Privacy policy
Privacy policy
We have appointed our data protection officer, that is a person whose tasks include monitoring
compliance with the General Data Protection Regulation (GDPR), other data protection regulations, as
well as ALL GOOD’s internal regulations regarding the protection of personal data.
Mr. Krzysztof Jankowski has taken the role of ALL GOOD’s Data Protection Officer (DPO).
You can contact the DPO by e-mail using the following address:
[email protected]
COFFEEDESK PRIVACY POLICY
(a) ALL GOOD S.A. with its registered office in Kołobrzeg (address: ul. Mazowiecka 24I / U9, 78-100
Kołobrzeg; registration: District Court in Koszalin, IX Commercial Division of the National Court
Register, number 773117; tax ID no.: 6711812675; share capital: PLN 285,515.80, fully paid-up; the
“Controller”, or “we”) is the controller of personal data processed on or via the website available at
b2b.coffeedesk.com (“Website”), including the Online Store operating on the Website. In the matter of
your (whether as a Customer or Customer's representative, or as another user of the Website) personal
data, you can contact the Controller at the following e-mail address:
[email protected]; you can
contact our data protection officer at:
[email protected].
(b) Your personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement of such data, and repealing Directive 95/46
/ EC (“GDPR”) and other provisions on the protection of personal data. Terms in the area of personal
data protection, such as “controller” or “personal data”, should be understood in accordance with their
definitions contained in the GDPR.
(c) We make every effort to protect the interests of data subjects, and in particular, we ensure that
the data we collect is: (i) processed in accordance with the law; (ii) collected for specified, lawful
purposes, and not subjected to further processing that would be incompatible with these purposes; (iii)
factually correct and adequate in relation to the purposes for which they are processed; and (iv) stored
in a form which permits the identification of data subjects for no longer than is necessary to achieve
the purpose of processing.
(d) Words, expressions, and acronyms not defined in this privacy policy (“Privacy Policy”) and beginning
with a capital letter (e.g., “Customer”, “Sales Agreement”, “Online Store”) should be understood in
accordance with their definitions contained in the Online Store Terms and Conditions, available at:
https://b2b.coffeedesk.com/terms-of-service/
2. Data processing. (a) Purposes of processing. Your personal data is processed by the Controller for
the following purposes and based on the following legal bases, namely:
|
PURPOSE |
LEGAL BASIS |
| I |
preparation, conclusion, and performance of the Sales Agreement or the provision of services related to the use of the Website, including the administration of complaints or similar obligations |
Article 6(1)(b) GDPR (alternatively, in the case of the Customer’s representative, the basis for the processing of their data is the Controller's legitimate interest, consisting in the possibility of contacting the Customer – Article 6(1)(f) GDPR) |
| II |
handling or maintaining (recording, archiving, etc.) communication exchanged through contact forms and contact tools (chat) available on the Website or by phone or email with the use of numbers or addresses indicated on the Website |
Article 6(1)(f) GDPR, when the legitimate interest of the Controller consists in providing answers to your question (alternatively, the basis for processing is the need to fulfill the legal obligation imposed on the Controller by law; for example, when the contact includes a request to exercise your rights under the GDPR – Article 6(1)(c) GDPR) |
| III |
establishing, pursuing, or defending against claims |
Article 6(1)(f) GDPR (strictly speaking, a legally justified interest of the Controller in establishing, pursuing, or defending against claims) |
| IV |
fulfilment of legal obligations incumbent on the Controller under tax and accounting regulations, including the obligation to archive contracts and settlement documents |
Article 6(1)(c) GDPR |
| V |
conducting analyzes, statistics, marketing activities, and sending commercial information by electronic means related to the functioning of the Website and business activities conducted by the Controller via the Website |
Article 6(1)(a) GDPR (alternatively, the Controller’s legitimate interest, recognized in Article 6(1)(f) GDPR, if you are a Customer, or Article 6(1)(b) GDPR, if the newsletter is delivered to you as an electronic service, in accordance with the relevant regulations) |
| VI |
solving technical problems related to the functioning of the Website, including providing help and support to Customers and other users of the Website in connection with using it |
Article 6(1)(f) GDPR |
(b) Data recipients. Data processed for the purposes indicated in Section 2(a) of this Privacy Policy
may be made available to other entities expressly authorized to do so, namely: (i) entities with whom
the Controller has entered into data processing agreements, ensuring appropriate, legally required
security standards, including entities providing IT services (e.g. hosting), accounting, banking, legal,
administrative, postal, courier services; (ii) the Controller’s employees or contractors who have been
trained, authorized, and obligated to maintain confidentiality and to comply with the provisions on the
protection of personal data; and (iii) public administration authorities or other entities authorized
under the provisions of law, in order to perform the obligations incumbent on them or on us.
