Privacy Policy

The protection of your personal data is our top priority, which is why we only use your data in strict compliance with the applicable data protection principles.

From 25 May 2018, the provisions of the EU General Data Protection Regulation (hereafter: GDPR) will apply throughout Europe. Please read our data protection regulations carefully. If you have any questions or comments about our data protection regulations, please do not hesitate to contact us at the email address below.

1. Overview

The following notes on data security inform you about the type and scope of processing of so-called personal data by Circle Products GmbH, Lindower Str. 18, 13347 Berlin (hereinafter referred to as „Coffee Circle“, „we“, „us“ or „our“). Personal data is information that is or can be directly or indirectly assigned to you as an individual. The use of our websites www.coffeecircle.com, www.coffeecircle.at and www.coffeecircle.ch, as well as all related sites, applications and services (collectively referred to as „Websites“) are subject to these data protection regulations. By creating a customer account, placing orders as a guest and as an existing customer, you agree to these data protection regulations by means of a corresponding declaration and expressly consent to the processing, use and disclosure of your personal data in the manner described here.

Data processing by Coffee Circle can essentially be divided into two categories:

  • For the purpose of executing or preparing the contract, all data necessary for the execution of a sales contract with Coffee Circle will be processed. If external service providers are also involved in the execution of the contract, e.g. payment service providers, shipping service providers, optimisation services, hosters, etc., your data will be passed on to them to the extent necessary in each case.
  • When you access our websites, various information is exchanged between your device and our server or the server of the services we use. This may also involve personal data. The information collected in this way is used, inter alia, to further optimise our websites.

According to the requirements of the GDPR, you have various rights which you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes. The option to object is highlighted in each case so that it is easier to find. Further information about your rights can be found below in an extra paragraph and additionally in the individual descriptions of the respective data processing. As a matter of principle, we process personal data only in accordance with the applicable statutory storage and safekeeping obligations or until the cessation of its intended purpose.

Due to the protection of minors and data privacy, we have decided that our offer should only be available to persons over the age of 16. If you have not yet reached this minimum age, you can only make use of our offers if and insofar as your parents have expressly consented to this and you have provided us with sufficient proof of this consent.

2. The name and contact details of the data controller and of the company data protection officer

These data protection regulations apply to data processing through the above-mentioned websites. Our company data protection officer can be reached at the following address: Circle Products GmbH, Lindower Str. 18, 13347 Berlin, Data Protection Department, or at datenschutz@coffeecircle.com erreichbar.

3. Purposes of data processing, legal bases and legitimate interests pursued by us or a third party as well as categories of recipients

3.1 Accessing our offer

When you visit our websites, the page and the browser used on your device automatically send information to our servers and temporarily store it in a so-called log file. The following information is recorded without any action on your part and stored in the log file until it is deleted either automatically or manually:

  • the IP address of the device used
  • the date and time of access
  • the name and URL of the retrieved file, the website/app from which the access was made (referrer URL),
  • the unique identifier of the browser you are using
  • the name of your Internet provider (where applicable)

The processing of the above-mentioned data takes place on the basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on the data collection purposes listed below. At this point we would like to point out that we cannot and do not draw any conclusions about your identity from the data collected. The IP address of your device and the additional data listed above will be used by us for the following purposes:

  • ensuring a smooth connection setup
  • ensuring the convenient use of our offer
  • evaluating system safety and stability
  • further administrative purposes

The data is stored in accordance with the statutory retention periods and then automatically deleted. We also use so-called cookies, tracking tools, targeting processes and interfaces to other services such as social media platforms, payment services or CRM systems to facilitate our offer. The exact procedures involved and how your data is used for this purpose are explained in more detail in Section 4 below.

3.2 Data processing for handling of payments

For the purpose of fulfilling the contract and, above all, for the purpose of payment handling, we provide transaction data on the basis of Art. 6 Para. 1 lit. b) GDPR, such as:

  • Name,
  • Address,
  • E-Mail Address,
  • Account Number
  • BLZ
  • (when applicable) Credit Card Number
  • Invoice amount
  • Currency und
  • Transaction Number

to your chosen payment service provider (e.g. PayPal, Adyen, credit card company, etc.). The submission of this data is necessary in order for us to process your order. The data is used exclusively for the execution and realisation of payment processing and is transmitted securely via SSL encryption. Our service providers are PCI DSS certified. They may transfer, process and store personal data outside the EU. For more information, please check the privacy policy of your service provider.

