Effective date: May, 1st, 2019
Kafé 421 (“us”, “we”, or “our”) operates the https://www.kafe421.com/ website (the “Service”). For users located in the European Economic Area, and to the extent applicable, Kafé 421 is the data controller and is responsible for the Personal Data (as defined below) of EEA users of the Services.
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
INFORMATION COLLECTION AND USE
We collect several different types of information for various purposes to provide and improve our Service to you.
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to provide the Service or perform the contract we have or are trying to enter into with you.
Types of Data Collected
While using our Service, we collect certain personally identifiable information that can be used (either alone or in combination with other information) to contact or identify you (“Personal Data”). We collect and use your Personal Data for the purposes set out below. The Personal Data we collect includes:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Location Data
- Cookies Data
When you sign in to our Service using a social media account, you give permission to the social media platform to share with us Personal Data.
We may also collect information about how you use and access the Service (for example, the duration of a page visit and your browsing journey, including where you entered the Service from and where you go from you exit) (“Usage Data”). This Usage Data includes information such as your device’s Internet Protocol address (i.e. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.
You can enable or disable location services when you use our Service at any time, through your device settings.
Tracking Cookies Data
USE OF DATA
Kafé 421 uses the data it collects for various purposes:
- To provide and maintain our Service and the services you sign up for;
- To notify you about changes to our Service;
- To allow you to participate in interactive features of our Service when you choose to do so;
- To provide customer support, including to respond to your queries and resolving complaints;
- To use data analytics to improve our Service, products/services, marketing, customer relationships and experiences – see “Analytics” below;
- To monitor the usage of our Service – see “Analytics” below;
- To administer and protect our business and the Service (including for accounting and records, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- To deliver personalized Service content and advertisements to you (including using third party service providers) and measure or understand the effectiveness of the advertising we (or such third parties) serve to you;
- To sell advertising space on the Service;
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information – see “Marketing” below;
- To comply with applicable laws and regulations.
We use Google Analytics to monitor and analyze the use of our Service. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. For more information on Google’s privacy practices, please see Google’s Privacy and Terms: https://policies.google.com/?hl=en
You can opt-out of having your data used by Google Analytics by installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
In relation to marketing communications, we may provide you with an “opt in” or “opt-out” mechanism depending on where in the world you are located. An “opt-in” mechanism will provide you the opportunity to positively indicate that you would like or do not object to our sending you such further communications and we will not send you any unless you have “opted-in”. An “opt-out” mechanism will provide you the opportunity to indicate that you do not want us to send you such further communications, and if you “opt-out” we will not send you any.
LEGAL BASIS FOR PROCESSING PERSONAL DATA UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
Generally, we process your Personal Data on the basis of one or more of the following legal grounds:
- We need to perform a contract with you;
- You have given us permission to do so;
- The processing is in our legitimate interests and it’s not overridden by your rights. Such “legitimate interests” include:
- to study how customers use the Service,
- to develop the Service and grow our business,
- to manage our business, including the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise,
- to inform our marketing and advertising strategy; or
- To comply with our legal and regulatory obligations.
We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data.
RETENTION OF DATA
We also retain Usage Data for internal analysis and statistical purposes. Usage Data is generally retained for a shorter period of time than other Personal Data, except when such data is used to strengthen the security of the Service or to improve the functionality of our Service, or we are legally obligated to retain such data for longer time periods.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
TRANSFER OF DATA
Your information, including Personal Data, may be transferred to — and stored on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ to those in your local jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that this information, including Personal Data, is processed in the United States.
Subject to applicable law, your use of the Service and your submission of such information constitutes your agreement to the transfer of your information to the United States.
DISCLOSURE OF DATA
Kafé 421 may share your Personal Data with the parties, or in the circumstances, set out below. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
- Service Providers: We may employ third-party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related activities, or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Disclosure for Law Enforcement: Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court, a government agency, or law enforcement organization).
- Legal Requirements: We may disclose your Personal Data to such third parties where such action is necessary to: comply with a legal obligation, protect and defend the rights or property of Kafé 421, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public, or protect against legal liability.
- Professional Advisors: We will share your Personal Data with our professional advisors, including legal advisors and insurers, where this is necessary for the advice they provide. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Advertising Partners: We may share your information with our advertising partners. Please see “Marketing” and “Behavioral Remarketing” above. This means that when you are on another website, you may be shown advertising based on your browsing patterns on the Service. We may also show you advertising on the Service based on your browsing patterns on other sites that we have obtained from our advertising partners.
SECURITY OF DATA
The security of your data is important to us, but no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
“DO NOT TRACK” SIGNALS UNDER CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CALOPPA)
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
If you are located in the EEA, and subject to national or local law exemptions, you have certain data protection rights in certain circumstances. Please contact us if you would like to exercise any of these rights.
- Right to withdraw consent at any time: This applies where we are relying on consent to process your Personal Data.
- Access: This enables you to receive a copy of the Personal Data we hold about you and to check that it is accurate and that we are processing it lawfully.
- Object: This enables you to object to processing of your Personal Data where we are relying on a legitimate interest and there is an impact on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override certain of your rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Correction: This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected, though we may need to verify the accuracy of the new Personal Data you provide to us.
- Erasure: This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Portability: This enables you to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Restriction: This enables you to ask us to suspend the processing of your Personal Data in the following circumstances: (a) if you want us to establish the information’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to the relevant EU Data Protection Authority about our collection and use of your Personal Data at any time. However, we would appreciate the opportunity to address your complaint in the first instance.
LINKS TO OTHER SITES
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Our Service does not address anyone under the age of 18 and we do not knowingly collect Personal Data from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.