Data protection and the protection of your personal data is our top priority. Following we inform you about the processing of your personal data on our website and in our company.
The current version 2.0.0 is dated 5 August 2020.
A. Name and address of the controller
Kaffee Partner GmbH, Kaffee-Partner-Allee 1, 49090 Osnabrück
represented by the Managing Director/CEO Peter Liebisch
Phone: +49 (0) 541 75045-0, e-mail: firstname.lastname@example.org
B. Contact details of the data protection officer
Boris Reibach, Scheja und Partner Rechtsanwälte mbB, Adenauerallee 136, 53113 Bonn
Phone: +49 (0) 228 227 226 0, Fax: +49 (0) 228 227226-26
Encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html
C. Processing of personal data
1. Provision of the website
During your visit to our website, we collect and use data that your internet browser automatically transmits to us:
- Date and time of the retrieval of one of our internet pages
- Your browser type
- Your browser settings
- Your IP address
- The pages you have visited
1.1. Purpose and legal basis for data processing
The legal basis for the processing of the data is Art. 6(1)(f) GDPR.
Our legitimate interests are to ensure the technical functionality of the website, as well as the performance of statistical analyses to improve the website, system security (e.g. prevention of misuse) and error diagnosis.
1.2. Duration of storage
The data required for the presentation of the web offer will be deleted by the web server immediately after delivery.
Personal data is processed if you provide it, for example, when requesting an information brochure or an offer, contacting our team of experts, reporting a service case, making a contact request or registering for the partner program.
There are several contact forms on our website which can be used for electronic contact.
When using a contact form, the data entered in the input mask is transmitted to us and processed by us. Depending on the contact form, the information required for processing your request must be provided. This can be:
- First name
- Street, house number
- Postcode, place of residence
- Phone number
- E-mail address
Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be processed.
2.1. Purpose and legal basis for data processing
The legal basis for the processing of personal data from the input mask is Art. 6(1)(f) GDPR. Our legitimate interest is the receipt and processing of inquiries, complaints or other feedback.
If the purpose of the contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.
2.2. Duration of storage
After final processing of the request, the personal data will be deleted as long as there are no legal storage obligations.
3. Preparation and implementation of the business relationship
Within the scope of the business relationship with you or with your employer, we only process the personal data of you that relates to the business relationship. These can be in detail:
- Contact details, including your name, e-mail address and phone number
- User account information
- Contract data
- Creditworthiness data
- Payment data
3.1. Purpose and legal basis for data processing
We process your personal data for the preparation and implementation of the business relationship. The data processing is based on Art. 6(1)(b) GDPR, if a business relationship with you personally exists or is to be entered. If you are acting on behalf of a third party, in particular your employer, the data processing is based on Art. 6(1)(f) GDPR.
In addition, we process the aforementioned personal data for measures for business management and further development of services and products. The legal basis is Art. 6(1)(f) GDPR. Legitimate interest is the improvement of our offers and services.
We also process your personal data for data exchange with credit agencies (SCHUFA, Creditreform). The legal basis is Art. 6(1)(f) GDPR. Legitimate interest is the determination of credit default risks.
3.2. Duration of storage
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which essentially result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation stipulated there are six to ten years.
Finally, the duration of storage is also assessed according to the statutory limitation periods, which, for example, are usually three years according to Sections 195 ff. of the German Civil Code (BGB). If evidence must be preserved, e.g. in the course of legal proceedings, the limitation periods of the German Civil Code (BGB) can be up to 30 years if a court title exists.
After termination of the contractual relationship, the deletion is carried out after expiry of the statutory retention periods.
On our website we offer you the possibility to register for our newsletter.
We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by e-mail if you have expressly confirmed that you want us to activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this e-mail. With the help of a so-called tracking pixel we evaluate your usage behaviour, i.e. the click and opening behaviour for statistical purposes and to optimize relevant content for you and the further readership.
If you do not wish to receive our newsletter at a later date, you can unsubscribe at any time. You can do this by sending a message in text form to the contact details given under section A (e.g. e-mail, fax, letter). Of course, you will also find an unsubscribe link in every newsletter.
4.1. Purpose and legal basis for data processing
The purpose of processing is to provide regular information about our services, products and our company. The legal basis for the processing of the data in connection with the newsletter is Art. 6(1)(a) GDPR.
4.2. Duration of storage
We store your data required for sending the newsletter until you unsubscribe from our newsletter.
5. Advertising or market and opinion research
5.1. Purpose and legal basis for data processing
Without your consent to receive messages according to section 4, we process your contact and contract data for the purpose of direct marketing based on a balance of interests.
