Show menu

SmartPay App Data Protection Policy cafe+co - Data Protection Policy

This Data Protection Policy supplements our General Terms of USE (GTU) for the cafe+co SmartPay App. Therefore, reference is also made to the definitions included in the GTU.

1. Information about the controller

The controller with regard to the SmartPay App is:

cafe+co International Holding GmbH
FN [Business Register Number] 192695a (Commercial Court Vienna [Handelsgericht Wien])
Vorarlberger Allee 14
1230 Vienna
VAT No.: ATU49507207

Phone: +43 (0)5 05 200
Email: datenschutz@cafeplusco.com

Website: www.cafeplusco.com


2. General data protection information

The protection of your personal data is a major concern of ours. We process your personal data only on the basis of and in accordance with the relevant statutory provisions (including but not limited to the General Data Protection Regulation (GDPR), the Austrian Data Protection Act [Datenschutzgesetz/DSG] and the Austrian Telecommunications Act [Telekommunikationsgesetz/TKG] 2003).


3. Personal data

Personal data means all information by which you can be personally identified or which makes you identifiable (e.g. name, date of birth, sex, address, phone number, email address, etc.)


4. Collection and processing of personal data

4.1 General
We will only process your personal data if storing the data is either necessary for technical reasons (“legitimate interest”) or if you provide such data voluntarily for specific purposes (“provision of data”). The following personal data will be used by us in the case of provision of data (to the extent such data is made available to us): first name, surname, email address, mobile phone number, address (consisting of postal code, town or city, street and country), language used, date of birth, sex, “Coffee Points” collected, voucher orders, participation in prize draws, preferred vending machines, chip IDs, transaction and usage data and correspondence with us, if any. The personal data advised by you will be used to the extent necessary for fulfilling the relevant purpose and/or to the extent required/permitted by law.

4.2 Use of data
The following provides an overview of what happens to your personal data when using the SmartPay App and of the most important aspects of data processing in connection with our SmartPay App.

4.2 Use of the SmartPay App
When you open, close, sign in to or out of the SmartPay App and when using the SmartPay App it will record in particular (i) login data including time stamp, (ii) generic device information, (iii) general operating system information, (iv) IP address and (v) location data, which are necessary for keeping the functions of the SmartPay App and the bonus programmes operative (including but not limited to those which are necessary for combating cyber attacks and for the related technical development of the App.
In such cases storage of data is necessary for technical reasons and thus in compliance with data protection law (“legitimate interest”). We will not process such data further, unless regulated otherwise hereinafter.
We may also use your data to repair errors in the SmartPay App, to increase user-friendliness and to improve the effectiveness of our services.

4.2.2 Contact
If you contact us via email, phone, post or other electronic means of communication, the data provided by you will be stored by us for 36 months for dealing with your enquiry and answering follow-up questions, if any. We will not disclose this data without your consent.

4.2.3 Purposes of processing personal data
The purposes of processing your personal data in connection with the SmartPay App include but are not limited to: (i) contacting you, (ii) processing the registration of a user account and managing the user account, (iii) processing top-ups of the credit balance account (“digital wallet”), (iv) processing product purchases via the credit balance account, (v) registering for and managing participation in the bonus programme and/or prize draws, (vi)
(processing of) refunds of credit balances in the credit balance account and, if applicable, (vii) verifying whether the user is of age, and (viii)
engaging in (other) correspondence.

4.2.4 Advertising; market and opinion surveys
Your personal data will be used for advertising, market and opinion surveys and/or product-specific surveys and marketing activities, if you give your consent thereto in advance or if permitted by statutory provisions (unless you have objected thereto).


5. Data security
We use technical and organisational security measures to protect your data against unauthorised, illegal or accidental access, loss, processing, use and/or manipulation. Your data will be protected by means of a secure server.
Our security measures are continuously being improved to protect your data. In spite of our security precautions, illegal interferences by third parties (by means of malware, hacking, interception of fax messages, etc.) cannot be completely excluded. We, therefore, assume no liability for disclosure of information due to errors in data transfers that were not caused by us and/or illegal access to data by third parties.


