Privacy Policy
Colombian Royal Reserve attaches great importance to the protection of your privacy and your personal data as well as the necessary data security and, therefore, collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the provisions of the EU General Data Protection Regulation and with applicable national data protection law.
I. Name and address of the controller
The controller, within the meaning of the EU General Data Protection Regulation (“GDPR”) and other national data protection laws of EU member states as well as other provisions in with regard to data protection, for the operation of the Café Royal website and online shop (hereinafter "website" or "shop") is:
Delica AG
Hafenstraße 120
CH-4127 Birsfelden
phone: +41 800 506 506 (Switzerland)
Email: info@cafe-royal.com
(hereinafter referred to as "the company" or "we").
Contact person responsible for data protection, in particular for questions concerning the collection, processing or use of your data as well as for asserting your rights as a data subject (information on data, deletion of data or objection to the data processing), you can contact us by e-mail or by post at the above-mentioned contact details or at our data protection officer. You can also obtain information about your personal data at any time and free of charge using the contact details provided.
II. Name and address of Data Protection Officer and EU/EEA representative
You can reach the data protection officer of the data controller at the following address:
Data protection Café Royal Reserve
You can contact the EU/EEA representative of the responsible person at the following address:
III. Your personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). It is not necessary to communicate your personal data to us when consulting our website. Only personal data will be collected (such as your name, your telephone number, your postal and e-mail addresses as well as your date of birth) that you voluntarily provide to us or whose collection you have agreed to. Please refer to points “VI. Provision of the website and creation of log files/log files” and “VII. Use of cookies” for technically necessary data.
IV. General information on data processing
1. Scope of personal data processing
We process the personal data (hereinafter also referred to as "data") of website visitors insofar as this is necessary for the provision of a functional website as well as our shop contents and services. .
The processing of personal data of visitors to our website is regularly carried out only after the user's consent to the processing as well as the completion of the management of the purchase and order process. An exception applies in cases where data processing is permitted by legal provisions or is technically necessary.
As a visitor, you have the possibility to decide for yourself whether or not you wish to give your consent to the collection and processing of your personal data by the use of technical measures by means of our consent management platform. (abbreviated “CMP”), which is controlled by you via our cookie banner (see section “V. Data protection settings via ACRIS”). We make the technical measures involved and the recipient of your data transparent in our CMP. We draw your attention to the fact that certain data processing is necessary for the construction and guarantee of the security of our website, as well as to the fact that it is technically necessary for the various data processing operations, so that consent to this data processing is not possible.
The communication of your data is not required by law, but it is necessary to create the customer account and to order and deliver the goods and services. Without the data necessary for order processing, we cannot process the order you have placed via the shop. By marking the obligatory fields, we indicate to you which data are absolutely necessary for the processing of the order, the creation of the customer account, the subscription to our newsletter or the participation in a competition.
2. Legal basis for the processing of personal data
If we request consent from the data subject for processing personal data, Article 6(1) sentence 1(a) GDPR serves as the legal basis.
The legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a contracting party is Article 6 (1) sentence 1 (b) GDPR. This also applies to the processing procedures necessary for the execution of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Article 6 (1) sentence 1 (c) GDPR constitutes this. the legal basis.
In the event that the vital interests of the data subject or any other natural person make the processing of personal data necessary, Article 6 (1) (d) of the GDPR constitutes the legal basis for this.
If processing is necessary to pursue a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Article 6, Paragraph 1, sentence 1, point f) of the GDPR constitutes the legal basis for the processing.
3. Data erasure and retention period
The personal data of the data subject are deleted or blocked as soon as the purpose for their storage no longer exists. Storage may take place beyond this framework when this has been provided for by the European or national legislator in regulations, laws or other provisions of Union law to which the controller is subject. A blocking of further data processing or a deletion of the data also takes place upon expiry of the statutory retention periods, unless it is necessary to store the data for the fulfillment of a contract.
V. Data protection settings via ACRIS
We use a Consent Management Platform (or "CMP" for short), which is a system that governs the use of third-party providers, technical measures, and cookies through granted or denied consent, services of ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz, Austria (hereinafter “ACRIS”).
The CMP guarantees that no measure subject to the obligation of consent is taken or executed without prior consent. For this purpose, our CMP processes the following data for the provision and management of the CMP:
(1) Your anonymized (hashed) IP address when collected by ACRIS,
(2) A randomly generated unique identifier,
(3) Your given consents or your individual privacy settings, which are stored in a cookie consent text file,
and uses both the local memory (also called Local Storage) of your end device and the setting of several consent cookies to store this information locally.
The retention period is the period during which the data processed by the CMP is stored for the purpose of consent management. Data relating to consent (consent given and revocation of consent) are kept for 30 days. During this period, no new consent is required, unless new systems are introduced or if, due to legal or statutory framework conditions, it is necessary to obtain new consent.
The purpose of data processing by ACRIS is to provide and manage the consents given by visitors to our website in a data protection compliant manner. The purpose of using ACRIS is to provide informed consent of the website visitor, proof of consent given and not given, as well as administration of individual data protection settings of visitors to our website. The processing is carried out with the aim of obtaining the consent of the website visitor, providing options for revocation and objection, providing proof of the consent obtained (time of consent, end device used) and identifying the user to manage their individual data protection settings.
The use of a consent management platform and the management and storage of your consents to the processing of your personal data are based on our legal obligation to provide a website that complies with the Data Protection Regulation (article 6, paragraph 1, sentence 1, point c) of the GDPR). The legal basis for the use of the service provider ACRIS is also Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consent as well as in the monitoring of our analytics campaigns based on your consent through the use of specialist processors and the associated technical implementation.
The processing of data to provide a CMP solution is mandatory for the operation of the website. The user has no right of objection as long as we are legally obliged to obtain the user's consent for certain data processing.