COFFEE ADDRESS PERSONAL DATA PROCESSING POLICY
Version updated on January 25th 2019
Client means any legal person who uses, has used or has expressed a wish to use any of the services provided by Coffee Address.
Personal data means any information related to Clients’ contact persons – natural persons that we have obtained during a period of co-operation with you or because you have used an opportunity to apply for any of our services on this website, or have subscribed to news about Coffee Address.
Processing means any operation carried out with personal data, including collection, recording, storing, changing, ensuring access, making requests, transfer, etc.
2. Information about data controller
The processing controller of the personal data specified in this Policy is Coffee Address SIA, reg. No. 40003174017, legal address: Rīga, Brīvības street 155 k-7, LV-1012 (hereinafter – Coffee Address) and Baltic Coffee Holding, SIA, reg. No. 40203047754, legal address: Jaunmoku street 34, Rīga, LV-1046 (hereinafter – Baltic Coffee Holding). Coffee Address and Baltic Coffee Holding shall process your personal data as joint controllers and their mutual responsibilities, rights and competence within the personal data processing are regulated in the contract entered into between them.
3. Purpose of the document
3.1. The Policy is developed to ensure and inform the Clients about the Personal data processing implemented by Coffee Address pursuant to the requirements of regulatory enactments of the Republic of Latvia, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter - Regulation) and other applicable legal acts in the area of privacy and data protection.
3.2. This Personal data processing policy (hereinafter – Policy) contains information about the procedure according to which Coffee Address processes Personal data of its Clients. The provisions of this Policy apply to all Clients of Coffee Address, which have used or have expressed a wish to use the services provided by Coffee Address, including in relations with the Clients established before entry into force of this Policy.
4. Personal data categories In case you are our Client, have been our Client or have expressed a wish to become our Client, for the purpose of service provision during the co-operation we obtain from you and process the following Personal data: name, surname, position, e-mail, contact telephone number of a contact person, as well as communication data between Coffee Address and Client’s contact person with regard to orders made by the Client, installation of services, as well as complaints about quality of services.
5. Legal basis and purpose of Personal data Processing
5.1. To enter into and perform a contract: Pursuant to subclause b of part 1 of Article 6 of the Regulation, Coffee Address processes Personal data of Clients to enter into and perform service contracts, to keep Client data updated and correct, to ensure communication related to performance of a contract, to inform Clients about changes to contracts or to the process of provision of services, to invoice and deliver invoices for services, as well as to carry out measures upon the Client’s request prior to entering into the contract.
5.2. To ensure and protect the legitimate interests of the Client and Coffee Address, as well as to exercise the right to claim: Pursuant to subclause f of part 1 of Article 6 of the Regulation, having regard to legitimate interests of Coffee Address, as well as of the Client - to manage the process of provision of services for the purpose of improvement of the service and communication process, as well as to carry out training of personnel, to ensure proof of transactions, received Client’s orders, commercial communication in the process of co-operation in relation to provided services.
5.3. To improve the quality of services and internal business organization processes: Pursuant to subclause f of part 1 of Article 6 of the Regulation, having regard to legitimate interests of Coffee Address to constantly improve the process of provision of services, to enhance technical systems, IT infrastructure, etc., Coffee Address may process Personal data of Clients in a test mode for the purpose of testing such systems and services.
5.4. To send commercial communication: Pursuant to subclause f of part 1 of Article 6 of the Regulation, in case if you are our Client, or you have subscribed to receiving information about Coffee Address news, we shall occasionally send you information about the news we offer to our Clients. In every such communication there will be a possibility to unsubscribe from it in a simple and gratuitous way.
6. Personal data recipients
6.1. For processing of your Personal data for the purpose of provision of a quality service Coffee Address may use service providers that will perform processing of your Personal data. In such cases Coffee Address carries out required measures to ensure that such Personal data processors carry out Personal data processing in accordance with Coffee Address instructions and in compliance with requirements of regulatory enactments, as well as will require to carry out appropriate security measures.
