Data policy

Updated on:

9.2.2023

We, Coffee Roastars GmbH, Neuer Jungfernstieg 17, 20354 Hamburg (Coffee Roastars /we), are pleased that you have visited our website and are interested in our products and services. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on this website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, address and email address.

1. DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE

Every time you access content on our website, connection data is transmitted to our web server. This connection data includes:

the IP address (Internet Protocol address) of the respective users,
the date and time of the request,
the referrer URL,
Device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) as well as
the browser type / version.

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but is used to optimise the use of the website. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO.

2. DATA PROCESSING AT THE INSTIGATION

The use of our website is generally possible without providing personal data. You are neither obliged to call up this website nor to provide personal data. However, the provision of personal data is required, for example, for the receipt of newsletters or in the case of registration. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functionalities of this website or some of its services.

2.1. ORDER IN THE STORE

When you place an order with us, we process the following data from you:

Registration data from the customer account or your guest data,
Purchasing data (order/shopping cart),
Payment data (payment method, account and credit card data, billing addresses)

The processing of your personal data is based on Art. 6 para. 1 p. 1 lit. b DSGVO within the scope of what is necessary for the performance of the contract.

2.2. REGISTRATION AS A CUSTOMER

If you would like to register with us as a customer, we will collect the required mandatory information from you (first name, last name, email address, password). Alternatively, registration is also possible via your already existing Google or Apple account. If you select this function, you will be redirected to the registration form of the respective provider and can log in there with your access data. Google or Apple will then transfer your name, your email address and the confirmation that you are actually logged in to Google or Apple to us for authentication. You can define which other data is transferred to us within your (privacy) settings at the respective provider. Your password that you use with the respective provider is not transferred to us. With regard to data processing by the providers in connection with this registration option, please also note the privacy statements of Apple and Google.

Registration is not necessary, but it will make the ordering process easier for you for future orders, as you can reuse the data you have already saved. Alternatively, you can also place an order as a guest. In this case, we collect from you, with the exception of a password, the same data as during registration. However, this data is not stored in a customer account for you, so that you also do not have access to a customer account.

After registration, login is done by entering your email address and password. Please always make sure to log out before leaving the website.

When using a password, please take appropriate security measures. For example, a password should be at least 8 characters long and, if possible, always consist of a combination of upper and lower case letters, numbers and special characters. Problematic in this respect are trivial words such as "ABC" or keyboard follow (e.g. "qwert" or "asdfgh"), all kinds of names (such as those of friends, acquaintances, colleagues, family members, pets), city and building names, cartoon characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc.

The processing of your personal data is based on your consent pursuant to Art. 6 para.1 p. 1 lit. a DSGVO.

In addition, your IP address and the time of registration are stored by us as part of the registration process. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 para. 1 p. 1 lit. f DSGVO.

2.3 LOGIN

If you are a Coffee Roastars customer, you may be able to access separate information or updates about the product you are using through the login feature on this website.

Login data must be kept strictly secret. If a password is nevertheless passed on, for example to enable access to certain data by third parties in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, your IP address and the time of access are stored by us within the scope of a login. This is necessary to ensure the security of our information technology systems.

We also set a session cookie each time you log in. This session cookie prevents the automatic logout during the active use of the account or associated services. After the respective logout, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO and, if your contractual relationship is affected, Art. 6 para. 1 p. 1 lit. b and/or f DSGVO.

2.4. NOMINATION OF A ROASTERY

You have the possibility to nominate a roastery that you would like to be part of our community. For this purpose, we provide a corresponding form via the third-party provider "Hubspot". In addition to providing the name, location and website of the roastery, it is also necessary to provide your name and email address. The additional information on telephone number and job title is optional.

The legal basis for the processing of your data is generally based on Art. 6 para. 1 p. 1 lit. fDSGVO. Our legitimate interest is then to respond to your request. In the case of the implementation of pre-contractual or contractual measures, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

For the provision of the form, we use the service HubSpot from HubSpot Inc, a software company based in the USA, 25 First Street, Cambridge, MA 02141 USA, with a branch office in Ireland, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland ("HubSpot").Regarding the data processing through the use of this service, we refer to section 3.7 of this privacy policy.

2.5. NEWSLETTER

If you have expressly consented to receive our newsletter, you will regularly receive information about our partnering roasteries or new products at the email address you have provided. The indication of your email address is sufficient.

