Privacy Policy - Data Protection Rules

Home
Privacy Policy

In this privacy policy we inform you about the processing of your personal data.

If you wish to change your privacy settings (give consent or withdraw consent already given), click hereto change your settings.

RESPONSABILITY

café+co Österreich Automaten-Catering und Betriebsverpflegung Ges.m.b.H., Vorarlberger Allee 14, 1230 Vienna, Austria, office@cafeplusco.at, +43 5 05 200

HOSTING

Service: Webseite Hosting
Provider: IPAX OG, Barawitzkagasse 10/2/2/11, Austria
Privacy Policy: https://www.ipax.at/unternehmen/impressum/

SERVER LOG FILES

For the purpose of monitoring the technical function and increasing the operational security of our web host, connection data is processed. The duration of the processing is limited to 7 days.

The legal basis for the data processing is the legitimate interest (absolute technical necessity of a server log file as a basic database for error analysis and for security measures within the scope of the "website" service expressly requested by your call) in accordance with Art. 6 Para. 1 lit. f GDPR.

CONTACT FORM

On our website, you have the option of contacting us directly via a contact form. After sending the contact form, the personal data entered by you will be processed by the responsible party for the purpose of processing your request on the basis of the consent given by you by sending the form pursuant to Art. 6 para. 1 lit. a GDPR until revoked. There is no legal or contractual obligation to provide the personal data. The only consequence of not providing the data is that you do not submit your request and we cannot process it.

REGISTRATION FORM

We offer you a registration option on our website. After sending the registration, we process the data provided in the registration form for the purpose of fulfilling the contract on the basis of the contract concluded with the registration in accordance with Art. 6 Para. 1 lit. b GDPR for the duration of the contract.

There is no legal or contractual obligation to provide the personal data. The only consequence of not providing the data is that registration is not possible.

Data will not be transferred to third parties.

COMMENT FORM

By commenting on our products, contributions, photos or videos, the personal data you provide will be processed for the purpose of displaying your comment on our website as well as internal documentation on the legal basis of the contract concluded with you pursuant to Art. 6 (1) lit. b GDPR (free hosting contract for the display of your comment on our website). Your name and your comment will be published on our website. Your personal data will be stored until the comment is deleted.

SECURITY SERVICES

On this website, we use the services of security service providers such as captcha services to avoid non-human and automated entries.

GOOGLE RECAPTCHA

Im Fall der Erteilung Ihrer Einwilligung verarbeiten wir mit dem Dienst Google reCaptcha, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland als gemeinsame Verantwortliche Ihre personenbezogenen Daten zum Zweck der Vermeidung nicht menschlicher und automatisierter Eingaben. Dabei ermöglichen wir dem Dienst das Setzen von Cookies, die Erhebung von Verbindungsdaten und Daten ihres Webbrowsers. Zudem ermöglichen wir dem Dienst die Berechnung einer User-ID zur eindeutigen Identifizierung des Users im Rahmen des von Google betriebenen Werbenetzwerkes. Daten werden auf Ihrem Gerät für die Dauer von bis zu zwei Jahren gespeichert.

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Failure to give consent means that the use of reCaptcha and associated forms is not possible.

You can revoke consent you have already given by changing the data protection settings.

The Google Group transfers your personal data to the USA. The legal basis for the data transfer to the USA is your consent pursuant to Art. 49 (1) (a) in conjunction with Art. 6 (1) (a) GDPR. Before giving your consent, you were already informed that the USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US secret services can access your data without you being informed and without you being able to take legal action against this. For this reason, the European Court of Justice has ruled that the previous adequacy decision (Privacy Shield) is invalid.

WEB FONTS

GOOGLE FONTS

We process connection data and browser data with our processor Google Fonts, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the purpose of providing the fonts required by the web browser to display the website. This data is only processed for the duration required for the selection and transmission of the fonts.

The legal basis for the data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the "website" service expressly requested by you by calling it up) pursuant to Art. 6 (1) lit. f GDPR.

Insofar as further independent processing of the data is carried out by Google Fonts, Google is the sole responsible party for this. Details can be found in the privacy policy and in the FAQ of Google Fonts.

FONT AWESOME

We process connection data and browser data with our processor Fontawesome, Fonticons, Inc, 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA, for the purpose of providing the fonts required by the web browser to display the website. This data is processed only for the time necessary to select and transmit the fonts.

