1. Information about the collection of personal data and contact information of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal information when using our website. Personal information is any data with which you could be personally identified. This privacy policy is also valid for the website reachable on www.tohave.coffee.
1.2 The person responsible for the data processing on this website in terms of the data protection regulation (General Data Protection Regulation) is:
Name: Fabian Schmid
Address: Jurastrasse 19, CH-3013 Bern
Email: fabian@schmidbilder.ch
Telephone: +41 79 338 09 16
The person responsible for the processing of personal data is the natural or legal person who determines the purposes and means of the processing of personal data alone or jointly with others.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the person responsible), this website uses SSL or TLS encryption. You can see an encrypted connection to the string «https://» and the lock icon in your protocol.
2. Data collection when you visit our website
When you use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called «server log files»). When you call our website, we collect the following data that are technically necessary for us to display the Web page:
- our visited Web page
- date and time at the time of the access
- quantity of the sent data in byte
- source/reference, by which you arrived on the page
- used browser
- used operating system
- IP address
The processing takes place in accordance with Article 6 paragraph 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. We reserve the right however to check the server log files, later concrete evidence should point to an illegal use.
3. Cookies
In order to make your visit to our website more attractive, and to enable you to use certain functions, we use so-called cookies on certain pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the browser session, that is, after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us and our partner companies to recognise your browser on your next visit (persistent cookies). Used cookies, collect and process certain user information, such as browser – and location data, as well as IP address values in individual size. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie in question. Partly, the cookies serve to simplify the order process (e.g. saving the contents of a virtual shopping cart for a later visit to the web page) by storing settings. If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR to the implementation of the contract or in accordance with article 6 paragraph 1 lit. to preserve our legitimate interests in the best possible functionality of the Web site and a customer-friendly and efficient design of the page visit f GDPR.
We work with advertising partners, who help us to make our Internet offer for you interesting circumstances. For this purpose also cookies are stored in this case when you visit our website by partner companies on your hard drive (third-party cookies). You can set your browser so that you are informed about the use of cookies and decide individually on whether to accept them or to deactivate the acceptance of cookies, just in certain cases or completely. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explain how to modify your cookie settings. You can find these for the respective browser at the following links: Internet Explorer, Firefox, Chrome, Safari or Opera. Please note that for non-acceptance of cookies, the functionality of our website may be limited.
4. Contact
Personal data collected within the framework of the contact with us (e.g., via contact form or email). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored solely for the purpose of answering your request for contact and the associated technical administration and use. Legal basis for the data processing is our legitimate interest in answering your request in accordance with Article 6 paragraph 1 lit. f, GDPR). If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1). 1 lit. b, GDPR). Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no legal storage obligations to the contrary.
5. Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you inform us of this for the execution of a contract or when opening a customer account. The type of data that is collected can be seen from the respective input forms. It is possible to delete your customer account at any time and can be done by sending a message to the above-mentioned address of the responsible person. We store and use the data communicated by you to fulfilment of contractual obligations. After complete processing of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we will inform you accordingly below.
6. Use of your data for direct marketing (newsletter)
If you subscribe to our email newsletter (or notifications for new posts), we will send you regular information about our offers. The only mandatory information for sending the newsletter is your email address. Another possible information is voluntary and is used to personally talk to you. We use the so-called double opt-in procedure for sending the newsletter. This means that we only be sent an email newsletter, if you have explicitly confirmed that you consent to the sending of newsletters. With your registration you give us your consent for the use of your personal data according to Art. 6 Abs. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your email address at a later point in time. The data collected by us when registering for the newsletter will be used exclusively for the purposes of advertising in the form of the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by an appropriate message to us. After your cancellation, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data in excess thereof, which is permitted by law and about which we inform you in this declaration.
7. Data processing for order processing
To process your order we work together with the following service provider(s), which support us wholly or partly in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with delivery within the framework of implementing the contract, as far as this is necessary for delivering the goods. We will pass on your payment data to the commissioned credit institution within the framework of payment processing, if this is necessary for payment processing. If payment service provider are used, we inform thereof hereinafter referred to explicitly. The legal basis for the transmission of the data section is Article 6 1 lit. b, GDPR).