The processing of your personal data is based on your explicit consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise the revocation, you will find a link at the end of each newsletter. Alternatively, you can revoke your consent at any time, e.g. by sending an email to contact@60beans.com.

In connection with our newsletter, we use the service klaviyo, operated by Klaviyo, Inc, 125 Summer Street, Floor 6, Boston, MA, 02110, United States ("klaviyo"). Klaviyo is a service that organizes and analyzes newsletter delivery. The email address you provide for the purpose of receiving newsletters is stored on klaviyo's servers.

Our newsletters sent with klaviyo allow us to analyze the behavior of newsletter recipients via a tracking pixel and cookies, among other things. Among other things, it can be analyzed how many recipients have opened the newsletter message or how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action has taken place after clicking on the link in the newsletter. For more information on data protection at klaviyo, please visit: https://www.klaviyo.com/legal/privacy/privacy-notice

Please note that klaviyo is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

The legal basis for data processing in connection with the aforementioned analysis is based on your consent, based on § 25 para. 1 p. 1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You can revoke your consent separately at any time via email to contact@60beans.com.

When you register for a newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6Abs. 1 S. 1 lit. c DSGVO.

2.6. ONLINE APPLICATION

You can apply for a position with us on our website. You have the option of using our online application form. Alternatively, you can also apply by email or mail.

As part of the online application, you will be asked to provide personal information (e.g. name and contact details). The provision of certain data is required for the establishment and implementation of a possible employment relationship. If you do not provide this data, which is marked separately as mandatory, your application is incomplete and cannot be considered further in the application process. The provision of other information and the upload of files or documents (e.g. resume or application photo) is not mandatory at this stage of the application, but optional. Provided that you only provide mandatory information, there will be no disadvantages for your application.

After receipt of your online application, you will receive an automatic confirmation of receipt from us. Further communication regarding the application process will then be handled by our HR department.

Your data will be processed by us for the purpose of deciding on the establishment of an employment relationship. The legal basis for data processing is Art. 88 (1) DSGVO in conjunction with. § Section 26 (1) sentence 1 BDSG. If special categories of personal data are involved, the processing is based on Art. 88 DSGVO in conjunction with. §26 para. 3 BDSG. In the event of a rejection or the conclusion of the application process, your data will be deleted within 6 months.

For the provision of the online application, we use the provider Personio GmbH & Co. KG, Rundfunkplatz4, 80335 Munich ("Personio"), which operates a personnel administration and applicant management software. Your data provided as part of the application will be transferred to Personio and stored in a database there. Regarding the data processing by Personio, we refer to the privacy policy of Personio.

2.7. CHAT (CUSTOMER SUPPORT)

You have the option on our website to contact our customer support via a chat widget to get answers to your questions faster. To provide the chat widget, we use the Zendesk service provided by Zendesk Inc, 989 Market Street, San Francisco, CA 94103, USA ("Zendesk"). This uses cookies to provide the chat and to view your chat history. Zendesk also collects your device data, browser information and IP address.

The legal basis for data processing in connection with the chat widget is based on your consent, which you can give before starting the chat, based on § 25 para. 1 p. 1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You can revoke your consent at any time via email to contact@60beans.com.

Please note that Zendesk is a company based in the USA. According to a recent ruling by the European Court of Justice (ECJ), there is not an adequate level of data protection in the USA and therefore a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

2.8. TASTE FINDER

On our website, we offer you the opportunity to receive coffee recommendations by answering a few questions about your taste. It is not necessary to provide personal data for this purpose. However, you can voluntarily provide your name to personalize your Tastefinder result. The legal basis for this processing is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO

‍

3. DATA PROCESSING FOR THE NEEDS-BASED DESIGN OF THE WEBSITE

In order to make your use of our website as pleasant as possible, we use so-called web tracking systems. For this purpose, cookies are generally used, i.e. small text files that are sent from a web server to your browser and stored on the hard drive of your computer. This enables us to recognize the terminal device you use when you use our website. The tracking tools and other services we use, which use cookies, are listed in sections 3.1 et seq.

In this way, it is possible for us to determine, for example, whether you are logged in, have an active shopping cart and what the contents of the shopping cart are. The session cookies used for the use of the store are deleted after the end of the browser session. Other cookies remain on your terminal device and enable us to recognize your terminal device on your next visit.

