fbpx

Privacy Policy

PRIVACY POLICY OF KLAROCOFFEE.COM WEBSITE

§ 1. DEFINITIONS

The Privacy Policy on the website https://klarocoffee.com/ has been created and adopted by Anna Pyskun Klaro Coffee. Personal data collected via the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and the Personal Data Protection Act of 10 May 2018. The terms used in the Policy mean:

  • Administrator: Anna Pyskun Klaro Coffee, Tax Number: PL1182293941, National Business Registry Number: 540118870, Address: ul. Mickiewicza 37/58, 01-625 Warsaw
  • Personal Data: any information relating to an identified or identifiable living natural person. Specific information when combined with other data that can lead to the identification of an individual also constitutes personal data. Information about an identified or identifiable natural person through one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, online identifier, and information collected through cookies and other similar technology.
  • Policy: this Privacy Policy.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Website: the website operated by the Administrator at https://klarocoffee.com/.
  • User: any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

§ 2. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the offered services. Below are the detailed rules and purposes for processing Personal Data collected while using the Website. The information collected by the Administrator includes name, surname, email address, correspondence address, phone number, and date of birth. Providing personal data is voluntary; however, the Administrator informs users that unless otherwise specified in the respective forms (e.g., that providing data is optional), it is not possible to use the Website anonymously. Therefore, refusal to provide data may result in the inability to enter into a contract (process an order).

To create a customer account on the Website providing mandatory data is necessary:

  • For individuals not conducting business activities:
    • name and surname
    • residential address
    • email address
    • phone number
  • For entrepreneurs and organizations:
    • name and surname
    • company or organization name
    • business address
    • email address
    • phone number
    • tax identification number (NIP)

The Administrator ensures that personal data is:

  • processed lawfully, fairly, and transparently;
  • collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • stored in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the data is processed;
  • processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

§ 3. PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA ON THE WEBSITE

Using the Website: Personal data of all persons using the Website is processed by the Administrator:

  • For the purpose of providing electronic services in the scope of enabling Users to make purchases on the Website, maintaining a customer account on the Website, ensuring contact in connection with the performance of services, and making payments, the legal basis for processing is the necessity of processing for the performance of the contract (Art. 6(1)(b) GDPR);
  • For the purpose of establishing, exercising, or defending claims, the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), which consists of protecting its rights.

Contact Form: The Administrator provides the possibility of contacting him using an electronic contact form. Using the form requires providing the personal data necessary to contact the User and respond to the inquiry. The User may also provide other data to facilitate contact or the handling of the inquiry. Providing the data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to handle the inquiry. Providing the remaining data is voluntary. Personal data is processed to identify the sender and handle his inquiry sent through the provided form; the legal basis for processing is the necessity of processing for the performance of the service contract (Art. 6(1)(b) GDPR); in the scope of data provided optionally, the legal basis for processing is consent (Art. 6(1)(a) GDPR).

Marketing: The User’s personal data may also be used by the Administrator to direct marketing content to him via email, including in the form of a newsletter. Such actions are taken by the Administrator only if the User has given his consent, which can be withdrawn at any time. Personal data is processed:

  • For the purpose of sending the requested commercial information, the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) in connection with the expressed consent;
  • For analytical and statistical purposes, the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), which consists of conducting analyses of Users’ activity on the Website to improve the functionalities used.
  • Data requested by public authorities or authorized entities based on legal provisions. In exceptional situations, personal data may be disclosed at the request of public authorities or entities authorized under the law (Art. 6(1)(c) GDPR).

§ 4. COOKIES

The Administrator uses cookies on the Website. The purposes and principles regarding the use of cookies are outlined in the Cookie Policy.

§ 5. DURATION OF PERSONAL DATA PROCESSING

The duration of data processing by the Administrator depends on the type of service provided and the purpose of processing. Data is generally processed for the period of providing the service until the withdrawal of the expressed consent or the submission of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator. The data processing period may be extended if the processing is necessary to establish, exercise, or defend any potential claims and after that period only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized. For data processed by authorized entities based on legal provisions (public authorities), data will be processed until the fulfillment of the legal obligations imposed on the Administrator.

§ 6. USER RIGHTS

The User has the right to access the data content and request its:

  • rectification
  • deletion
  • restriction of processing
  • data portability
  • the right to lodge a complaint with a supervisory authority dealing with data protection, i.e., the President of the Personal Data Protection Office.

The User also has the right to object to the processing of data which is based on the legitimate interest of the Administrator. The User is aware that raising an objection to the processing of personal data required to use the Website (including placing orders) will result in the inability to process the order, for which the Administrator is not responsible. In the case of objection to the processing of personal data for direct marketing purposes, the User’s data will no longer be processed for such purposes. However, this right does not affect the correctness of the processing carried out before the objection was raised. To exercise the rights mentioned in this paragraph, the User should send an appropriate email message to the Administrator at info@klarocoffee.com.

§ 7. RECIPIENTS OF PERSONAL DATA

In connection with the provision of services, personal data will be disclosed to external entities, including, in particular:

  • IT service providers (hosting, email) enabling the proper use of the Website;
  • entities providing accounting, bookkeeping, and legal services to the Administrator (accounting firms, law firms);
  • entities handling the fulfilment of orders on the Website (courier and shipping companies);
  • mobile payment operators and banks.

Furthermore, personal data will be processed by authorised employees and collaborators who use the data to fulfil the purpose of the Website’s operation. In the event of obtaining the User’s consent, his data may also be disclosed to other entities for their own purposes, including marketing purposes. The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who request such information based on an appropriate legal basis and in accordance with applicable law. The Administrator does not transfer personal data outside the European Economic Area.

§ 8. DATA SECURITY

The Administrator continuously conducts risk analysis to ensure that personal data is processed securely, ensuring, above all, that access to the data is only granted to authorised persons and only to the extent that it is necessary for their tasks. The Administrator ensures that all operations on personal data are recorded and performed only by authorised employees and collaborators. The Administrator takes all necessary actions to ensure that his subcontractors and other collaborating entities provide guarantees of applying appropriate security measures whenever they process personal data on behalf of the Administrator. The Administrator takes special care to protect the interests of data subjects and, in particular, ensures that the data collected by him is:

  • processed lawfully,
  • collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
  • factually correct and adequate in relation to the purposes for which it is processed,
  • stored in a form that permits the identification of data subjects for no longer than is necessary to achieve the purpose of processing.

§ 9. FINAL PROVISIONS

The Privacy Policy is constantly reviewed and, if necessary, updated to reflect current processing practices or changes in the law. The latest version of the Policy is always available on the Website. The Privacy Policy has been updated on 01/09/2024.

Shopping Cart
Scroll to Top