7.1 Using PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if available – «Purchase on account» or «Installment» via PayPal we give your payment details within the framework of the payment on the PayPal (Europe) S.a.r.l.. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter «PayPal»), further. The data is passed on in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – «purchase on account» via PayPal. For this purpose, your payment data will be processed, if necessary, in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with respect to the statistical probability of debt default for the purpose of deciding on providing the respective payment method. The credit information may contain probability values (so-called. score values). When score values are included in the results of the credit check, they are based on a scientifically recognised mathematical and statistical method. The calculation of the score values includes, but is not limited to, address data. Please refer to the Privacy Policy of PayPal for further information on data protection law, including the credit agencies used. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
7.2 Use of Stripe
If you choose a payment method of the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we pass on your order information (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number). Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. For information on the data protection of Stripe, click here.
8. Web analysis services
Google Analytics
This website uses Google Analytics, a Web analysis service of Google LLC, 1600 Amphitheatre Parkway, mountain view, CA 94043, USA («Google»). Google Analytics uses «cookies», which are text files stored on your computer. These enable the analysis of your website use. Cookie-generated information about your use of this website is usually transmitted to and stored in a Google server in the USA. This website uses Google Analytics exclusively with the extension «_anonymizeIp()», which ensures an anonymisation of the IP address by shortening and excludes a direct personal relationship. Your IP address will be truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened in exceptional cases. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes. On our behalf, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not conflated with other Google data. You may refuse the use of cookies by choosing the appropriate settings on your browser. However, please be advised that if you opt out of using cookies, you may not be able to use all the features of this website. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) and the processing of the data by Google by downloading and installing the browser plugin. As an alternative to the browser-plugin or within browsers on mobile devices click on the following link to set an opt-out cookie, future preventing the acquisition by Google Analytics within this Web site (this opt-out cookie works only in this browser and only for this domain, delete your cookies in this browser, you must click this link again): disable Google Analytics. Google LLC is headquartered in the United States certified for the U.S. European Data Protection Convention «Privacy Shield», which the compliance with the EU data protection guarantees. This website also uses Google Analytics for a device-independent analysis of visitor streams, which is carried out via a user ID. You can disable the device cross-analysis of your use in your account under «My data», «personal data». For more information about how Google Analytics handles user data, see Google’s privacy policy.
9. Tools and miscellaneous
Google Maps
On our website we use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA («Google»). Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us. Already when you call those bases, the map of Google maps is included in that, information is about your use of our Web site (such as Your IP-address) transferred to a server of Google in the USA and stored there. This is done regardless of whether Google provides an account that you are logged in, or if no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f GDPR on the basis of Google’s legitimate interests in the insertion of personalised advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Google LLC, based in the USA, is certified for the us-European data protection agreement «Privacy Shield», which guarantees compliance with the data protection level applicable in the EU. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google maps and hence the map display on this website may not be used. The terms and conditions of Google can be found here; the additional terms and conditions for Google maps can be found here. For detailed information on data protection in connection with the use of Google maps on the Internet page of Google or here.
Google Web Fonts
This site uses web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA («Google») to uniformly display fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. When you call up a page of our website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1)(f) DSGVO. If your browser does not support web fonts, a standard font is used by your computer. Google LLC, based in the USA, is certified for the us-European data protection agreement «Privacy Shield», which guarantees compliance with the data protection level applicable in the EU. For more information about Google Web Fonts, please see here and the Google Privacy Policy here.
Social Media Integration from Twitter
Our website uses a social media integration (“plugins”) by Twitter, which is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (“Twitter). The plugins are marked with a Twitter logo, for example, in the form of a “Twitter bird”. An overview of Twitter plugins and what they look like can be found here. When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Twitter’s servers. The content of the plugin is transferred from Twitter directly to your browser, which then embeds it into the page. By integrating the plugin, Twitter receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Twitter account or are not currently logged in to Twitter. This information (including your IP address) is transmitted from your browser directly to a Twitter server in the USA or Ireland and stored there. If you are logged in to Twitter, Twitter can link your visit to our site to your Twitter account directly. If you interact with the plugins, for example by pressing the “Twitter” button, this information is also transmitted directly to a Twitter server and stored there. The information can also be published on your Twitter account and displayed to your contacts there. Please see Twitter’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Twitter, as well as your rights and settings/options for protecting your privacy. If you do not want Twitter to link the data collected on our website to your Twitter account, you should log out of Twitter before visiting our website. You can completely block the loading of Twitter plugins with add-ons for your browser, for example with the script blocker “NoScript”.