6. Passing on data to third parties; data transfer abroad
Your personal data will only be passed on to third parties in compliance with the provisions of data protection law, namely, in particular, if you have given your consent to the transfer of your data or this is necessary for performance of the contract or fulfilment of statutory obligations. It may also be necessary to disclose your data to prevent cases of misuse (e.g. credit card misuse). The processors used by us (e.g. payment service providers, EDP service providers for operating the website www.cafeplusco.com, the SmartPay App and when transferring data between us and the providers, for storing data and sending information to users) will receive your personal data only to be able to fulfil the contracts concluded with you. Our processors must use your data exclusively for fulfilling their tasks. In addition, we ensure that our processors comply with the provisions of data protection law.
The data protection standard in third countries may not be the same as the one in Austria. For that reason your data will only be transferred to a third country if the European Commission has decided that that country offers an adequate level of data protection or other appropriate data protection safeguards (e.g. standard contractual clauses concluded with us) are in place.
If our company is transferred in whole or in part to a third party, your data will also be transferred. However, applicability of the Data Protection Policy shall remain unaffected thereby.


7. Erasure of personal data
We will retain your personal data only for as long as this is necessary to fulfil our contractual or legal obligations, to defend us against any liability claims that may arise and to conclude any legal disputes where such data is needed as evidence. Upon conclusion of the contract your data will be retained until expiration of the period of retention of seven (7) years prescribed by tax law.
When you set up a SmartPay App user account or register, and when you have made personal data available, we will generally store the data for three (3) years after your last contact with us, unless you withdraw your consent before the end of that period.

8. Notification of data leaks
We always endeavour to identify data leaks at an early stage. We will notify you and/or the competent supervisory authority about any data breaches including the relevant data concerned (Data Protection Notification).

9. Your rights
As a matter of principle, you have a right to information, rectification/completion, erasure, restriction of processing, data portability as well as to withdraw your consent and to object. Please send your enquiries in this connection to datenschutz@cafeplusco.com or by post to our address stated above in Clause 1 including proof of your identity.

If you believe that the processing of your data violates data protection law or that your rights under data protection law have been infringed in any other way, you may also contact the competent supervisory authority - in Austria this is the Data Protection Authority [Datenschutzbehörde], Barichgasse 40-42, 1030 Vienna.


10. Right to object to direct marketing; right to withdraw consent
In addition, you have the right to object to processing of your personal data for direct marketing purposes at any time. In that case your data will no longer be processed unless there are compelling legitimate grounds for processing.
In addition, you may withdraw your consent given to us under data protection law at any time with effect for the future. However, the lawfulness of processing done up to the time of withdrawal shall not be affected by withdrawing consent.
You may exercise these rights with regard to the types listed in Clause 9.

11. Legal information; Cookie information

11.1 General
By using our SmartPay App you accept our Data Protection Policy and expressly agree to the collection, use, transfer, storage and protection of your personal data in accordance with this Data Protection Policy and the provisions of data protection law.

We always endeavour to ensure that the information in our SmartPay App is correct and complete. Nevertheless, unintended errors may occur. The information and software applications provided may - in whole or in part - be non-executable, out-of-date, unsecured, incomplete or faulty or may not be available permanently and errors/problems, if any, may not be repaired immediately. We assume no liability for information and/or software applications in our SmartPay App which is/are non-executable, out-of-date, unsecured, incomplete, incorrect, missing or not permanently available.

We assume no liability for contents of links to external websites in the SmartPay App. The relevant providers shall always be responsible and liable for the contents of the external websites. Likewise, we assume no liability for the content that is published by the relevant provider in the SmartPay App and we are under no obligation to check such content.

Decisions which are based on information that is made available in our SmartPay App and/or on pages linked via hyperlinks shall be made completely at your discretion and only you shall be responsible for them. In addition, we assume no liability for accidental or indirect damage in connection with running software applications, including but not limited to damage to the terminal device or damage resulting from loss of use, data or profit.

If you want to use our information or data for commercial purposes, you must obtain approval in advance. Please contact us for that purpose (see contact details above).

For the sake of completeness we would like to state as a general remark that information, data, documents, business secrets, trade secrets, ideas, etc. which have been published (on the internet) and are (thus) accessible to everyone are no longer subject to confidentiality.


11.2 Cookies
For the sake of completeness we would like to point out that we use cookies on our website - to which reference is or could be made in connection with the SmartPay App - to improve the user-friendliness and effectiveness of our offer. Explanation: Cookies are small (text) files which a website or app transfers to your hard disk or your mobile device. Even though cookies identify the device of a user, they do not identify the user personally.

However, we generally do not use such cookies in connection with the SmartPay App.

12. Modifications and amendments
We reserve the right to modify or amend the information contents at any time and without prior notice. If parts or any clauses of this text are not, no longer or not fully in compliance with the applicable legal regime, the remaining parts shall remain unaffected in terms of their content and validity.