Data privacy - Our data privacy statement

Home
Data privacy

Datenschutzerklärung

In this data privacy statement we inform you about the processing of your personal data.

If you would like to change your data privacy settings (give consent or revoke consent already given), please click here to change your settings.

RESPONSIBLE

café+co Österreich Automaten-Catering und Betriebsverpflegung Ges.m.b.H., Vorarlberger Allee 14, 1230 Vienna, Austria, office@cafeplusco.at, +43 5 05 200

HOSTING

Service: Hosting of the website
Provider: IPAX OG, Barawitzkagasse 10/2/2/11, Austria
Data privacy statement: https://www.ipax.at/unternehmen/impressum/

SERVER LOG FILES

For the purpose of monitoring the technical function and to increase the operational security of our web host, connection data are processed. The duration of the processing is limited to 7 days.

The legal basis for the data processing is the legitimate interest (unconditional technical necessity of a server log file as the fundamental data base for error analysis and for security measures within the framework of the service “website” explicitly required by your retrieval of it) pursuant to Art. 6 Para. 1 Letter f GDPR.

CONTACT FORM

On our website, there is the possibility of contacting us directly via a contact form. When this contact form is sent, a processing of the personal data entered by you is done by the controller for the purpose of processing your request on the basis of the consent pursuant to Art. 6 Para. 1 Letter a GDPR granted by you by sending the form until this consent is revoked. There is no statutory or contractual obligation to provide the personal data. The non-provision only results in you not being able to send your request, meaning that we cannot process it either.

REGISTRATION FORM

We offer you a registration option on our website. After the registration is sent, there is a processing of the data listed in the registration form by us for the purpose of fulfilling the contract on the basis of the contract concluded with the registration pursuant to Art. 6 Para. 1 Letter b of the GDPR for the contractual term.
There is no statutory or contractual obligation to provide the personal data. The non-provision merely results in no registration being possible.
There is no transmission of the data to third parties.

COMMENT FORM

By commenting on our products, articles, photos or videos, there is a processing of the personal data provided by you for the purpose of showing your comment on our website and the internal documentation on the legal basis of the contract concluded with you pursuant to Art. 6 Para. 1 Letter b GDPR (free-of-charge hosting contract to depict your comment on our website). Your name and your comment are published on the website. Your personal data are saved until the comment is deleted.

SECURITY SERVICES

On this website, we use the offering of security providers such as Captcha services to avoid non-human and automated input.

GOOGLE RECAPTCHA

If you give us your consent, we process your personal data with the service Google reCaptcha, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the joint controller for the purpose of avoiding non-human and automated input. In the process, we make it possible for the service to set cookies and to collect connection data and data of your web browser. We also make it possible for the service to calculate a user ID for the unique identification of the user within the framework of the advertising network operated by Google. Data will be saved on your device for the duration of up to two years.

The legal basis for the data processing is your consent pursuant to Art. 6 Para. 1 Letter a GDPR. The non-issuing of consent results in the usage of reCaptcha and associated forms not being possible.

You can revoke consent that has already been given by changing the data privacy settings.

The Google group transmits your personal data to the US. The legal basis for the data transmission to the US is your consent pursuant to Art. 49 Para. 1 Letter a in conjunction with Art. 6 Para. 1 Letter a of the GDPR. Before giving your consent, you were already informed that the US does not have a level of data privacy that corresponds to the standards of the EU. In particular, US secret services can access your data without you being informed of this and without you being able to take legal action against this. For this reason, the European Court of Justice has declared in a ruling that the former Privacy Shield is invalid.

WEB FONTS

GOOGLE FONTS

With our contract processor Google Fonts, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, we process connection data and browser data for the purpose of providing the fonts required by the web browser to display the website.

These data are only processed for the duration required to select and transmit the fonts.

The legal basis for the data processing is the legitimate interest (unconditional technical need to provide and supply the service “website” explicitly requested by you because of your retrieval of it) pursuant to Art. 6 Para. 1 Letter f GDPR.

If further autonomous processing of the data is done by Google Fonts, Google is the sole controller for this. Details can be found in the data privacy statement and in the FAQs of Google Fonts.

FONT AWESOME

With our contract processor Fontawesome, Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA, we process connection data and browser data for the purpose of providing the fonts required by the web browser to display the website. These data are only processed for the duration required to select and transmit the fonts.

If a further autonomous processing of the data is done by Fontawesome, Fontawesome is the sole controller for this. Details can be found in the data privacy statement of Fontawesome.