Social Plugin from Facebook
On our site, so-called social plugins (“plugins”) of the social network Facebook are used, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the words “Social plugin from Facebook” or “Facebook social plugin”. You can find an overview of the Facebook plugins and what they look like here. When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transferred from Facebook directly to your browser, which then embeds it into the page. By integrating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, it can directly link your visit to our site to your Facebook profile. If you interact with the plugins, for example by pressing the “like” button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also posted on your Facebook profile and displayed to your Facebook friends. Please see Facebook’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings/options for protecting your privacy. If you do not want Facebook to link the data collected on our website to your Facebook account, you should log out of Facebook before visiting our website. You can also completely prevent the loading of the Facebook plugins with add-ons to your browser, for example “Facebook Blocker”.
Social Media Plugin from Pinterest
Our website uses a social media integration (“plugins”) by Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The plugins are marked with a Pinterest logo, for example, in the form of a “P”. An overview of Pinterest plugins and what they look like can be found here. When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Pinterest’s servers. The content of the plugin is transferred from Pinterest directly to your browser, which then embeds it into the page. By integrating the plugin, Pinterest receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Pinterest account or are not currently logged in to Pinterest. This information (including your IP address) is transmitted from your browser directly to a Pinterest server in the USA or Ireland and stored there. If you are logged in to Pinterest, Pinterest can link your visit to our site to your Pinterest account directly. If you interact with the plugins, for example by pressing the “Pinterest” button, this information is also transmitted directly to a Pinterest server and stored there. The information can also be published on your Pinterest account and displayed to your contacts there. Please see Pinterest’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Pinterest, as well as your rights and settings options for protecting your privacy. If you do not want Pinterest to link the data collected on our website to your Pinterest account, you should log out of Pinterest before visiting our website. You can completely block the loading of Pinterest plugins with add-ons for your browser, for example with the script blocker “NoScript”.
Social Media Plugin from Tumblr
Our website uses a social media integration (“plugins”) by Tumblr, which is operated by Tumblr, Inc., 770 Broadway, New York, NY 10003, USA (“Tumblr”). The plugins are marked with a Tumblr logo, for example, in the form of a “Tumblr t”. An overview of the Tumblr plugins and what they look like can be found on the Tumblr website. When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Tumblr’s servers. The content of the plugin is transferred from Tumblr directly to your browser, which then embeds it into the page. By integrating the plugin, Tumblr receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Tumblr account or are not currently logged in to Tumblr. This information (including your IP address) is transmitted from your browser directly to a Tumblr server in the USA and stored there. If you are logged in to Tumblr, Tumblr can link your visit to our site to your Tumblr account directly. If you interact with the plugins, for example by pressing the “Tumblr” button, this information is also transmitted directly to a Tumblr server and stored there. The information can also be published on your Tumblr account and displayed to your contacts there. Please see Tumblr’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Tumblr, as well as your rights and settings options for protecting your privacy. If you do not want Tumblr to link the data collected on our website to your Tumblr account, you should log out of Tumblr before visiting our website. You can completely block the loading of Tumblr plugins with add-ons for your browser, for example with the script blocker “NoScript”.
Social Media Plugin from Instagram
Our website uses so-called social plugins (“plugins”) by Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example, in the form of an “Instagram camera”. An overview of the Instagram plugins and what they look like can be found here. When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Instagram’s servers. The content of the plugin is transferred from Instagram directly to your browser, which then embeds it into the page. By integrating the plugin, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not currently logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can link your visit to our site to your Instagram account directly. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information can also be published on your Instagram account and displayed to your contacts there. Please see Instagram’s privacy policies for the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and settings options for protecting your privacy. If you do not want Instagram to link the data collected on our website to your Instagram account, you should log out of Instagram before visiting our website. You can completely block the loading of Instagram plugins with add-ons for your browser, for example with the script blocker “NoScript”.
