Privacy Policy - BICADORO Cafes

Objective and responsible party
This data protection declaration clarifies the nature, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the websites, functions and content connected with it (hereinafter jointly referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

The provider of the online offer and the entity responsible for data protection is the
Frankfurter Kaffeerösterei GmbH & Co. KG, represented by the managing partner:

Frankfurter Kaffeerösterei Verwaltungs- GmbH, represented by the managing director: Peter Gerigk.
Platform of the EU Commission for online dispute resolution: www.ec.europa.eu/consumers/odr
Sales tax identification number according to §27 a Umsatzsteuergesetz: DE293818776

Phone: +49 (0) 69 39 090 630, Fax: +49 (0) 69 39 090 633
E-Mail: info(at)frankfurter-kaffeeroesterei.de

Contact to the data protection officer: Peter Gerigk, pg(at)espresso-store.de
Link to imprint: https://frankfurter-kaffeeroesterei.de/impressum

Types of data processed
Inventory data (e.g., names, addresses).
Content data (e.g. text input, photographs, videos).
Contact data (e.g., email, phone numbers).
Meta/communication data (e.g., device information, IP addresses).
Usage data (e.g. web pages visited, interest in content, access times).
Location data (data indicating the location of an end user’s terminal device).
Categories of data subjects.

Communication partners
Users (e.g., website visitors, users of online services).
Purposes of processing
Provision of our online services and user experience.
Contact requests and communication.
Contractual performance and service.

Applicable legal bases
In the following, we share the legal bases of the General Data Protection Regulation (DSGVO) on the basis of which we process personal data. Please note that in addition to the regulations of the DSGVO, the national data protection regulations in your or our country of residence and domicile may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Art. 6 para. 1 p. 1 lit. a DSGVO).
The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.

Performance of a contract and pre-contractual requests (Art. 6 (1) p. 1 lit. b. DSGVO) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request.

Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO)
Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this will only be done in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we only process or allow data to be processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. The primary purpose of a cookie is to store information about a user during or after his visit within an online offer. Stored information may include, for example, language settings on a website, login status, a shopping cart, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following cookie types and functions are distinguished:
Temporary cookies (also: session cookies):
Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.
First-party cookies: First-party cookies are set by ourselves.
Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).

Notes on legal basis
The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period
Unless we provide you with explicit information about the storage period of permanent cookies (e.g. in the context of a so-called cookie opt-in), please assume that the storage period can be up to two years.

Processing of cookie data on the basis of consent
Before we process or have data processed within the scope of the use of cookies, we ask users for consent that can be revoked at any time. Before the consent has not been expressed, cookies are used at most, which are absolutely necessary for the operation of our online offer.

Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Contact
When contacting us (e.g. via contact form, email, telephone or via social media), the information of the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.The response to contact inquiries in the context of contractual or pre-contractual relationships is made to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise based on the legitimate interests in responding to the inquiries.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos).
Data subjects: Communication partners.
Purposes of processing: contact requests and communication.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Plugins and embedded functions and content
We incorporate into our online offering functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as “content”). The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the presentation of these contents or functions.

We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer as well as be linked to such information from other sources.

Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data can also be found in the individual data protection notices of this data protection declaration.

Change and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification. If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Right to withdraw consent: You have the right to revoke any consent given at any time.

Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data and further information and a copy of the data in accordance with the legal requirements.

Right to rectification: you have the right, in accordance with the law, to request that the data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.

Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transfer to another controller.

Complaint to the supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Definitions of terms
This section provides you with an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller: “Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Processing: “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.

[As of: 01.09.2023]