We appreciate your interest in LAP Coffee. When you use our website or mobile app (together "Services"), your personal data may be processed. This Privacy Policy explains how we process personal data and what rights you have in this context.
This privacy policy can be accessed and printed at any time on our website.
I. General Information
This privacy policy informs you about the handling of your personal data when using our Services. In particular, it explains what data we collect and what we use it for. In addition, it informs you about how and for what purpose this is done.
Personal data ("data") is any information relating to an identified or identifiable individual. Processing" of data means any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR), as well as in the German Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG).
II. Controller
Responsible for the processing of your data is the
Micro Retail Technologies MRT GmbH
Address
Website/Mail
("we" or "us")
Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
III. Scope of Data Processing
We or third parties use and process information that we collect in order to provide you with personalized experiences. We treat your personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We use the information available to us only as necessary and for the purpose of providing and improving our Services. This includes personalizing features, content and recommendations. As part of our data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services, and customer/data management (CRM), each of which processes data on our behalf. We have concluded corresponding order processing agreements with these third-party providers, insofar as the third parties are order processors, which ensure that an adequate level of data protection is also guaranteed at our order processors (Art. 28 GDPR).
IV. Data security
We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by external service providers. Our Services use SSL or TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the site operator.
V. Processing of Personal Data
The following overview lists all types of data we process, the purposes of their processing, as well as the legal basis for their processing.
1. Use of our Services
If you use our website without otherwise (e.g. by registering or using the contact form) transmitting data to us, we collect the following data on our web server temporarily and anonymously via server log files:
• Website from which our website was requested (so-called referrer URL)
• Name and URL of the requested website
• Date and time of access to the website
• Description of the type, language and version of the web browser used
• IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
• Message whether access was successful (access status/ HTTP status code)
• Internet service provider of the accessing system
• Amount of data transferred in each case
• Operating system used and its interface
• the GMT time zone difference
This processing is technically necessary in order to be able to display our Services to you. We also use the data for statistical evaluations to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of the website and ensuring
This is necessary to ensure the stability and operational security of the website and thus serves to protect a legitimate interest of our company.
We also use the data to fulfill our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. c GDPR.
2. Contact
If you contact us, e.g. by sending us an email or contacting us via our contact form, we store the contact data provided by you, such as name, address, email and the information provided in your request. In addition, we store the IP address of the user at the time of sending, as well as the date and time of registration.
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request on the legal basis of Art. 6 (1) sentence 1 lit. b GDPR. Insofar as you have consented to the processing for the purpose of answering your inquiry, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. Otherwise, we process your data to protect our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR for the proper response to customer/contact inquiries.
3. Registration
You can register on our Services and create a user account. For the registration you have to enter your e-mail address. After registration, you will receive an email to confirm the registration ("double opt-in"). As part of the registration process, we will provide you with the required mandatory data. The processed data includes in particular the login information ( e-mail address, password ).
Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so.
You can be informed about events relevant to your user account, such as technical changes, by e-mail. In connection with the registration, login and user account, we process the following data:
• Inventory data (e.g. name, address)
• Contact details (e.g. e-mail address, telephone number if applicable)
• Content data (e.g. entries in the online form)
• Device data (device name, country code (if applicable), language, operating system name and version)
• Connection data (IP address, mail provider)
• Date and time of registration and confirmation
Processing during registration is carried out on the basis of our legitimate interests for the execution and/or initiation of a user contract, for the provision of customer service, for the administration and/or answering of inquiries, as well as a security measure (legal basis: Art. 6 para. 1 p. 1 lit. b GDPR Contract performance.
If you have terminated your user account, your data with regard to the user account will be deleted, subject to any legal permission, obligation or consent on your part. It is up to you to save your data in case of termination before the end of the contract. Subject to any legal permission, obligation or consent on your part, we are entitled to irretrievably delete all data stored during the term of the contract.
4. Newsletter
You have the possibility to sign up for our newsletter. With our newsletter we inform you about us and our offers. To register for the newsletter, we need your e-mail address. If you register for the newsletter via our Services, your e-mail address will be transmitted to us (or our mail provider) and stored there. After registration, you will receive an email to confirm the registration ("double opt-in"). In this context, we process the following data:
• Inventory data (e.g. name, address)
• Contact details (e.g. e-mail address, telephone number if applicable)
• Content data (e.g. entries in the online form)
• Device data (device name, country code (if applicable), language, operating system name and version)
• Connection data (IP address, mail provider)
• Date and time of registration and confirmation
The dispatch of our newsletter is based on your prior express consent, Art. 6 para. 1 p. 1 lit. a GDPR. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in efficient and secure dispatch. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR.
You can revoke your consent to the processing of data for the purpose of sending the newsletter or the evaluation of the associated data at any time. The revocation can be done via a link contained in each newsletter or by sending a separate message to us.