Vimeo
On some of our pages we embed Vimeo videos. Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA is the operator of the corresponding plug-ins. When you visit a page with the Vimeo plugin, a connection to Vimeo servers is established. Vimeo will be informed which pages you visit. If you are logged into your Vimeo account, Vimeo can assign your surfing behavior to you personally. You can prevent this by logging out of your Vimeo account beforehand. If a Vimeo video is started, the provider uses cookies that collect information about user behavior. Vimeo stores non-personal usage information in cookies. If you want to prevent this, you must block the saving of cookies in your browser. Further information on data protection at «Vimeo» can be found in Vimeo’s data protection declaration.
YouTube
On some of our pages we embed YouTube videos. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the operator of the corresponding plug-ins. When you visit a page with the YouTube plugin, a connection to Youtube servers is established. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. If a YouTube video is started, the provider uses cookies that collect information about user behavior. If you have deactivated the storage of cookies for the Google Ad program, you will not have to reckon with such cookies when viewing YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the saving of cookies in your browser. Further information on data protection at «Youtube» can be found in Google’s data protection declaration.
10. Rights of the affected parties
The applicable data protection law grants you comprehensive rights of data subjects (rights of information and intervention) vis-a-vis the data controller with regard to the processing of your personal data, about which we inform you below:
- Right to information in accordance with article 15 GDPR: in particular, a right to receive information, have your personal data processed by us, the purposes of the processing, the categories of processed personal data, the recipients or categories of recipients; to which your data were disclosed or are the existence of a right to correction, cancellation, constraint processing, object to the processing, the planned storage period or the criteria for the determination of the storage period, complaint to a supervisor, the origin of your data, if it is not collected by us when you, the existence of an automated decision making including profiling, and any meaningful information about the involved logic and the specific scope and the intended effects of such processing, as well as your right to be informed as to which guarantees exist in accordance with article 46 GDPR in forwarding your data to third countries;
- Right of rectification in accordance with article 16 GDPR: you have the right incorrect data relating to you for immediate rectification and/or completion of your incomplete data stored by us.
- Right to cancellation in accordance with article 17 GDPR: you have the right to require the deletion of your personal data when the conditions of article 17 para. 1 GDPR. This right however in particular then does not exist, if the processing to the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to claim, exercise or defence of legal claims is required;
- The Right to restrict the processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data contested is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims, after we no longer need this data after the purpose has been achieved or if you have filed an objection for reasons of your particular situation, as long as it has not yet been determined whether our legitimate reasons predominate;
- If you have exercised your right to have the responsible party correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. It is your right to have the responsible party inform you regarding such recipients.
- You have the right to receive the personal data you have provided to us in a structured, current and machine-readable format or to request its transfer to another responsible person, insofar as this is technically feasible.
- Right to revoke consents granted in accordance with Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data at any time with effect for future for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its revocation.
- Right of appeal under Art. 77 GDPR: If you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspected infringement, without prejudice to any other administrative or judicial remedy.
11. Right of objection
When we process your personal data in the framework of interests as a result of our overriding legitimate interest, have you at any time right for reasons arising from your particular situation to the processing to file an opposition with effect for the future. If you exercise your right of objection, we end the processing the affected data. We will however continue processing the data if we have demonstrably compelling reasons for processing which are in need of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If your personal data are processed by us in order to participate in direct marketing, you have the right at any time object to the processing of personal data relating to you for the purpose of such advertising. You can object as described above. If you exercise your right of objection, we end the processing the affected data.
12. Duration of the retention of personal data
The duration of the retention of personal data shall be determined on the basis of the respective statutory retention period (e.g., trade and tax retention periods). After the deadline, the data are routinely deleted when they are no longer necessary for the performance of the contract or contract and/or continues on our part no legitimate interest in the further storage.
Bern, May 24, 2018.