(c) Types of processed data. We process the following personal data, namely:
|
CLASS OF DATA SUBJECT |
TYPE OF PERSONAL DATA |
| I |
Customer (or the Customer’s representative or other person acting for and on behalf of the Customer) |
Entrepreneur’s first and last name or business name and tax identification number; email address; contact telephone number; address (street, house number, apartment number, zip code, city, country) and delivery address |
| II |
User, including a user of the Website who is not a Customer |
IP address assigned to your computer or your ISP’s external IP address, domain name, browser type, access time, operating system type |
| III |
Adversary (for purposes related to the establishment, pursuit, and enforcement of potential claims) |
first name, last name, data concerning the use of the services, if the claim arises from the way the user uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered |
(d) Obligation to provide data. Provision of the personal data listed in Section 2(c) of this Privacy
Policy is voluntary yet necessary for the Controller to provide electronic services via the Website and
to conclude and perform a Sales Agreement. Without providing personal data it is impossible to conclude
and perform a Sales Agreement.
(e) Usage Data. In addition, we may process the following data that characterizes your use of the
services provided electronically through the Website (usage data): (i) network termination point
identifiers or ICT system you are using; and (ii) information about the beginning, end, and scope of
each use of services related to the operation of the Website.
(f) Automatic processing. Your personal data may be processed in an automated manner as part of the
marketing, analytical, and statistical activities of the Controller or other entities expressly
authorized to do so, for example to present advertisements and offers (discounts), also tailored to your
interests based on profiling. The Controller analyzes your activity in a simplified way, for example the
history of purchases and behaviors, and thus we can better address your preferences. You can disable
automated processing by configuring cookies yourself.
(g) Data Retention. Your personal data will be kept for the period necessary to achieve the goals
indicated in Section 2(a) of this Privacy Policy, namely: (i) for purposes related to the conclusion and
performance of the contract – until its termination; (ii) to handle communication – for the period
necessary to address a reported case, and beyond until an applicable statute of limitations expires;
(iii) to establish, pursue, or defend against claims – until an applicable statute of limitations
expires; (iv) for tax and accounting purposes or other purposes necessary from the point of view of
applicable law – for a period consistent with applicable law; and (v) in order to carry out the
activities indicated in Section 2(e) of this Privacy Policy – until you withdraw your consent, the
Controller’s or a third party’s legally justified interests are satisfied, or you object to the
processing of personal data.
3. Data subjects’ rights. (a) As a data subject, you have the right – within the limits set forth in the
provisions on the protection of personal data – to: (i) access your data and rectify it pursuant to
Articles 15 and 16 GDPR; (ii) be forgotten and to restrict data processing pursuant to Articles 17 and
18 GDPR; (iii) data portability pursuant to Article 20 GDPR; (iv) object to data processing pursuant to
Article 21 GDPR; and (v) withdrawal of consent at any time without affecting the lawfulness of
processing based on consent before its withdrawal, if data processing is carried out on the basis of
Article 6(1)(a) GDPR.
4. Miscellaneous. (a) The Website may contain links to other websites. The Controller is not responsible
for the privacy practices on those websites and the way they collect user data. We encourage you to read
such other websites’ applicable privacy policies. This Privacy Policy applies only to the Website.