3.3 Data processing for customer support and customer care

3.3.1 Information Purposes

If you have opened a customer account with us, you will be registered in our system as an existing customer. In this case, we process your contact details in order to send you occasional information about new products, special offers, enhanced or improved features, etc.

3.3.2 Targeted advertising

To ensure that you only receive information that is of likely interest to you, we categorise and add further information to your customer profile. Both statistical and personal information (e.g. master data or basic data of your customer profile) is used for this purpose. We aim to optimise our offer to suit your personal interests and needs with regard to your coffee preferences and to provide you with appropriate recommendations and information as well as to keep you informed about news and other events. In this way, we can ensure that you aren’t bothered with irrelevant offers and promotions.

The aforementioned processing operations are in accordance with Art. 6 para. 1 lit. f) GDPR and Art. 7 para. 3 UWG (German Act against Unfair Competition) respectively. According to recital 47 of the GDPR, the processing of existing customer data for own advertising purposes is to be regarded as a recognised legitimate interest. You may object to this processing at any time with effect for the future. To do this, simply click on the unsubscribe button in the respective email or send a brief message by email. To do this, please use the contact options provided by our company data protection officer.

3.3.3 Customer support and the CRM tool Emarsys

For customer administration and marketing campaigns, we use the CRM services of Emarsys Interactive Services GmbH (hereinafter referred to as „Emarsys“), Stralauer Pl. 34, 10243 Berlin, in accordance with Art. 6 para. 1 lit. a) and b) GDPR. Specifically, we use the Emarsys analysis module to compile our customised email newsletter, which evaluates both your use of our newsletter and our website. Emarsys thus enables us to check whether and how the newsletters we send are opened and used, e.g. the number of users to whom an email was sent, whether emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are purely group-based and are not used by us for individual evaluation. For this purpose, we transmit the following personal data of the respective users to Emarsys:

  • E-Mail Address,
  • Surname, first name
  • Verification status of the customer account
  • Account status
  • Aggregated information on the history of the customer account, if applicable
  • Contact opt-ins
  • Initial registration date
  • Currency
  • Customer number
  • Regional segment, or
  • Affiliate ID, if applicable

The data is transferred to an Emarsys server, where it is stored and checked. The data will only be used for the above mentioned purposes. This information may be transferred to third parties if this is required by law or if third parties process this data on their behalf. You can find further information on data protection at Emarsys here: https://www.emarsys.com/en/privacy-policy/

3.3.4 Customer support via Zendesk

In order to process customer service, support and other user enquiries, we use the ticketing system of Zendesk Inc. (hereinafter „Zendesk“), 1019 Market St, San Francisco, CA 94103, USA, in accordance with Art. 6 para. 1 lit. b) GDPR. If you submit a support request via one of our channels (e.g. contact form, live chat, email, etc.), the following data – depending on the content and selected contact channel – will be processed via the Zendesk servers:

  • The information entered by you
  • Name
  • E-Mail Address
  • Browser information
  • IP Address

Zendesk is certified according to the Privacy Shield Framework and thus meets the European standards for legally compliant order data processing. Additional information on data processing by Zendesk can be found in Zendesk’s Privacy Policy. If you have any questions, you can also contact Zendesk’s data protection officer directly: privacy@zendesk.com

3.3.5 Newsletter and Coffee Expert Mailings

We offer interested customers the opportunity to subscribe to our newsletter or coffee expert mailing via our website. This enables us to keep our customers up to date with the latest developments, such as special promotions, exciting information about the world of coffee, recipes, etc. To ensure that the email address provided corresponds to the customer in question, we use the double opt-in procedure: After entering your email address in the registration field, we will send you a confirmation link. Only when you click on this link will your email address be added to our mailing list. We store the data collected during this process solely for documentation and verification purposes. In particular, this includes:

  • the email address provided
  • the IP address of the device used
  • the date and time of registration
  • the manner of address
  • the date, content and time of the confirmation email
  • the IP address of the device used for the confirmation
  • the date and time of your confirmation

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. This processing is necessary in order to meet your request. We store this data until the end of the statutory limitation periods, in order to document the legality of the newsletter dispatch. After the respective limitation period has expired, we retain the personal data required by law for the periods specified by law. You can object to this processing at any time with effect for the future. All you need to do is click on the unsubscribe button in the respective email or send us a brief message via email. To do this, please use the contact options provided for our company data protection officer.

