collect, use or share the Information You send from the Services.

Your data privacy rights

You may exercise certain rights regarding Your information processed by us. In particular, You have the right to do the following:

  • You have the right to withdraw consent where You have previously given Your consent to the processing of Your information;
  • You have the right to object to the processing of Your information if the processing is carried out on a legal basis other than consent;
  • You have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing;
  • You have the right to verify the accuracy of Your information and ask for it to be updated or corrected;
  • You have the right, under certain circumstances, to restrict the processing of Your information, in which case, We will not process Your information for any purpose other than storing it;
  • You have the right, under certain circumstances, to obtain the erasure of Your Personal Information from us;
  • You have the right to receive Your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.

This provision is applicable provided that Your information is processed by automated means and that the processing is based on Your consent, on a contract which You are part of or on pre-contractual obligations thereof.

Data protection rights under GDPR

If You are a citizen of the EU, We have summarized the rights that You have under the General Data Protection Regulation (GDPR) in this Section. Some of the rights are complex, and not all of the details have been included in Our summaries. Accordingly, You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

In certain circumstances, You have the following data protection rights:

  • You have the right to request access to Your Personal Information that We store and have the ability to access Your Personal Information.
  • You have the right to request that We correct any Personal Information You believe is inaccurate. You also have the right to request Us to complete the Personal Information You believe is incomplete.
  • You have the right to request the erase Your Personal Information under certain conditions of this Policy.
  • You have the right to object to Our processing of Your Personal Information.
  • You have the right to seek restrictions on the processing of Your Personal Information. When You restrict the processing of Your Personal Information, We may store it but will not process it further.
  • You have the right to be provided with a copy of the information We have on You in a structured, machine-readable and commonly used format.
  • You also have the right to withdraw Your consent at any time where the Operator relied on Your consent to process Your Personal Information.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Information. For more information, please contact Your local data protection authority in the European Economic Area (EEA).

California Privacy Rights

If You are a California resident, California Civil Code Section 1798.83 permits You to request and obtain from Us information regarding the disclosure of Your Personal Data to the third parties for direct marketing purposes in the preceding calendar year, free of charge, once a year.

We do not share Your Personal Data with third parties for those parties’ direct marketing use. For more information about Our privacy and data collection policies, You may wish to review Our Privacy Policy.

How to exercise these rights

Any requests to exercise Your rights can be directed to Us through the contact details provided in this document. Please note that We may ask You to verify Your identity before responding to such requests. Your request must provide sufficient information that allows Us to verify that You are the person You are claiming to be or that You are the authorized representative of such person. You must include sufficient details to allow Us to properly understand the request and respond to it. We cannot respond to Your request or provide You with Personal Information unless We first verify Your identity or authority to make such a request and confirm that the Personal Information relates to you.

iBrewCoffee website does not use cookies.

How We respond to DNT signals

Your browser settings may allow You to automatically transmit a Do Not Track signal to websites and other online services You visit. We do not alter Our practices when We receive a Do Not Track signal from a visitor’s browser because We do not track Our visitors to provide targeted advertising. To find out more about Do Not Track, please visit https://www.allaboutdnt.com.

Privacy of children

We do not knowingly collect any Personal Information from children under the age of 16. The Services are intended for use only by persons who are at least 16 years of age. By using the services, You confirm to Us that You meet this requirement. If You are under the age of 16, You confirm You have received permission from Your parent or guardian before using the Services or sending Us personal information.

If We discover that a child under the age of 16 has provided Us with Personal Data and We do not have parental consent, We will immediately delete that child’s information.

Assignment

We may change Our ownership or corporate organization while providing the Services. As a result, please be aware that in such event, We may transfer some or all of Your information to a company acquiring all or part of Our assets or to another company with which We have merged. Under such circumstances We would, to the extent possible, require the acquiring party to follow the practices described in this Privacy Policy, as it may be amended from time to time. Nevertheless, We cannot promise that an acquiring company or the merged company will have the same privacy practices or treat Your information the same as described in this Privacy Policy.

Data breach

In the event We become aware that the security of the Services has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, We reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, We will make reasonable efforts to notify affected individuals if We believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When We do, We will send You an e-mail.

Changes

This Privacy Policy may change as We continuously improve the Services, so please check it periodically. We reserve the right to modify or amend the Privacy Policy from time to time without notice. Your continued use of the Services following the posting of changes to these terms will mean You accept those changes. If We intend to apply the modifications or amendments to this Privacy Policy retroactively or to Personal Data already in Our possession, We will provide You with notice of the modifications or amendments.

Contact details of the Data Controller and Data Protection Officer

If You have questions or concerns regarding this policy or if You need to make a request please contact Us at:

E-mail:
privacy@ibrew.coffee

Contact Data Controller:
privacy@ibrew.coffee

Contact Data Protection Officer:
privacy@ibrew.coffee

This document was last updated on November 1, 2020