Most browsers are set to accept cookies automatically. You can disable the storage of cookies in your browser and have the option to delete them from your hard drive at any time. However, you can also use your browser to prevent only certain cookies from being set (e.g. cookies from third-party providers), for example if you want to prevent web tracking. You can find more information on this in the help function of your browser.

We would also like to point out that you can also install a privacy protection plugin in your browser that offers the option to prevent tracking - e.g. AdBlock, Ghostery or NoScript (please refer to the privacy notices of the respective plugin provider).

Finally, we would like to point out that in case of a deactivation of cookies, not all functions of this website can be used to the full extent. Please also note that deactivation may have to be carried out for each browser and for each end device.

Details on the cookies used on the website can be found in the cookie banner and in the following provisions. The legal basis for the processing of your data follows, unless otherwise stated in the following provisions in section 3.1.ff., from Art. 6 para. 1 p. 1 lit. f DSGVO and - insofar as it concerns technically mandatory cookies - § 25 para. 2 No. 2 TTDSG . Our legitimate interest lies in the design of the website in line with requirements.

3.1. COOKIE CONSENT WITH THE COOKIE CONSENT TOOL

In order to be able to administer your consent to the use of tracking tools, we use the cookie consent tool "Cookiebot". The provider of this tool is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, website: https://www.cookiebot.com/de/ ("Usercentrics"). In this context, in addition to the connection data, the granting or refusal of your consent or the revocation of consent will be transmitted to Usercentrics. In order to be able to make the corresponding assignment, Usercentrics also sets a cookie in your browser.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

3.2. GOOGLE ANALYTICS

Our website uses the tracking tool "Google Analytics". This is a service provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This tracking tool helps us to make our website more interesting for you and to improve the user experience. In this process, data about the use of our website is stored in pseudonymous user profiles. Cookies may also be used for this purpose. In addition, data from various devices, sessions and interactions can be linked to a so-called "User ID". The information generated is usually transferred to a Google server in the USA and stored there. We would like to point out that on our website Google Analytics has been extended by the "anonymizeIp" function. This means that your IP address is first shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only then transferred to a Google server in the USA.

The shortening of the IP address represents an additional measure pursuant to Art. 25 (1) DSGVO for the protection of users, but it does not result in the complete data processing being anonymized. Thus, when Google Analytics is used, in addition to the IP address, other usage data is also collected that is to be evaluated as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.

On our behalf, Google will use the information received to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. The pseudonymized usage profiles will not be merged with personal data about the bearer of the pseudonym without a separately granted consent.

For more information about Google Analytics, see:

https://support.google.com/analytics/answer/2790010?hl=de

Please note that Google also has independent access to your data collected via Google Analytics and can also use this data for its own purposes. For example, Google may link this data with other data about you, such as search history, personal account, usage data from other devices, and any other data that Google has about you.

The legal basis for the use of Google Analytics is your consent, based on § 25 para. 1 p. 1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

3.3. GOOGLE ADS CONVERSION

In order to advertise our products and services on external websites with the help of advertising media and to determine the success of our advertising measures, we use the "Google Ads Conversion" service. These advertisements are delivered by Google via so-called "Ad Servers". If you access our website via a Google ad, Google Ads will store a cookie on your terminal device. These cookies usually lose their validity after 30 days and do not serve to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

The aforementioned cookies enable Google to recognize your internet browser. Therefore, provided that you have visited certain websites of an Ads customer and the cookie stored on your computer has not yet expired, Google and the Ads customer can recognize that you have clicked on the ad and were redirected to this page. Cookies cannot be tracked through Ads client websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We also only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify you on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge as follows: Through the integration of Ads Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider learns your IP address and stores it.

You can find more information about data protection at Google here:

https://support.google.com/google-ads/answer/93148 https://ads.google.com/intl/de_de/home/faq/gdpr/

The legal basis for the use of Google Ads Conversion is your consent, based on § 25 para. 1 p. 1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

3.4 GOOGLE MAPS

On our website, we also use the map service Google Maps from the provider Google via an API. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a server of Google in the USA and stored there. We have no influence on this data transmission. We have also entered into a mutual responsibility agreement with Google for the processing of personal data. You can view our agreement with Google under the following link. The legal basis for the use of Google Maps is your consent, based on § 25 para 1 p. 1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para 1 p. 1 lit. aDSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

3.5 HOTJAR

Our website uses Hotjar, an analytics software provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor,Dragonara Road, Paceville St Julian's STJ 3141, Malta ("Hotjar"), to better understand the needs of our users and to optimize the experience on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.) and helps us tailor our offerings based on feedback from our users. Hotjar uses cookies and other technologies to collect information about our users' behavior and their devices, including screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by us to identify individual users or merged with other data about individual users. For more information, please see Hotjar's privacy policy (https://www.hotjar.com/legal/policies/privacy).