6.2. Similarly, for the purpose of ensuring better services we may co-operate with co-operation partners, which also could perform processing of your Personal data as an independent controller or as a joint controller. In such cases you will be informed of the mentioned fact and data processing prior to entering into a respective service contract insofar as practically possible and in compliance with the requirements of the regulatory enactments.
6.3. Coffee Address may be also obliged to transfer your Personal Data to competent authorities laid down in the regulatory enactments, as well as Coffee Address may transfer your Personal data to providers of extrajudicial debt recovery services exercising its right for protection of its financial interests established by the regulatory enactments. In such cases Coffee Address shall ensure that only Personal data provided by the regulatory enactments are transferred to the authorities, as well as that persons having no proper authorization have no access to the Personal data.
6.4. Processing of personal data performed by Coffee Address takes place only in the European Union / within the framework of the European Economic Area.
7. Data storage and technical security
7.1. Coffee Address within the scope and according to the procedure provided by the regulatory enactments ensures confidentiality of the Client’s Personal data and has implemented consistent technical and organizational measures for protection of the Personal data from unauthorized access, illegal Processing or disclosure, accidental loss, alteration or destruction, including using the following security measures when applicable:
(a) data encryption in transmitting data (SSL encryption);
(b) fire wall;
(c) penetration protection and detection programs;
(d) data transmission using HTTPS protocol;
(e) access of Coffee Address personnel to different data processing systems is registered and protected;
(f) other measures corresponding to development of technologies.
7.2. Coffee Address stores and processes Personal data of Clients while any of the following Personal data processing bases exists:
(a) services contract or goods purchase contract entered into by the Client is effective;
(b) within the term established by the regulatory enactments for exercising of the mutual rights to claim of Coffee Address or Client following expiry of the contract;
(c) within the term established for Coffee Address for the purpose of fulfilment of mandatory obligations provided by the regulatory enactments;
(d) while Client’s consent to respective Personal data processing is effective if no other basis for processing of Personal data exists.
7.3. Upon termination of the Personal data processing bases set forth in clause 7.2. the Personal data at the disposal of Coffee Address are erased.
8. Rights of data subjects to information and correction of data
8.1. Coffee Address ensures to contact persons of the Clients (data subjects) the following rights in relation to the Personal data Processing:
(a) To request correction of one’s Personal data if they are improper, incomplete or inaccurate;
(b) To object against processing of one’s Personal data if the use of Personal data is based on legitimate interests, including for receiving marketing offers or participation in surveys;
(c) To request to erase one’s Personal data but only in cases when Personal data are processed on the basis of consent of a data subject, as well as in cases when Coffee Address no longer has legal basis for Personal data processing set forth by the regulatory enactments;
(d) To request restriction of one’s Personal data Processing in accordance with the applicable regulatory enactments, for example, in the period when Coffee Address evaluates whether the data subject is entitled to request erasure of its data;
(e) To receive information whether Coffee Address processes Personal data of the Client’s contact person, as well as to access them;
(f) To withdraw its consent for Personal data processing in cases when it is performed on the basis of consent;
(g) To submit complaints regarding the use of Personal data if the Client considers that the Personal data processing performed by Coffee Address violates its rights and interests in accordance with the applicable regulatory enactments, submitting a complaint to any of the mentioned institutions: In Latvia - the Data State Inspectorate (Datu valsts inspekcija) (www.dvi.gov.lv); in Estonia - Andmekaitse Inspektsioon (https://www.aki.ee/en/inspectorate); in Lithuania - Valstybine duomenu apsaugos inspekcija (https://ada.lt/go.php/eng/img).
8.2. Contact persons of the Client may submit requests to Coffee Address on exercising their rights in writing by electronic mail, signing the application with a safe electronic signature and sending it to firstname.lastname@example.org, or sending a request in writing to the addresses of controllers indicated in clause 2 of the Policy.
10. Other provisions
10.1. This Policy is available to Clients on the Coffee Address website www.coffeeaddress.lv.
10.2. Coffee Address may introduce supplements and changes to this Policy informing contact persons of the Clients of such changes by e-mail, as well as by posting the updated Policy on the website.