3.3.6 Contact Form

In the event that a visitor’s request or concern is not answered in our comprehensive FAQ section, we also offer the option of contacting us directly through our contact form. If you choose to get in touch via the contact form, we will process the following data for the purpose of handling your request:

  • name and surname provided
  • the subject of your request
  • email address provided
  • telephone number, if applicable
  • the subject line
  • the concern you have described
  • the IP address of the device used
  • the date and time of the request

This data processing is in accordance with Art. 6 para. 1 lit. b) GDPR. This processing is necessary for the purpose of fulfilling your request. The data may be stored in a CRM system such as Zendesk (see above). Enquiries will be deleted if their storage is no longer necessary. You can object to this processing at any time with effect for the future. For this purpose, a short notification by email is sufficient. If you wish to exercise this right, please use the contact details of our company data protection officer provided.

3.3.9 Comments Function

On our website we operate a blog, where we provide our visitors and all coffee lovers with comprehensive information about coffee. You can comment on any of the blog entries. For this we use the discussion tool Disqus (hereinafter „Disqus“), a service of Disqus Inc., 717 Market St, San Francisco, CA 94103, USA, on the basis of Art. 6 para. 1 lit. b) GDPR. To leave a comment, you can log in using either your Disqus account or one of the services displayed there. To register, you will be redirected to the server of the selected service, where you can register with your usage data. This will link your profile to our offer. If you use this simplified login function, you agree that we may collect the following master data via the respective service, in particular:

  • Name,
  • location,
  • birthday,
  • gender,
  • E-Mail Address,
  • time zone,
  • friends und
  • profile photo

This processing serves the purpose of simplified login and customer communication. Such processing is necessary for the execution of the comments function, in order to be able to identify you. If you use the simplified login, the respective service can also collect and process information about your use of the Disqus functions. The purpose and scope of the data collection by the respective service and the further processing and use of this data, as well as your rights and setting options in this regard to protect your privacy, can be found in the respective data protection information of the service through which you have set up your account, e.g. Facebook. For more information about Disqus‘ privacy practices, please refer to their Privacy Policy.

3.3.10 Authorization via Auth0

For identifying our customers based on Art. 6 Abs. 1 lit. b) DSGVO, we use the authorization and authentication platform Auth0 (headquarter in 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA). For that purpose we send the following personal data to Auth0:

  • email address,
  • first name and surname, if applicable
  • password.

The data is transferred to a cloud server of Auth0, then processed and validated. The data is used only for the mentioned purposes. Some information may be transferred to third party entities, if legally obligated and if the entities are processing the data on behalf. We signed a data processing agreement with Auth0 based on Art. 28 DSGVO, in which Auth0 agrees to process the data only within the agreed scope and comply with the data privacy standards of the European Union. Further information about the privacy policy of Auth0: https://auth0.com/de/gdpr

3.4 Data processing on conclusion of the contract, for implementation and termination of the contract

We love coffee and see ourselves as ambassadors for this wonderful bean. Our goal is to make as many people as possible happy with our products. If you have decided to order a bean from us, we will process the data required for the conclusion, execution or termination of such a (purchase) contract. In particular, this includes:

  • email address
  • first name and surname, if applicable
  • delivery or residential address
  • billing and payment data

The legal basis of this processing activity is Art. 6 para. 1 lit. a) and b) GDPR. Insofar as we do not use your contact data for customer support or customer care (see 3.3), we store the data collected for contract processing until the cessation of its intended purpose or until the expiry of possible contractual rights of revocation, warranty and guarantee. After the expiry of this period, we will retain the personal data required by law for the periods specified by law. For this period (usually six to ten years from the conclusion of the contract), the data will be processed again solely in the case of verification by the tax authorities.

4. Data processing for the provision of our services

In the following you will find information about the data processing required for the provision of our services:

4.1 Website Optimisation

We will not sell or rent your data to any third party for marketing purposes without your explicit consent. Only in order to provide our customers with the best possible customer experience, to periodically improve the quality of our services and to protect the interests of our customers we may disclose certain information to third parties under certain circumstances. However, the disclosure will always be subject to strict restrictions as described below:

4.2 Cookies – General Information

Change your cookie preferences here: Cookie-Settings

We use so-called cookies on our website in accordance with Art. 6 Para. 1 lit. f) GDPR. Our interest in optimising our offers is thereby deemed justified within the meaning of the aforementioned provision. Cookies are small files which are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you use our services. Cookies do not cause any damage to your terminal device and do not contain any viruses, Trojans or other malware. The cookie is used to store information that arises in connection with the specific end device used. However, this does not mean that we will immediately receive information about your identity.