The legal basis for the use of Hotjar is your consent, based on § 25 para. 1 p. 1TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner.

You can prevent Hotjar from storing a user profile and information about your visit to our website and from setting Hotjar tracking cookies on other websites by activating the "Do Not Track" setting in your browser. Hotjar provides instructions on how to do this at the following link: https://www.hotjar.com/de/legal/policies/do-not-track/.

3.6. TRUSTPILOT

We use the services of the provider Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen ("Trustpilot") for our website as well as our customer satisfaction surveys. Trustpilot offers us the possibility to let our customers rate our services. If you have placed an order through our store, you will receive a rating request from us with a link to the rating page of Trustpilot. To ensure that only customers who have actually ordered from our store submit a rating, we transmit the data required for verification to Trustpilot. This includes your name, email address and reference number. You can object to the use of your email address for rating requests at any time by sending an email to contact@60beans.com.

In order to be able to submit a rating, it is necessary to create a user profile on Trustpilot. Trustpilot is solely responsible for the data processing in connection with this user profile and the ratings submitted on the platform. In this respect, reference is made to the privacy policy of Trustpilot: https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms

In addition, we use the widget offered by Trustpilot on our website to display the customer feedback we receive. For this purpose, our website establishes a connection to the servers of Trustpilot. Trustpilot collects the following data as part of providing the widget: Impressions, views and clicks. This data enables us to analyze your interaction with the widget.

3.7. FACEBOOK CUSTOM AUDIENCE VIA THE PIXEL PROCESS (STANDARD VERSION)

We use the product "Facebook Custom Audience" offered by Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"), via the pixel procedure (standard version). Cookies are used in this procedure (see number 4). The legal basis for the use of Facebook Custom Audience is your consent, based on Section 25 (1) p. 1TTDSG for the storage and access to information in terminal equipment, as well as Article 6 (1) p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Meta is a company from the USA. According to a recent ruling by the European Court of Justice(ECJ), there is not an adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. In the event that data is transferred to Meta Platforms Inc. in the USA, the new standard data protection clauses have been agreed between Meta Platforms Ireland Limited and Meta Platforms Inc.

Meta collects and stores usage data in pseudonymous profiles for the purpose of web analytics or to enable interest-based advertising. This allows us to track users' actions after they have seen or clicked on a Facebook ad. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Meta, about which we will inform you according to our level of knowledge. Meta may associate this data with your Facebook account and also use it for its own advertising purposes in accordance with Meta's Data Use Policy. For more information on data processing by Meta, please see Meta's privacy policy (https://www.facebook.com/privacy/explanation)and https://de-de.facebook.com/notes/facebook-and-privacy/relevant-ads-that-protect-your-privacy/457827624267125/.

In addition to us, Meta itself is responsible for data processing. The processing of data by Meta is carried out in accordance with Meta's data usage policy. Details on this can be found in Meta's data usage policy. Specific information and details about the Facebook Pixel and how it works can be found in Meta's help section.

In this respect, we are jointly responsible with Meta for the processing of your personal data within the meaning of Art. 26 DSGVO. In this case, you can assert your rights (see section 9) both against us and against Meta. However, Meta serves as the first point of contact. We have concluded an agreement with Meta on joint responsibility for the processing of personal data. You can view this under the following link: https://www.facebook.com/legal/controller_addendum.

3.8. META PIXEL

The so-called "meta-pixel" is an invisible meta-pixel embedded on our website, through which the online behavior of each website visitor is analyzed by Meta Platforms IrelandLimited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). The Meta pixel enables customer data such as first name, last name, email address, etc. to be transmitted to Meta and enriched with existing tracking data. In this way, it is also possible to collect data from non-users of the Facebook social network or to record users who are not logged into Facebook while visiting a website. This tracks website visitors via meta, which deliberately prevent the storage of third-party cookies. In doing so, we have the option of targeting you on Facebook with an advertisement. However, via the meta pixel it is also possible to target new customers and address new people who are similar to website visitors.