(b) We use such technical and organizational measures to ensure the protection of the processed personal
data as appropriate to the threats and categories of data protected, and in particular, we protect the
data against unauthorized disclosure, removal by an unauthorized person, processing in violation of
applicable laws, and change, loss, damage or destruction.
(c) We provide the following technical measures to prevent the acquisition and modification of your
personal data sent electronically by unauthorized persons: (i) personal data is sent via the secure SSL
/ TSL protocol; (ii) personal data stored on the Administrator's servers are encrypted - protection
against physical access to the servers on which personal data is stored is provided by a reliable server
provider; (iii) encryption of data used to authorize the Customer; (iv) securing data against
unauthorized access; (v) access to the Customer Account only with the use of an individual login and
password created by the Customer; as well as (vi) granting access to data only to persons expressly
authorized to do so, for the purposes only indicated in the Privacy Policy.
(d) We reserve the right to update and change this Privacy Policy, especially in connection with changes
in the applicable law and our activities aimed at increasing the security of data subjects. With each
change, a new version of this Privacy Policy will appear on the Online Store website, indicating the
date of the change. We encourage you to monitor the current status of the provisions contained in this
Privacy Policy. By using the Website, you accept the provisions of this Privacy Policy.
5. Cookies. (a) Cookies should be understood to mean IT data, in particular text files, stored in the
user’s end devices. Those files make it possible to recognize the user's device, display a website
tailored to their individual preferences, maintain a session, etc. Cookies usually contain the name of
the website they come from, their storage time on the end device, and a unique number.
(b) Cookies are used to adapt the content of the Website to the user's preferences and to optimize the
use of websites. They are also used to create anonymous, aggregated statistics that help understand how
the user uses the Website – which permits improvement of their structure and content, without personal
user identification.
(c) We use four types of cookies: (i) “essential” – that is, cookies that contribute to the usability of
websites by enabling basic functions such as website navigation and access to website secure areas;
websites cannot function properly without these cookies; (ii) “preferences” – that is, files regarding
preferences and enabling websites to memorize information that changes websites’ appearance or
functioning, for example, the preferred language or the region in which the user is located; (iii)
“statistics” – files that help understand how various users behave on websites by collecting and
reporting anonymous information; (iv) “marketing” – files used to track users on websites in order to
display advertisements that are relevant and interesting to individual users and therefore more valuable
to publishers and third party advertisers.
(d) Users may define the scope of the use of appropriate cookies by expressing their consent. Depending
on the consented scope of the use of cookie technology, cookies may automatically collect various data
on the user's activity, as well as information about the location of the device used (if the selected
scope of use of cookies and consent allows it). If it is not possible to define the scope of the use of
cookies from the website level, the settings of the browser used by the user remain valid.
(e) The software used for browsing websites allows cookies to be placed on the end device, by default.
Such settings can be changed. Detailed information on the options available and ways of handling cookies
is available in the software (web browser) settings. Limiting the use of cookies may affect some of the
functionalities available on the Website.
------------------------------------------------------------------------------------------------------------------
Privacy policy valid until May 18, 2022
COFFEEDESK PRIVACY POLICY
This Privacy Policy shall constitute an integral part of the Terms of Service of the COFFEEDESK Online
Store dated 1.01.2017 (Terms of Service). Definitions of the terms used in this Privacy Policy have been
included in the Terms of Service. The provisions of the Terms of Service shall be applied accordingly.
1. PERSONAL DATA
1.1. Personal data provided by the Customer shall be processed by the Seller (i.e. All Good S.A. with
its registered office in Kołobrzeg at ul. Mazowiecka 24I/U9, entered in the register of entrepreneurs
under number KRS 0000435559, whose company files are kept by the District Court in Koszalin, 9th
Commercial Division of the National Court Register (KRS), identified with Tax Identification Number NIP:
6711812675 and National Business Registry Number REGON: 32128134100000, with share capital in the amount
of PLN 267,000.00), which is the personal data controller.
1.2. Personal data provided by Users within the frames of the Website are process by All Good S.A., the
Personal Data Controller, in accordance with the terms prescribed by Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”). Contact
with the Data Controller is available via e-mail at
[email protected] or via phone at +48 730 882 525
1.3. Personal data of Users will be processed for the period of 5 years from the time of deletion of the
Account and will be deleted upon the lapse of the said period, unless the processing of their data
results from another legal basis.