On the one hand, the use of cookies serves to make the use of our offer more convenient for you. For example, we use so-called session cookies to detect whether you have already visited individual pages on our website or have already logged in with your customer account. If you use our offer again at a later point in time, the cookie will automatically recognise that you have previously accessed our site and which entries and settings you made, thus saving you from having to enter them again. In addition, we also use temporary cookies for the purpose of enhancing usability, which are stored on your terminal for a specified period of time. These are automatically deleted when you leave our site. If you already have a customer account and are logged in, the information stored in the cookies will be assigned to your customer account.

On the other hand, we also use cookies to collect statistics on the use of our offers and to evaluate them for optimisation purposes, as well as to display information specifically tailored to you. These cookies enable us to automatically recognise that you have already visited our site when you visit it again. They are automatically deleted after a defined period of time.

Most browsers accept cookies automatically, but you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. You can also use the Network Advertising Initiative’s Opt-out-Option. Please note that if you disable cookies completely, the full functionality of our offers may not be available to you. The length of time cookies are stored depends on their purpose and varies accordingly.

4.3 Google Analytics

For the purpose of tailoring our offer to meet demand and for continuous optimisation, we use Google Analytics, the analysis service of Google Inc. („Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of Art. 6 para. 1 lit. f) GDPR. Google uses cookies to create pseudonymised user profiles.

The information generated by the cookie about your use of our web pages, such as:

  • browser type/version,
  • operating system used,
  • referrer URL (previously visited page),
  • host name of the accessing computer (IP address),
  • time of server request,

are transferred to a Google server in the USA and stored there.

The information is used to evaluate the use of our offers, to compile reports on our activities and to provide other services related to the use of our offers for the purposes of market research and needs-based design. This information may also be transferred to third parties if this is required by law or insofar as third parties process this data on behalf of Coffee Circle. Under no circumstances will your IP-address be combined with other Google data. The IP addresses are anonymised, so that an assignment is not possible (so-called IP masking).

You can prevent the installation of cookies in advance by setting your browser software accordingly or object to further processing via the cookie by clicking the Opt-Out link. However, we would like to point out that in this case, the full functionality of our offers may not be available to you. You can also prevent the collection of data generated by the cookie and related to your use of our services (including your IP address) and the processing of this data by Google by downloading and installing this browser extension.

4.4 Google Tag Manager

With the Google Tag Manager we manage website tags (website code). These make it easier for us to manage and develop our offering and shorten your loading time. The Google Tag Manager only implements website code. The Google Tag Manager does not set cookies and does not collect any personal data. The tool simply integrates the website code that we have stored elsewhere, which may be used to record data. The tool thus serves only to facilitate the control of the respective code, but does not itself access the data processed by the code. We will inform you about all integrated tags in this privacy policy. Further information about the Google Tag Manager and the usage guidelines can be found on the Google pages.

4.6 Bugsnag

We want to offer our visitors the best possible experience, which is why we are constantly improving and developing our websites. Nevertheless, it is impossible to eliminate all malfunctions, e.g. due to programming errors, from the outset. We therefore use Bugsnag, a technical error analysis tool from Bugsnag Inc. (hereinafter „Bugsnag“), 939 Harrison St, San Francisco, CA 94107, USA. The tool helps us to analyse, evaluate and categorise errors. In order to improve the accessibility and technical stability of our websites by monitoring functionality, system stability and code error detection, we may automatically send the following information to Bugsnag in the event of a software error:

  • device information (operating system, browser version, browser type),
  • the IP address of the device used,
  • details of the page visited at the time of the error,
  • time at which the error occurred.

The legal basis for the aforementioned processing operations is Art. 6 (1) (f) GDPR. We do not evaluate this data for advertising purposes. The data will be collected anonymously without any reference to individuals and will be subsequently deleted.

This analysis helps us to further improve our website and fix undetected code errors. This processing is in our legitimate interest, as the data is used solely for the purpose of error identification and analysis. You can prevent the installation of cookies in advance by setting your browser software accordingly or object to this processing by deleting cookies in your browser settings. For more information on data processing and how Bugsnag works, please refer to Bugsnag’s privacy policy.

4.7 Facebook Pixel and Cookies

In order to measure, customise and optimise our Facebook campaigns, we use the so-called Facebook Pixel from Meta Platform Ireland Ltd. (hereinafter referred to as „Facebook“), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, pursuant to Art. 6 para. 1 lit. f) GDPR. This pixel is embedded in the code of our web pages and enables us to ensure that the Facebook ads we initiate are only displayed to Facebook users who have shown an interest in our services. This ensures that our Facebook ads reflect the potential interest of each user and that our users are not bothered by irrelevant content. Additionally, it enables us to track the actions of Facebook users after they have seen or clicked on one of our Facebook ads. This helps us accurately measure the conversion of each campaign for statistical, market research and billing purposes. Through the use of the Facebook Pixel, the following information is processed:

  • timestamp,
  • URL,
  • campaign-related information (in particular, specification of the impression, form field and activated button).