ONLINEMARKETING

FACEBOOK PIXEL AND FORMATION Of TARGET GROUPS (CUSTOM AUDIENCES)

With the aid of the Facebook pixel (or comparable functions to transmit event data or contact information by means of interfaces in apps), it is possible for Facebook firstly to determine the visitors to our online offering as a target group for the depiction of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “audience network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. Interest in certain topics or products that are visible based on the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the aid of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and are not perceived as tiresome. With the aid of the Facebook pixel, we can also monitor the effectiveness of the Facebook promotional ads for statistical and market research purposes by seeing whether users were forwarded to our website after clicking on a Facebook promotional ad (so-called “conversion measurement”);

service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
website: https://www.facebook.com;
data privacy statement: https://www.facebook.com/about/privacy;
standard contractual clauses (warranty data privacy level for processing in third countries): The "Facebook EU data transfer addendum" (https://www.facebook.com/legal/EU_data_transfer_addendum) applies in the case of contract processing by Facebook as the basis of the processing of event data of EU citizens in the US and the inclusion in the "platform terms and conditions of usage of Facebook" (https://developers.facebook.com/terms) with regard to the autonomous processing of event data of Facebook within the framework of the placement of ads;
further information: The “terms and conditions of data processing” (https://www.facebook.com/legal/terms/dataprocessing/update) apply with regard to event data that Facebook processes under contract in order to provide reports and analyses for companies; in addition, the “addendum for controllers” is deemed to be an agreement for joint responsibility (Art. 26 Para. 1 Clause 3 GDPR) that is fundamental in the case of autonomous processing of event data by Facebook for the purposes of targeting and improving and safeguarding the Facebook products.

LINKEDIN

LinkedIn Insights Tag / conversion measurement;

service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
website: https://www.linkedin.com;
data privacy statement: https://www.linkedin.com/legal/privacy-policy,
cookie policy: https://www.linkedin.com/legal/cookie_policy;
contract processing contract: https://legal.linkedin.com/dpa;
standard contractual clauses (warranty data privacy level for processing in third countries): https://legal.linkedin.com/dpa;
possibility to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.LINKEDIN

ADS

Placement of promotional ads within the platform LinkedIn and analysis of the ad results;

service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
website: https://business.linkedin.com/de-de/marketing-solutions/ads;
data privacy statement: https://www.linkedin.com/legal/privacy-policy;
contract processing contract: https://legal.linkedin.com/dpa;
standard contractual clauses (warranty data privacy level for processing in third countries): https://de.linkedin.com/legal/l/dpa;
possibility to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
further information: https://legal.linkedin.com/dpa.

WEB SHOP

We offer you the opportunity to purchase products directly via our web shop. Within the framework of the web shop, there is a processing of the data entered by you and data regarding the products selected by you by the controller to carry out the submission of an offer, to conclude the contract, to fulfil the contract and to fulfil any post-contractual obligations before the conclusion of the contract on the basis of the pre-contractual relationship initiated by you and after conclusion of the contract based on the contract pursuant to Art. 6 Para. 1 Letter b of the GDPR.

If the purchase of our products is done via an already existing customer account or if a customer account has been created to handle the purchase, your personal data will be processed until your customer account is deleted.

In the case of customers who have acquired our products via a guest profile, the processing of your personal data will be done until the expiry of the statutory retention obligations.

There will be a further processing of your data, which is to be agreed with the purpose of fulfilling the contract, for the purpose of direct marketing in forms that do not require consent, such as the addressed postal mailing of advertising, until an objection is received.

There is no statutory or contractual obligation to provide the personal data. However, the provision is necessary to conclude a contract. Non-provision will result in no conclusion of a contract being possible.

Shopping carts of non-registered users will be deleted after a maximum of 14 days. The user accounts of registered users remain until the account is deleted by the user. Contractual data will be processed until the expiry of any post-contractual obligations.

PAYMENTS ARE HANDLED WITH:

Service: PayPal
Operator: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg

Service: Stripe
Operator: Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA

NEWSLETTER SERVICES

Service: Newsletter
service provider: e3 Software, LLC, 2225 East Bayshore Road, Suite 200, Palo Alto, CA 94303 Data
privacy statement: https://de.directmailmac.com/privacy

RIGHT TO OBJECT

If your personal data are processed on the basis of a legitimate interest, you have the right to object to this processing.

If there are no mandatory reasons worthy of protection for the processing on our side, the processing of your data will be ceased due to this legal basis.

You also have the right to object to the processing of your personal data for the purpose of direct advertising. In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising.

The lawfulness of the data processed until the objection is not affected by the objection.

RIGHT OF REVOCATION

You have the right to revoke consent that has been given at any time by changing our data privacy settings.
In the event of you consenting to receive electronic advertising, the revocation of your consent can be done by clicking on the unsubscribe link. In this case, processing will be suspended, unless there is another legal basis.

The lawfulness of the data processed until the revocation is not affected by the revocation.

DATA SUBJECT RIGHTS

You also have the right to information, rectification, erasure and restriction of the processing of the personal data.

If the legal basis of the processing of your personal data exists in your consent or in a contract concluded with you, you also have the right to data portability.

You also have the right to complain to the supervisory authority. Further information on the supervisory bodies in the European Union can be found here.