1.4. The scope of the processed personal data shall be determined by the scope of data completed by the
Customer and sent to the Seller means of a relevant form. Processing Customer’s personal data may
pertain to his/her e-mail address, first and last name, company name, phone number and computer IP
address.
1.5. Personal data of Customers shall be processed for the following purposes: (a) realization of legal
provisions, (b) creation of the Account, execution of the Order, provision of services by electronic
means, examination of filed complaints and other actions as specified in these Terms of Service, (c)
promotional and commercial actions of the Seller.
1.6. Providing the personal data shall be voluntary, but the lack of consent to process personal data
marked as obligatory shall prevent performance of services by the Seller.
1.7. The legal basis for processing personal data in the case referred to in clause 1.3(a) shall be the
statutory authorization to process data which are essential to act in accordance with the law, whereas
in the case referred to in clauses 1.3(b) and 1.3(c) it shall be the statutory authorization to process
data which are necessary to perform an agreement if a person to whom the data refer is a party to such
agreement, or if it is essential for undertaking certain actions prior to conclusion of the agreement
upon request of the person to whom the data refer, or a voluntary consent of the Customer.
1.8. Personal data of Customers may be transferred only for the purpose of performance of Sales
Agreements and agreements for provision of services by electronic means by the Seller to a hosting
company, a company providing accounting services to the Seller and a courier mail company. Personal data
collected by the Seller may also be disclosed to: competent state bodies upon their request on the basis
of relevant provisions of law, or other persons and entities–in the cases prescribed in the provisions
of law.
1.9. The entity processing Users’ personal data on the basis of the Transfer Agreement will process
Clients’ personal data from the effective date of GDPR through another entity only upon prior consent of
Personel Data Controler
1.10. Disclosing personal data to unauthorized entities under this Privacy Policy may take place only
upon a prior consent of Customer.
1.11. The Customer to whom such data pertain have a right to restrict the processing of data and the
right to portability of the personal data collected by Personal Data Controler and referring to the
Customers rights and to receive them in a structured form, to file a complaint to the supervisory
authority if the Customer finds that his/her data are processed in violation of the law, and to seek
legal remedies before a court against the supervisory authority as the entity committing the violation.
1.12. If the Seller was advised that the Customer uses the service provided by electronic means in a way
violating the Terms of Service or applicable provisions of law (unauthorized use), then the Seller may
process Customer’s personal data in the scope required for establishing the Customer’s liability.
1.13. The website may store http enquiries, therefore the files containing web server logs may store
certain data, including the IP address of the computer sending the enquiry, the name of Customer’s
station–identification through http protocol, if possible, date and system time of registration in the
Store and receipt of the enquiry, number of bytes sent by the server, the URL address of the site
visited by the Customer before if the Customer has entered the Store through a link, information
concerning Customer’s browser, information concerning errors occurred by realization of the http
transaction. Web server logs may be collected for the purposes of proper administration of the Store.
Only persons authorized to administer the IT system shall have the access to data. Files containing web
server logs may be analyzed for the purposes of preparing statistics concerning traffic in the Store and
occurring errors. Summary of such details shall not identify particular Customers.
1.14. Transfer of personal data to third countries will proceed in accordance with GDPR.
1.15. The use of the Website proceeds in secure https connection. The communication between a User’s
device and the servers is encoded by means of the SSL protocol. In the case of logging through external
platforms facebook.com or google.com, twitter.com, instagram. com, snapchat.com, youtube.com the level
of security is prescribed by https://www.facebook.com/legal/FB_Work_Privacy,
https://privacy.google.com/intl/en, https://twitter.com/en/privacy,
https://www.help.instagram.com/155833707900388
https://www.snap.com/en-US/privacy/privacy-policy/
2. INFORMATION SECURITY
2.1. The Seller shall apply technological and organizational means in order to secure processing the
personal data corresponding to the threats and category of data to be secured, in particular, through
technical and organizational means the Seller shall secure data against publishing to unauthorized
persons, taking over by an unauthorized person, processing in violation of the law and change, loss,
damage or destruction; among others the SSL (Secure Socket Layer) certificates shall be applied.