The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. According to recital 47 of the GDPR, the processing of such data for behavioural and interest-based advertising purposes is to be regarded as our recognised legitimate interest. The data is stored in accordance with the statutory retention periods and then automatically deleted. Please be advised that if you have a Facebook account, this information may be stored and processed by Facebook and may be used by Facebook for their own promotional purposes in accordance with Facebook’s Data Usage Policy. More information about Facebook Pixel can be found here. The processing of your data in connection with Facebook is performed on the basis of your consent. You can opt out of this particular data processing at any time by either changing your Facebook settings accordingly or simply informing us that you do not wish such processing to take place in the future. To do this, please use the contact information provided by our data protection officer. Please be aware that the declared objection only applies to the device used and has no influence on the legitimacy of the processing carried out on the basis of the consent prior to the revocation. For more information, please see Facebook’s Data Policy and information about protecting your privacy.

4.8 Youtube Integrations

On our websites we offer our visitors and customers an extensive range of information on the subject of coffee. In addition to texts and images, we also provide informative videos, e.g. in our blog posts. For this we use Youtube integrations, a service of Youtube, LLC (hereinafter „Youtube“), 901 Cherry Ave. San Bruno, CA 94066, USA, in accordance with Art. 6 Para. 1 lit. f) GDPR. To this end, when you visit the respective page, we set a cookie from Youtube which establishes a connection to YouTube‘ servers. The information generated by the cookie about your use of our website, such as:

  • browser type/version,
  • operating system used,
  • referrer URL (previously visited page),
  • host name of the accessing computer (IP address),
  • time of server request
  • visited website or subpage,

is transferred to a Youtube server in the USA and stored there.

The processing necessary to improve our web pages by enriching and complementing the website content with informative videos is to be regarded as our legitimate interest. You can prevent the installation of cookies in advance by changing the appropriate settings in your browser software, or object to this processing by deleting cookies in your browser settings or by changing the corresponding settings in the Google data protection centre. You can find more information about the collection and use of data by Youtube and Google, and about your rights and options for protecting your privacy in this regard under the Youtube Privacy Policy.

4.9 Google Adwords Conversion-Tracking

To manage and improve our campaigns, we use the online advertising program „Google AdWords“ and the analysis tool Conversion-Tracking, a service of Google Inc. (hereinafter „Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of Art. 6 para. 1 lit. f) GDPR. When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. The information generated by the cookie, such as:

  • the clicked advertisement,
  • browser type/version,
  • operating system used,
  • location,
  • referrer URL (previously visited page),
  • host name of the accessing computer (IP address)
  • time of the server request,

is transferred to a Google server in the USA and stored there.

These cookies become invalid after 30 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google may recognize that you clicked on the ad and were directed to that page. Each Google AdWords client receives a different cookie. As a result, there is no way that cookies can be tracked through the advertisers‘ websites. The information collected through the cookie is used to compile conversion statistics for us as an AdWords customer. This tells us the total number of users who clicked on our advertisement and were directed to a page with a conversion tracking tag. However, we receive no information that personally identifies users. According to recital 47 of the GDPR, this processing for behavioural and interest-based advertising purposes is to be regarded as our recognised legitimate interest.

You can prevent this processing in advance by deactivating the installation of cookies in your browser settings or by setting your browser to refuse cookies specifically from the „googleadservices.com“ domain. You can also object to this processing by setting the slider bar in the Google settings to „Off“.

4.10 Google Dynamic Remarketing

On the basis of Art. 6 para. 1 lit. f) GDPR, we use the remarketing or „Similar Audience targeting“ tool of Google Inc. (hereinafter „Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function is used to analyse visitor behaviour and interests. Google uses cookies to analyse website usage, which forms the basis for creating interest-related advertisements. Cookies are used to record visits to the website, as well as anonymous data on the use of the website. No personal data relating to our website visitors will be stored. If you subsequently visit another website on the Google advertising network, you are likely to see advertisements that relate to previously accessed product and information categories and may be similar to them.

Your data may be processed via the Google servers in the USA. According to recital 47 of the GDPR, the processing of such data for behavioural and interest-based advertising purposes is to be regarded as our recognised legitimate interest.