In addition to us, Meta itself is responsible for data processing. The processing of data by Meta is carried out in accordance with Meta's Data Use Policy. For details, please refer to Meta's Data Use Policy. Specific information and details about the Meta Pixel and how it works can be found in Meta's help section.

The legal basis for the use of the meta pixel is your consent, based on § 25 para. 1 p. 1TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that Meta is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ)there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. In the event that data is transferred to Meta Platforms Inc. in the USA, the new standard data protection clauses have been agreed between Meta Platforms Ireland Limited and Meta Platforms Inc.

3.9. TIKTOK PIXEL

We also use the TikTok Pixel on our website, a tool of TikTok Technology Limited, 10 EarlsfortTerrace, Dublin, D02 T380, Ireland ("TikTok"). Through the TikTok Pixel, it is possible for us to analyze the online behavior of users of our website. When a user clicks on one of our ads on the TikTok platform and is redirected to our website, the TikTok Pixel collects information about the ad, the user's IP address, browser information and time of click. In addition, actions that a user then takes on our website are tracked. Cookies are also used for this purpose. The use of the TikTok Pixel enables us to measure the effectiveness of our advertising measures and thus to optimize our marketing.

In addition to us, TikTok itself is also responsible for data processing. The processing of TikTok takes place in accordance with the privacy policy and the privacy policy for business products of TikTok. In this respect, we are jointly responsible with TikTok for the processing of your personal data within the meaning of Art. 26 DSGVO. In this case, you can in principle assert your rights (see Section 9) both against us and against TikTok. However, TikTok serves as the first point of contact. We have concluded an agreement with TikTok on joint responsibility for the processing of personal data. You can view this under the following link: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

The legal basis for the use of the TikTok Pixel is your consent, based on § 25 para. 1 p.1 TTDSG for the storage and access to information in terminal equipment and Art. 6 para. 1 p. 1 lit. a DSGVO for our further processing of your data. You give your corresponding consent via our cookie banner. Please note that TikTok also has companies outside the EU, in particular in the USA. According to a recent ruling by the European Court of Justice (ECJ), there is not an adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. The new EU standard data protection clauses have been agreed as suitable safeguards to ensure an adequate level of protection for data transfers.

4. SOCIAL MEDIA APPEARANCES

4.1. LINKS TO SOCIAL NETWORKS

Our website contains links to social networks (Facebook, Instagram, Linkedin and TikTok). These websites are operated exclusively by third parties. If you follow the links, the respective provider may process personal data from you. Please refer to the data protection information of the providers in this regard.

4.2. DATA PROCESSING BY COFFEE ROASTARS AND LEGAL BASIS

Our social media presences (Facebook, Instagram, Linkedin and TikTok) serve the purpose of informing you about Coffee Roastars and new developments, services and products from us. Depending on the offer of the respective providers, you have, for example, the opportunity for different interaction (comment, recommendation, etc.) e.g. in connection with our social media presence. User interaction is an important criterion for us to conduct targeted marketing. This enables us to determine, for example, which posts are read preferentially. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process personal data of the users in the process, the legal basis for this is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest then consists in particular in targeted information / advertising. You will be informed separately by the providers about the legal basis on which the providers process your data for their own purposes.

4.3. SHARED RESPONSIBILITY

In individual cases, we are jointly responsible with the social media providers for the processing of your personal data. In this case, you can assert your rights (see section 9) both against us and against the social media provider. However, the social media provider serves as the first point of contact.

We have concluded an agreement with Meta (formerly Facebook) on joint responsibility for the processing of personal data. This applies in relation to the processing of so-called "Insights data". This is page statistics, in particular on the interactions of Facebook users. Details on the Insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights.Unsere Agreement with Meta can be viewed at the following link: https://www.facebook.com/legal/controller_addendum.

We have also entered into a joint responsibility agreement with LinkedIn Ireland with regard to so-called "Page Insights". With the Page Insights, LinkedIn Ireland does not provide us with personal data, but only aggregated data from you. It is not possible for us to draw conclusions about individual users via the information of the Page Insights. You can view details about Page Insights and our agreement with LinkedIn Ireland at the following link:

https://legal.linkedin.com/pages-joint-controller-addendum.