Customers’ personal data shall be collected and stored on a secured server; moreover, the data shall be
secured by Seller’s internal procedures related to processing personal data and information security
policy.
2.2. In order to log in to the Account, it shall be necessary to provide a relevant username and
password. For the purpose of ensuring an appropriate level of security, the password for the Account
shall exist in the Store only in a coded form. Furthermore, registration of and logging in to the
Account shall proceed in a secure https connection. Communication between the Customer’s device and the
servers shall be encoded using the SSL protocol.
2.3. At the same time the Seller states that using the Internet and services provided by electronic
means may pose specific teleinformatic threats, such as: presence and operation of worms, spyware or
malware software, including computer viruses, as well as possibility of being exposed to cracking or
phishing (fishing passwords) and other. In order to obtain detailed and professional information related
to the security in the Internet, the Seller recommends taking advice from entities specializing in such
IT services.
2.4. The Seller additionally applies within the Website all necessary technical measures as specified in
Articles 25, 30, 32–34, 35–39 of GDPR, providing for enhanced protection and security of the processing
of customers personal data.
3.COOKIES
3.1. For the purposes of a correct operation of the Store, the Seller shall use Cookies support
technology. Cookies are packages of information stored on the Customer’s device through the Store,
usually containing information corresponding to the intended use of particular file, by means of which
the Customer uses the Store–these are usually: address of the Internet service, date of publishing,
lifetime of a Cookie, unique number and additional information corresponding to the intended use of
particular file.
3.2. The Seller shall use two types of Cookies: session cookies, which are permanently deleted upon
closing the session of the Customer’s browser and permanent Cookies, which remain on the Customer’s
device after closing the session until they are deleted.
3.3. It is not possible to identify the Customer on the basis of Cookie files, whether session or
permanent. The Cookie mechanism prevents collecting any personal data.
3.4. Cookies used in the Store are safe for the Customer’s device, in particular they prevent viruses or
other software from breaking into to the device.
3.5. In many cases software designed to browse sites (a browser) allows for storing cookies on the
User’s device, insofar as the Customer selects such option in the browser settings. The Website Users
may at any time change the settings related to cookies. Such settings may be changed in particular so as
to block the automatic cookie support in the browser settings or to notify on each case of placing them
on the Website User’s device. Detailed information on possibilities and methods of cookie support is
available in the software (browser) settings.
3.6. Cookies placed on the Website User’s device may also be used by advertisers and partners
co-operating with the Website operator upon prior User’s consent given in the browser settings. In
accordance with the e-Privacy Regulation, the User may disable the storing of third-party cookies on
his/her device in line with the instructions of the browser producer. Failure to enable third-party
cookies and cookies other than session cookies may not cause lack of availability of the Website, in
part or in its entirety, for the Customer.
3.7. The Seller shall use own Cookies for the following purposes: authenticating the Customer in the
Store and preserving Customer’s session; configuration of the Store and adjusting the content of pages
to Customer’s preferences, such as: recognizing Customer’s device, remembering settings set up by the
Customer; Cookies ensuring security of data and use of the Store; analyses and researches of views;
advertisement services.
3.8. The Seller shall use Third-Party Cookies, as a prior consent of Customer for the following
purposes: authenticating the Customer in the Store and preserving Customer’s session; configuration of
the Store and adjusting the content of pages to Customer’s preferences, such as: recognizing Customer’s
device, remembering settings set up by the Customer; Cookies ensuring security of data and use of the
Store; analyses and researches of views; advertisement services.
3.9. The Customer may individually change Cookies settings at any time, stating the conditions of their
storage, through the Internet browser settings or configuration of the service. The Customer may also
individually delete Cookies stored on his/her device at any time in accordance with the instructions of
the browser producer.
3.10. Details concerning Cookies support are available in the settings of the browser used by the
Customer.