You can object to this data processing at any time by downloading and installing this browser add-on. You can also permanently disable the use of third-party cookies by configuring the opt-out page of the Network Advertising Initiative accordingly. For more detailed information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/.

4.12 Google Optimize

With a view to designing and continuously optimising our websites in line with demand, we use the analysis service Google Optimize, a web analysis service of Google Inc. (hereinafter „Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – and part of Google Analytics, on the basis of Art. 6 para. 1 lit. f) GDPR. Google uses a cookie to enable the analysis of page views and page activity by you. The information generated by the cookie about your use of our websites, such as:

  • your user behaviour on our websites,
  • browser type/version,
  • operating system used,
  • referrer URL (previously visited page),
  • host name of the accessing computer (IP address)
  • time of the server request,

are transferred to a Google server in the USA and stored there.

You can prevent the installation of cookies in advance by setting your browser software accordingly or you can object to this processing by deleting cookies via your browser settings. Click on the following link for more information about Google’s privacy policy.

4.13 Trusted Shops

To display our Trusted Shops seal of approval and collected customer reviews as well as to offer Trusted Shops products to buyers after they have placed an order, the Trusted Shops Trustbadge is integrated on this website. This serves the protection of our interests in optimal marketing of our offer, in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. The Trustbadge and associated advertised services are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains information such as your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data), and documents the access. These access data are not evaluated and are automatically overwritten no later than seven days after the conclusion of your page visit.

Further personal data will only be transferred to Trusted Shops if you have consented to this, have decided after completing an order that you wish to use Trusted Shops products or have already registered for use. In this case the contractual agreement between you and Trusted Shops applies.

4.14 Posthog

We use functions of the Posthog service in our service. These functions are offered by Posthog Inc., 965 Mission Street, San Francisco, CA 94103 USA. Posthog may record and report your behavior on our website. The storage of this data is limited in time and is used exclusively to improve our service based on your needs.

For more information, see Posthog’s privacy policy: https://posthog.com/privacy

4.15 Outbrain

This website uses technology from Outbrain Inc. („Outbrain“, 39 W 13th Street New York, NY 10011 USA), which makes it possible to specifically reach those Internet users who have already shown interest in our offers on the sites of our partners and to collect data about them. The technology depends on a cookie-based analysis of user behavior. This advertising appears only on Outbrain advertising spaces, either on Outbrain Engage advertising spaces or on the Outbrain Extended Network. If you do not wish to be shown interest-based advertising, you can disable this feature here.

4.16 Pinterest Tag & Cookies

In order to measure, customise and optimise our Pinterest campaigns, we use the so-called Pinterest Tag from Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (hereinafter referred to as „Pinterest“), pursuant to Art. 6 para. 1 lit. f) GDPR. This tag is embedded in the code of our web pages and enables us to ensure that the Pinterest ads we initiate are only displayed to Pinterest users who have shown an interest in our services. This ensures that our Pinterest ads reflect the potential interest of each user and that our users are not bothered by irrelevant content. Additionally, it enables us to track the actions of Pinterest users after they have seen or clicked on one of our Pinterest ads. This helps us accurately measure the conversion of each campaign for statistical, market research and billing purposes. Through the use of the Pinterest Tag, the following information is processed:

  • timestamp,
  • URL,
  • device specifications,
  • campaign-related information (in particular, specification of the impression, form field and activated button).

The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. According to recital 47 of the GDPR, the processing of such data for behavioural and interest-based advertising purposes is to be regarded as our recognised legitimate interest. The data is stored in accordance with the statutory retention periods and then automatically deleted. Please be advised that if you have a Pinterest account, this information may be stored and processed by Pinterest and may be used by Pinterest for their own promotional purposes in accordance with Pinterest’s Data Usage Policy. Pinterest cookies are stored for 12 months. The processing of your data in connection with Pinterest is performed on the basis of your consent. You can opt out of this particular data processing at any time by either changing your Pinterest settings accordingly or simply informing us that you do not wish such processing to take place in the future. To do this, please use the contact information provided by our data protection officer. Please be aware that the declared objection only applies to the device used and has no influence on the legitimacy of the processing carried out on the basis of the consent prior to the revocation. For more information, please see Pinterest’s Data Policy and information about protecting your privacy.