Please note that social media providers also process your data outside the EU/EEA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes.

With regard to the storage period of the data we process from you for our own purposes, please refer to our explanations under item 7. Otherwise, please observe the data protection provisions of the respective social media provider.

‍

5. DATA TRANSMISSION

We only pass on your personal data to third parties or other recipients if this is necessary for the provision of the service (in particular within the scope of the required transmission of the shipping data to the respective roasting companies, which carry out the shipping directly to you), you have given your consent, a legal obligation exists or the data transfer is permitted on the basis of another legal basis. Data is passed on, for example, to technical service providers or - in the case of a corporate transaction - to interested parties/buyers, etc. Furthermore, we use the services of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (Shopify), for the purpose of hosting our website. Where necessary, we have entered into agreements on commissioned processing with the recipients of your data in accordance with Art. 28 DSGVO.

In addition, please note the separate data protection provisions of the payment methods you have selected.

PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Klarna: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

VISA: www.visaeurope.com

MasterCard: www.mastercard.com

American Express: https://www.americanexpress.com/de/

Coinbase and Coinbase Commerce https://www.coinbase.com/

Amazon Pay: https://pay.amazon.de/

6. DATA TRANSFER TO COUNTRIES OUTSIDE THE EU

To the extent necessary for our purposes, we also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on the basis of another legal basis. Thus, your data will also be transferred to recipients based in the USA as part of data processing. Please note, however, that according to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. An adequate level of data protection is ensured by concluding the new so-called EU standard data protection clauses.

In the context of the use of Shopify (see section 5), personal data may be transferred to Shopify Inc. in Canada or the USA. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. For further information on Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz.

7. DURATION FOR WHICH PERSONAL DATA ARE STORED / CRITERIA FOR DETERMINING THE DURATION

Your personal data will be stored by us for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection no compelling reasons worthy of protection by Coffee Roastars oppose or in the event of a revocation no other legal basis for the data processing exists. However, in certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but will first be blocked. For example, the retention period for messages via the contact form with a business content can be up to ten years.

If an application (e.g. via our online application form, see section 2.6.) is successful, your data will be transferred to the personnel file and stored beyond the period of the application process in accordance with the statutory provisions. If your application is not successful, we will store your data beyond the period of the application process for a maximum of 6 months, unless you have given your consent to further data processing.

8. SECURITY MEASURES TO PROTECT YOUR PERSONAL DATA

We protect your data by technical and organizational measures against unauthorized access, loss or destruction. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to handle personal data confidentially. Our employees are trained accordingly.

To protect your personal data on this website, we use a secure online transmission method, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that a closed padlock symbol is displayed at the https:// address component. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the encrypted and complete transmission of your data.

9. YOUR RIGHTS

Within the scope of the legal requirements, you are generally entitled to the following from Coffee Roastars

Confirmation as to whether personal data concerning you is being processed by Coffee Roastars,
information about these data and the circumstances of processing,
Correction, insofar as this data is incorrect,
Deletion, insofar as there is no justification for the processing and no obligation to retain (any longer),
Restriction of processing in special cases determined by law,
Objection in case of data processing based on Art. 6 para. 1 p. 1 lit. f DSGVO and
Transfer of your personal data - insofar as you have provided it - to you or a third party in a structured, common and machine-readable format.

Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time, with the consequence that the processing of your personal data becomes unlawful for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Please send your specific request in writing or by email, clearly identifying yourself, to:

Coffee Roastars GmbH | 60 beans
Neuer Jungfernstieg 17
20354 Hamburg

Managing Directors: Ferdinand von Kalm, Roman Smigiel, Dijana Dimitrovska

Email: contact@60beans.com

If we process your data in joint responsibility with third parties within the meaning of Article 26 of the GDPR, the third party is centrally responsible for the exercise of all data subject rights. However, you are free to assert your rights against us as well.

Finally, we would like to inform you of your right to complain to the supervisory authority.

10. NO AUTOMATED INDIVIDUAL DECISION MAKING

We do not use your personal data for automated individual decisions.

11. CHANGE OF THE DATA PROTECTION DECLARATION

New legal requirements, corporate decisions or technical developments may require changes to our data protection statement. The privacy policy will then be adapted accordingly. You will always find the current version on our website.