Privacy Policy - My Coffee CR

1. Introduction

At My Coffee CR (accessible at mycoffeecr.com), we are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Transparency and accountability are central to our data practices. We encourage you to read this Policy carefully to understand how your personal information is handled.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all visitors, users, and others who access or interact with mycoffeecr.com. My Coffee CR acts as the Data Controller for the personal data collected from users of this website, meaning we are responsible for determining the purposes and means of the processing of your personal information.

For any questions regarding data protection, you may contact us via [email protected].

3. Categories of Personal Data We Process

We may collect, use, store, and process the following categories of personal data:

a) Usage Data – including IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, visit duration, pages viewed, and navigation paths.

b) Account Data – data provided when creating an account, including your full name, postal address, email address, and telephone number.

c) Profile Data – includes information about your preferences, saved settings, shopping behavior, and purchase history.

d) Communication Data – includes all correspondence, support tickets, email communications, and contact form submissions with our customer support team.

e) Technical Data – information related to the devices you use to access our site, such as unique device identifiers, internet connection details, and technical configuration.

f) Transaction Data – includes your payment information, billing address, delivery instructions, order details, and transaction history.

g) Preference Data – includes your response to marketing and promotional materials, communication preferences, and product or service interests.

4. Legal Bases for Processing

We process your personal data lawfully based on the following legal grounds:

– Contractual necessity: to perform our obligations and deliver services you request (e.g., account management, order fulfillment).
– Consent: when you voluntarily provide your information for specific uses (e.g. newsletters, promotional emails).
– Legitimate interests: such as improving our services, fraud prevention, and network security.
– Legal obligation: where necessary for compliance with applicable laws and regulations.

5. Your Data Protection Rights

Under applicable data protection laws, you have the following rights:

– Right of Access: To request a copy of your personal data we hold.
– Right of Rectification: To request correction of inaccurate or incomplete data.
– Right of Erasure: To request deletion of your personal data, subject to statutory or legitimate business requirements.
– Right to Restrict Processing: To limit the way we process your data under certain conditions.
– Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to request transmission to another controller.

California residents may also have additional rights under the CCPA, including the right to opt-out of the sale of personal information (note: we do not sell your personal data).

To exercise any of your rights, please contact us at [email protected].

6. Security Measures

We apply a range of security measures to protect your personal data, including:

– HTTPS secure connection and data encryption in transit and at rest;
– Role-based access controls and authentication protocols;
– Regular security monitoring and system updates;
– Backups and disaster recovery solutions;
– Staff training on data protection and confidentiality.

While no system is entirely immune from security threats, we maintain robust technical and organizational safeguards.

7. International Data Transfers

Where your personal data is transferred outside of the European Economic Area (EEA), we ensure an adequate level of protection through:

– The use of Standard Contractual Clauses approved by the European Commission;
– Binding Corporate Rules or equivalent safeguards in compliance with applicable regulations;
– Ensuring that third-party service providers uphold adequate data protection standards.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods include:

– Account and transaction data: retained for 7 years following your last transaction for legal and tax purposes.
– Communication and support data: retained for 3 years following final contact.
– Profile and preference data: retained for up to 2 years of inactivity or until you request deletion.
– Usage and technical data: retained for 12 months, unless anonymized for analytics purposes.

Upon expiry of the retention period, your data is securely deleted or anonymized.

9. Cookie Policy

mycoffeecr.com uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and offer personalized content. Categories include:

– Essential Cookies: Required for basic website functionality and navigation.
– Functional Cookies: Enhance usability and allow preference settings to be remembered.
– Analytics/Performance Cookies: Collect information about how visitors use the website to improve performance.
– Marketing Cookies: Used to deliver targeted advertising or measure campaign effectiveness.

You may access additional details via our dedicated Cookie Declaration, available on our site.

10. Cookie Management and Compliance

In compliance with GDPR and CCPA guidelines:

– When you visit our site, a cookie consent banner will appear, allowing you to manage your preferences.
– You may withdraw consent at any time through our cookie settings or by clearing cookies from your browser.
– Users from California may also opt-out of data sharing via the “Do Not Sell My Personal Information” link where applicable.

11. Protection of Children’s Privacy

mycoffeecr.com is not intended for use by children under the age of 13. We do not knowingly collect or solicit personal data from children. If we become aware that we have gathered personal data from a child under 13 without verified parental consent, we will promptly delete such information. Parents or guardians who believe that their child has provided personal information should contact us using the details provided below.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy from time to time to reflect changes in our practices or applicable regulations. Significant changes will be communicated to you where appropriate, through our website or via email, in accordance with applicable law. Continued use of the site following any changes will constitute acceptance of the updated terms.

13. Contact Us

If you have any questions, comments, or privacy-related concerns, please contact us at:

Email: [email protected]
Website: https://mycoffeecr.com

We are committed to complying with the GDPR, CCPA, and all relevant privacy legislation. Your trust matters to us, and we remain dedicated to protecting your data and respecting your privacy rights.