5. Webshop
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your data, which we need for the purpose of processing your order. We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. The mandatory data required for the processing of contracts are marked separately, other data are voluntary. In this respect, we process, for example, inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category). The processing of customer data is carried out for the fulfillment of contracts concluded via the webshop on the legal basis of Art. 6 para. 1 p. 1 lit. b GDPR.
6. Cookies
On our website, we use cookies that are offered either by ourselves or by third parties.Cookies are small data sets that are stored on the end device used by you and saved by the browser. Cookies serve to make our offer more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our offers function properly or that you are recognized on your terminal device after successful registration ("necessary" cookies). By placing these necessary cookies, we make it easier for you to visit our offers and use the Services available there, for example.
We place other cookies to analyze user preferences and thus improve our offers ("advanced cookies"). We use these for purposes such as tracking (e.g. interest/behavior-based profiling), remarketing, visit action evaluation, conversion measurement, reach measurement (e.g. access statistics, recognition of returning visitors), target group formation and cross-device tracking. We only use non-essential cookies with your consent. When you visit our Services for the first time, a pop-up will be displayed ("cookie banner"), in which the individual cookies are described in more detail. You have the option there to allow or reject cookies according to your preferences. You can change your settings at any time here [LINK to cookie banner]. We would like to point out that the functionality of our Services may be limited if cookies are deactivated.
When using the cookies - depending on the browser settings - the following data is processed:
• Usage data (e.g. websites visited, interest in content, access times),
• Meta/communication data (e.g. device information, IP addresses)
• Location data (data indicating the location of an end user's terminal device).
If personal data is processed when using "necessary" cookies, this is based on Art. 6 para. 1 p. 1 lit. f GDPR due to legitimate interests of quality assurance and a technically flawless presentation of the website. The processing of personal data when using so-called "extended cookies" is based on your consent (Art. 6 para. 1 p. 1 lit. a GDPR).
7. PlugIns
On our website, we use so-called pixel tags (invisible graphics, also referred to as "web beacons") and other technologies of the third-party providers listed below for marketing purposes and the provision of our content. The "pixel tags" can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer as well as be linked to such information from other sources.
When pixel tags are used, usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) and location data are processed. We process this data for the purpose of displaying fonts, direct marketing (e.g. by email or postal mail), tracking (e.g. interest/behavioral profiling, use of cookies) and interest-based and behavioral marketing. The processing of this data is based on your consent, legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
· Google Maps, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.de/maps; privacy policy: https://policies.google.com/privacy; opt-out: https://adssettings.google.com/authenticated.
· Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
· Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://open.spotify.com/intl-de?; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/
· TikTok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland; Website: https://www.tiktok.com/; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
8. Social media
We are represented on the following social media platforms and process user data in this context in order to communicate with users active there or to offer information about us:
· Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
· Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://open.spotify.com/intl-de?; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/
· TikTok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland; Website: https://www.tiktok.com/; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
We point out that user data may be processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective social media providers. In the case of information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
VI. Data Storage and DeletionThe data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). This means that we only store your Data for as long as it is necessary for the respective processing purpose and limit the storage period to the minimum necessary. In addition, we only store your data if we are entitled or obliged to do so in accordance with statutory retention periods (e.g. in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO)).
Our privacy notices may also contain further information on the retention and deletion of data, which will take precedence for the respective processing operations.
V. Your Rights
You have the following rights:
• the right to information,
• the right to rectification or cancellation,
• the right to restrict processing,
• the right to data portability,
• the right to revoke any consent you have given with effect for the future.
• the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
To exercise the above rights, you can send us an email at [insert mail]. You also have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority.
VIII. Data Transfer / Third Country Transfers
We will only share your data with third parties if you have consented to this or if there is another legal basis. Insofar as we use third-party tools that process your data outside the EU/EEA (including Singapore and Indonesia, when you use our mobile app), we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are met and that your data is processed in the relevant third country in accordance with the European data protection standard. With regard to the United States, we rely on the Data Privacy Framework (DPF), provided that the respective recipient of the data is registered under the DPF with the U.S. Chamber of Commerce. In cases where there is no corresponding adequacy decision, we generally rely on the so-called EU Standard Contractual Clauses (SCC) that we conclude with the respective provider. In addition, in accordance with the requirements of the ECJ ("Schrems II"), a case-by-case risk analysis is carried out with regard to the respective third country transfer in order to ensure that your data is processed lawfully in the third country concerned and, in particular, that access to your data by state authorities is prevented.
IX. Linked Content
This Privacy Policy only applies to our Services. However, the Services may also contain external links or hyperlinks to websites of other providers. They are to be distinguished from our own content. This third-party content does not originate from us, nor do we have any influence on the content of third-party sites. If you are forwarded to other pages via links within the website, please inform yourself there about the respective handling of your data.
X. Profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
XI. Amendment of this Privacy Policy
Due to the further development of our Services and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this Privacy Policy.
Status: July 2024