4.17 Criteo Cookies

We use the re-marketing tool Criteo, a technology of Criteo SA, 32 Rue Blanche, 75009 Paris, France, on our website on the basis of Art. 6 para.1 a) DSGVO in order to improve our website and to be able to show users targeted products that correspond to their interest. Providing the user gave their consent, a code snippet from Critero will be run on our and other websites on which Criteo has been implemented. Additionally, so-called (Re)marketing-tags (invisible graphics or code, also referred to as „web beacons“) are integrated into the website. With the help of the tag, an individual cookie is stored on the respective device, in which various attributes are saved, such as which web pages the user has visited, which content he is interested in and which ads he has clicked on, as well as technical information about the browser and operating system or the time of the visit. This information is stored anonymously for a period of 365 days, as it does not contain any personal data for us.

We have concluded a contract for commissioned processing with Criteo in accordance with Art. 28 DSGVO to ensure the security of this data processing.

You can revoke your consent to this data processing at any time with future effect by configuring the cookie settings here accordingly.

Additional information about Criteo’s privacy policy can be found in the privacy policy of the provider.

4.19 OptiMonk

We use the marketing and website optimization tool OptiMonk, a technology of OptiMonk International Zrt., 4028 Debrecen, Kassai út 129, Hungary, on our website on the basis of Art. 6 para.1 a) DSGVO in order to improve our website and to be able to show users targeted marketing information, promotions and products that correspond to their interest. Providing the user gave their consent, a code snippet from OptiMonk will be run on our websites. Additionally, so-called marketing-tags (invisible graphics or code, also referred to as „web beacons“) are integrated into the website. With the help of the tag, an individual cookie is stored on the respective device, in which various attributes are saved, such as a session id and user id and which ads he has clicked on, as well as technical information about the browser and operating system or the time of the visit. This information is stored anonymously for a period of 365 days, as it does not contain any personal data for us.

We have concluded a contract for commissioned processing with OptiMonk in accordance with Art. 28 DSGVO to ensure the security of this data processing.

You can revoke your consent to this data processing at any time with future effect by configuring the cookie settings here accordingly.

Additional information about OptiMonk’s privacy policy can be found in the privacy policy of the provider.

4.20 WhatsApp Newsletter

We offer interested customers the opportunity to register for our WhatsApp newsletter via our website. This serves the purpose of offering another communication channel in addition to e-mail, via which customers can receive information about special promotions and new products.

If you have consented, we will process your personal data (e.g. name, phone number, e-mail address, messenger ID, profile picture, messages) for communication regarding the preparation and execution of any orders as well as for sending promotional information (e.g. offers, newsletters) using the instant messaging service „WhatsApp“ of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

An existing messaging account is required to use this service.

We would like to point out that WhatsApp Ireland Limited may also pass on personal data (in particular metadata of the communication) to WhatsApp Inc. which is also processed on servers in states outside the EU (e.g. USA) where there is no adequate level of data protection. WhatsApp may share this data with other companies within and outside the Facebook group of companies. For more information, see the WhatsApp Business Privacy Policy and WhatsApp Privacy Policy. We have neither precise knowledge nor influence on the data processing by WhatsApp Ireland Limited or WhatsApp Inc. which is responsible in this respect under data protection law.

In addition to the recipients already specifically named above, we use the help of other service providers (processors) to fulfill our obligations.

We point out that you can revoke your consent once granted at any time without giving reasons for the future by notifying us of your revocation via WhatsApp in a message with the note WIDERRUF or by email to kundenservice@coffeecircle.com.

The above-mentioned data will be deleted in accordance with the legal requirements as soon as their consent to the processing is revoked or if the purpose of the processing of this data has ceased to apply or it is not necessary for the purpose.

If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

4.21 Microsoft Bing Ads Conversion-Tracking

To manage and improve our campaigns, we use the online advertising program „Microsoft Ads“, also known as „Bing Ads“ and the included conversion tracking and remarketing, a service of Microsoft Corporation (hereinafter „Microsoft“), One Microsoft Way, Redmond, WA 98052-6399, USA, on the basis of Art. 6 para. 1 lit. f) GDPR. When you click on an ad placed by Microsoft, a conversion tracking cookie is placed on your computer. The information generated by the cookie, such as:

  • the clicked advertisement,
  • browser type/version,
  • operating system used,
  • location,
  • referrer URL (previously visited page),
  • host name of the accessing computer (IP address)
  • time of the server request,

is transferred to a Microsoft server in the USA and stored there.

These cookies become invalid after 90 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Microsoft may recognize that you clicked on the ad and were directed to that page. Each Microsoft client receives a different cookie. As a result, there is no way that cookies can be tracked through the advertisers‘ websites. The information collected through the cookie is used to compile conversion statistics for us as a Microsoft Ads customer. This tells us the total number of users who clicked on our advertisement and were directed to a page with a conversion tracking tag. However, we receive no information that personally identifies users. According to recital 47 of the GDPR, this processing for behavioral and interest-based advertising purposes is to be regarded as our recognized legitimate interest.