In these cases, the processing is based on overriding legitimate interests in accordance with Art. 6(1)(f) GDPR. We pursue the interest of informing you in general about our own products and services.
5.2. Duration of storage
In principle, we process your data for these purposes up to the point at which you have objected (see the section entitled “Right to object to the processing of data for direct marketing purposes”); unless we are allowed to process your personal data mentioned above on another legal basis, we will delete these data immediately.
6. Fulfilment of legal obligations
We may also process your personal data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law.
6.1. Purpose and legal basis for data processing
The processing is usually carried out in order to comply with state control and information obligations.
The purposes of the processing result from the respective legal obligation and include in particular
- Assertion of legal claims and defence in legal disputes;
- Prevention and investigation of criminal offences
The data processing is based on Art. 6(1)(c) GDPR.
6.2. Duration of storage
We delete the data after the legal obligation has ceased, provided that no other legal basis, in particular legal or contractual retention periods, intervene.
D. Cookies and similar technologies
1. What are cookies and similar technologies?
2. Which cookies are used on this website and how to set them with the cookie consent solution?
For a list of the cookies we use, descriptions of the purposes of the cookies and more information about each cookie, please refer to our cookie consent solution. You can obtain detailed information on the individual cookies (in particular regarding legal basis, processing purposes, data recipients and storage duration) by clicking on the “?”.
On your first visit to our website and then at any time, you can accept or reject some or all cookies separately via the link “Cookie settings” in our cookie consent solution, by placing a green check mark next to the respective cookie or removing it and then clicking on “Save settings”. We will only set cookies requiring your consent if you have given your prior consent.
Your settings made in the cookie consent solution are stored on your computer or mobile device. You will therefore need to readjust them if you delete your browsing history or use another device or internet browser.
3. How to set cookies as an alternative to the cookie consent solution in my browser?
E. Recipients or categories of recipients of the data
Within the company, only those departments receive your data which absolutely need them to fulfil our contractual and legal obligations.
We only transfer your personal data to external recipients if there is a legal justification for this or if you have consented to it. External recipients can be:
- Processors: Service providers we use to provide services or who are entrusted with the maintenance of our IT systems.
- Public bodies: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transfer personal data in individual cases.
- Private bodies: Private bodies to which we transfer your personal data, such as lawyers (disputes, debt collection, etc.), tax consultants, auditors.
F. Planned data transfer to third countries
As part of the processes described above, your personal data may be transferred to entities whose registered office or place of data processing is not in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In doing so, we ensure prior to the transfer that, except in exceptional cases permitted by the law, the recipient either has an adequate level of data protection (e.g. through an adequacy decision of the European Commission or through appropriate guarantees such as the agreement of so-called EU Standard Contractual Clauses of the European Commission with the recipient) or your express consent has been obtained. You can obtain a copy of these guarantees from us. Please use the contact details in section A.
G. Voluntariness and obligation to provide personal data
You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the performance of the above-mentioned services. If you do not provide us with this personal data, we may not be able to provide the services.
H. Information on the rights of the data subjects
As a data subject, you have the following rights according to the GDPR, insofar as their respective legal requirements are met:
Access: You have the right to obtain information about your personal data processed by us.
Rectification: You can obtain the rectification of inaccurate personal data concerning you. Furthermore, you can request the completion of incomplete personal data.
Erasure: In specific cases you can obtain the erasure of your personal data.
Restriction of processing: In specific cases you can obtain restriction of processing of your personal data.
Data portability: If you have provided data on the basis of a contract or consent, you can demand that you receive the provided data in a structured, commonly used and machine-readable format or that the data is transferred directly to another controller.
Right to object
Individual right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(f) GDPR, including profiling based on those provisions. We will then no longer process the personal data for those purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assert, exercise or defence of legal claims.
Right to object to the processing of data for direct marketing purposes
In some cases, we process your data in order to carry out direct marketing. You have the right to object to the processing of your personal data for those purposes at any time. This applies to profiling as far as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, your personal data will not be processed for those purposes any longer.
If you have given your consent to the processing of your data, you can withdraw it at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data before the withdrawal of the consent.
To assert any of your abovementioned rights as well as to withdraw any consent you have given, please contact us via the contact details given in section A. In addition, you can withdraw your consent regarding the setting of cookies at any time in our cookie consent solution, accessible via the link “Cookie settings”, by removing the corresponding check mark and then clicking on “Save settings”.
You have the right to lodge a complaint with a supervisory authority. You may exercise this right by contacting a supervisory authority, in particular in the member State of your habitual residence, your workplace, or the location of the alleged breach.
I. Automated individual decision-making, including profiling
Automated individual decision-making, including profiling in the sense of Art. 22 GDPR, does not take place in our company.