Insofar as Fontawesome carries out further independent processing of the data, Fontawesome is the sole responsible party for this. Details can be found in the privacy policy of Fontawesome.

ONLINEMARKETING

FACEBOOK-PIXEL AND CUSTOM AUDIENCES

With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information via interfaces in apps), Facebook is able to use the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). ) to determine. Accordingly, we use the Facebook pixel so that the Facebook ads we have placed are only available to users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With help We also want to use the Facebook pixel to ensure that our Facebook ads are relevant to users' potential interests and are not annoying. The Facebook pixel also allows us to understand the effectiveness of Facebook ads for statistical and market research purposes by seeing who whether users were redirected to our website after clicking on a Facebook ad (so-called "Conversion Measurement");

Serviceprovider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;
Website: https://www.facebook.com;
Privacy policy: https://www.facebook.com/about/privacy

Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): The "Facebook-EU data transfer addendum" (https://www.facebook.com/legal/EU_data_transfer_addendum) applies in the case of order processing by Facebook as the basis for processing event data from EU citizens in the USA and inclusion in the "Facebook Platform Terms of Use" (https://developers.facebook.com/terms) with regard to the independent processing of event data from Facebook in the context of the ad placement;

More information: The "Data Processing Terms" (https://www.facebook.com/legal/terms/dataprocessing/update) apply with regard to event data that Facebook processes on behalf of companies to provide reports and analysis; Furthermore, the "Supplement for those responsible" applies as an agreement on joint responsibility (Art. 26 Para. 1 S. 3 GDPR), which applies in the case of the independent processing of event data by Facebook for the purposes of targeting as well as improving and securing the Facebook products, is relevant.

LINKEDIN

Insights Tag / conversion measurement;
Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
Website: https://www.linkedin.com;
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Order Processing Agreement: https://legal.linkedin.com/dpa

Standard contractual clauses (ensuring the level of data protection when processing in third countries) https://de.linkedin.com/legal/l/dpa;
Possibility of objection (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
Further information: https://legal.linkedin.com/dpa

WEBSHOP

We offer you the possibility to purchase products directly via our webshop. Within the framework of the webshop, the data entered by you as well as data on products selected by you will be processed by the responsible party for the purpose of making the offer, concluding the contract, fulfilling the contract as well as fulfilling any post-contractual obligations prior to the conclusion of the contract on the basis of the pre-contractual relationship initiated by you and after the conclusion of the contract on the basis of the contract pursuant to Art. 6 (1) lit. b GDPR.

If the purchase of our products was made via an already existing customer account or a customer account was created to process the purchase, your personal data will be processed until your customer account is deleted.

For customers who have purchased our products via a guest profile, your personal data will be processed until the expiry of the statutory retention obligations.

Your data will be further processed for the purpose of direct marketing in forms that do not require your consent, such as the addressed mailing of advertising, until you object.

There is no legal or contractual obligation to provide the personal data. However, the provision is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded.

Shopping baskets of non-registered users will be deleted after a maximum of 14 days. The user accounts of registered users shall remain in existence until the account is deleted by the user. Contractual data shall be processed until the statute of limitations of possible post-contractual obligations.

PAYMENTS ARE PROCEEDED:

Service: PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxenburg

Service: Stripe
Provider: Stripe,Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA

NEWSLETTER SERVICES

Service: Newsletter Service
Provider: e3 Software, LLC, 2225 East Bayshore Road, Suite 200, Palo Alto, CA 94303
Privacy Policy: https://de.directmailmac.com/privacy

RIGHT TO OBJECT

If the processing of your personal data is based on legitimate interest, you have the right to object to this processing.

If there are no compelling legitimate reasons for the processing on our part, the processing of your data will be discontinued on the basis of this legal basis. You also have the right to object to the processing of your personal data for direct marketing purposes.

In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising. The legality of the data processed until the objection is not affected by the objection.

RIGHT OF REVOCATION

You have the right to revoke consent you have already given at any time by changing the data protection settings.

In the case of consent to receive electronic advertising, revoking your consent can be done by clicking on the unsubscribe link. In this case, processing will cease unless there is another legal basis.

The lawfulness of the data processed until the revocation is not affected by the revocation.

AFFECTED RIGHTS

You also have the right to information, correction, deletion and restriction of the processing of personal data.

If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability.

Furthermore, you have the right to lodge a complaint with the supervisory authority. You can find more information about the supervisory authorities in the European Union here.