We have concluded a contract for commissioned processing with Microsoft in accordance with Art. 28 DSGVO to ensure the security of this data processing.

You can prevent this processing in advance by deactivating the installation of cookies in your browser settings. You can also object to this processing by setting the slider bar in the Microsoft settings to „Off“.

Additional information about Microsoft’s privacy policy can be found in the privacy policy of the provider.

4.22 Voucher offers of Sovendus GmbH

In order to select a voucher offer that is currently of interest to you, we will transmit the hash value of your e-mail address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) in a pseudonymised and encrypted form on the basis of Art. 6 Para. 1 f DSGVO. The pseudonymised hash value of the e-mail address is used by Sovendus to take into account any objection to advertising (Art. 21 para.3, Art. 6 para.1 c DSGVO). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymised after seven days (Art. 6 para.1 f DSGVO). In addition, we transmit the order number, order value with currency, session ID, coupon code and time stamp to Sovendus for billing purposes (Art. 6 para. 1f DSGVO). If you are interested in a voucher offer from Sovendus, if there is no advertising objection to your e-mail address and if you click on the voucher banner displayed only in this case, we will transmit your title, name, postcode, country and e-mail address in encrypted form to Sovendus for the purpose of preparing the voucher (Art. 6 para. 1 b, f DSGVO).

Additional information about Sovendus privacy policy can be found in the privacy policy of the provider.

5. Recipients outside the EU

As described above, data may also be transmitted to recipients based outside the European Union or the European Economic Area. This applies in particular to the aforementioned processing of analysis or targeting technologies which may involve the transmission of data to the servers of our service providers. Other recipients may be affiliated service providers that we use to provision our services, e.g. hosters, CRM tools and analysis service providers. These servers may be located outside the EU, particularly in the USA. We take the utmost care that these service providers guarantee data protection standards equivalent to those of the GDPR and that the applicable guidelines are complied with. We therefore only work with service providers who are certified according to the so-called EU-US Privacy Shield. For this certification, the EU Commission has determined the adequacy of the level of data protection in accordance with Art. 45 GDPR under the file number C/2016/4176. The use of these certified service providers thus meets the European standards for legally compliant data processing. In addition, we have obtained suitable contractual guarantees from all service providers domiciled in other EU countries which guarantee compliance with these EU standards and the enforcement of the rights of the parties concerned, e.g. on the basis of so-called standard contractual clauses of the EU Commission.

6. Your Rights

6.1 Overview

In addition to the right to rescind any authorisations you have given us, you are also entitled to the following rights if the respective legal requirements are met:

  • right of access to your personal data stored by us in accordance with Art. 15 GDPR
  • In the case of transmissions pursuant to Art. 46, 47 or 49 para. 1 no. 2 GDPR, right to information or reference to:
    • the suitable or appropriate guarantees and the possibility of obtaining a copy thereof,
    • your personal data stored with us according to Art. 15 GDPR
  • right to rectification of inaccurate or incomplete data in accordance with Art. 16 GDPR
  • right to erasure of personal data stored by us in accordance with Art. 17 GDPR,
  • right to restriction of data processing in accordance with Art. 18 GDPR,
  • right to data portability in accordance with Art. 20 GDPR.

6.2 Right of Objection

Under the conditions set out in Art. 21 para. 1 GDPR, the data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data. The above general right of objection applies to all processing purposes described in these data protection regulations which are processed on the basis of Art. 6 para. 1 lit. f) GDPR. In contrast to the special right of objection to data processing for advertising purposes (see 3.3), under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance (e.g. a possible danger to life or health). There is also the option to contact the responsible supervisory authority, the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

7. Data Security

We use the highest standards of information security for our infrastructure and the processing of your data. We use computer safeguards such as firewalls and data encryption and physical access controls to our buildings and files. We authorise access to our customers‘ personal information only for those employees who require it to fulfill their job responsibilities.

Additionally, all data personally submitted by you, including your payment details, is transmitted via Secure Socket Layer (SSL) technology. SSL is a secure and proven standard that is also used for online banking. You can recognize a secure SSL connection by the s attached to the http (i.e. https:/…) in the address bar of your browser or by the lock icon at the bottom of your browser.

We also use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously monitored in line with technological developments, are regularly adapted to reflect the respective risk and are, where necessary, upgraded.

(Version 1.1 – Updated 26.02.2019)