Espresso House Privacy Highlights
Espresso House Group is an international chain of coffee shops who is passionate about coffee and service. We understand that you are aware and care of your personal privacy interest and this privacy notice describes our policies and practices regarding the collection and use of your personal data and sets forth your privacy rights. We take your privacy seriously and will from time to time update this privacy notice as we undertake new personal data practices or adopt new privacy policies.
- This website is operated by Espresso House Group AB, reg no.: 559014-3748 (“Espresso House”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Södergatan 24, 211 34, Malmö, Sweden.
- Through this website you may learn about our products and services, order catering, submit a job application, sign up for our newsletter and order different coffee and tea related products.
- Certain sections of the website require that you provide us with some information about yourself. Such sections may include, for example, the page for recruitment when you submit a job application with us, or the page for ordering catering. These sections may ask you to provide information such as, but not limited to, your name, your email and your address.
- We are part of an international group of companies and share administrative systems. We may therefore share some or all of your personal data with affiliates for administrative purposes, or for the legitimate business purposes described below.
- If you have any questions or concerns, please contact us at firstname.lastname@example.org.Last Revised: [2018-05-25]
Privacy Notice Full Text
Last Revised: [2018-05-25]
- Table of Contents
- Our principles
- Personal data that we collect
- How and why we use your personal data
- When and how we share information with others
- Data subject rights
- Security of your information
- Data storage and retention
- Changes and updates to the Privacy Notice
- Questions, concerns or complaints
Welcome to espressohouse.com! Espresso House is an international chain of coffee shops who is passionate about coffee and service! This website is operated by Espresso House Group AB, reg. no.: 559014-3748 (“Espresso House”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Södergatan 24, 211 34, Malmö, Sweden. This Privacy Notice is therefore applicable on the websites and services provided by Espresso House Group AB, reg no.: 559014-3748, as well as Espresso House’s affiliates.
Espresso House Group AB consist of Espresso House Sweden AB (Sweden), Espresso House Norge AS (Norway), Espresso House Norge Drift AS (Norway), Espresso House Finland OY (Finland), Baresso Coffe AS (Denmark), [Balzac Coffee] (Germany), Johan & Nyström Kafferostare & Tehandlare AB (Sweden) and its affiliates Dear Tea Society AB (Sweden) and Johan & Nyström OY (Finland).
Through this website you may learn about our products and services, order catering, submit a job application, sign up for our newsletter and order different coffee and tea related products.
We recognise that privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
2. Our principles
- We do our best to protect your privacy by using security technology appropriately. This means that:
- We make sure that we have appropriate security measures to protect your information; and
- We make sure that when we ask another organisation to provide a service for us, they have appropriate security measures.
- We will respect your privacy. You should receive marketing (whether by email, post, SMS or telephone) only from us and, if you agree, from other organisations we have carefully chosen.
We will make sure it is clear when you can make choices regarding our marketing to you. When you place an order with us, we may offer you certain additional products, such as our email newsletter. You will always have the option to opt out of receiving these extra products if you do not wish to receive them. However, we may email you, or send you an SMS, occasionally with information or questions about your order.
- We will collect and use individual user details only if we have your permission or we have sensible business reasons for doing so, such as collecting enough information to manage orders or subscriptions.
- We will be clear in our dealings with you as to what information about you we will collect and how we will use it.
- We will use personal information only for the purposes for which it was originally collected, and we will make sure we delete it securely.
If we or our service providers transfer any information out of the European Union and European Economic Area (EEA), it will only be done with the relevant protection (stated under applicable data protection legislation) being in place.
3. Personal data that we collect
Collection of personal data
EH collects personal data about its customers and website visitors. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our products and services. For more on this, see Section 5.
Personal data you provide to us
When using certain functions of the website, you provide us with personal information directly. When you place a catering order or submit a job application with us we will ask you to provide the following information:
- your name and/or company name
- your email address;
- your mobile phone number; and
- your shipping and/or billing address.
When applicable we may also ask you to provide us with additional information, such as debit or credit card information, or previous work experience.
When you visit our website, we collect certain information about you, for the purposes described in section 4.
Your correspondence with Espresso House
If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence and the information contained in it (such as name, email, contact information and any personal identifiable information you provide in free text form) and use it to respond to your inquiry; to notify you of publications or other services; or to keep a record of your complaint, question, request, and the like. As always, if you wish to have Espresso House “erase” your personal information or otherwise refrain from communicating with you, please contact us at email@example.com.
Note: if you ask Espresso House not to contact you by email at a certain email address, Espresso House will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.
What happens if you do not provide us with your data
You can use our website without providing us with your personal data. However, you will not be able to submit a job application or order catering without providing Espresso House with essential data for the performance of the contract.
You can choose to only enter the minimal amount of mandatory information when making a purchase.
4. How and why we use your personal data
We use your personal data for the purposes described below.
Managing orders: When you place a catering order with us, we need certain information to manage and complete your order. For the purposes of delivering your order, contacting you with information about your order, as well as administering your payment, we process your name, your contact information, as well as any additional necessary information such as billing address or credit card details.
Providing you with relevant marketing – browsing our sites: When you browse our website, we collect information about what you click on. This information is stored and saved, so we will recognise you when you return to our website at a later date. We do this so we can better understand your preferences and interests, so that we can show you relevant content on our site. If you for example have browsed a certain section of our website before, you may see advertisement from specific products from that section next time you visit the website, since we believe that these are products you will be particularly interested in.
Providing you with relevant marketing – email and post: When you place an order with us, either with our catering service, or in our product shop, you will be asked to provide us with information such as your email address and your shipping address. This information will be used for, in addition to the purpose of managing your order, marketing purposes. We appreciate you as a customer, and we hope that you will keep coming back to Espresso House. To keep you updated about Espresso House we will send you newsletters and advertisement about our products and services. We may also offer you our newsletter, free of charge. If you do not wish to receive these offers, you will always have the option to opt out of receiving them, by not clicking relevant boxes when you are asked to provide your email or shipping/billing address. If you first wish to receive these offers and newsletters, but then change your mind, you can always contact us at [insert contact info] to manage or cancel your subscription.
Providing you with relevant marketing from our affiliates and business partners: We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email and/or your billing/shipping address, you may receive marketing from our affiliates and other companies you might be interested in. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.
Security: We use data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.
Customer support/Communication with you: As is mentioned above in section 3, certain information that you provide to us when you contact us is stored and processed in order to best manage your inquiry with us. Additionally, when you place an order with us, or submit a job application, your contact information will be stored in order for us to quickly gain access to your order details, so we can help you with your inquiry as effectively as possible.
Other Purposes: If we intend to use any personal data in any manner that is not consistent with this Privacy Notice, you will be informed of such anticipated use prior to or at the time the personal data is collected, or we will obtain your permission subsequent to such collection but prior to such use.
5. When and how we share information with others
We share your personal data with your consent or as necessary for the completion of any transaction or for the performance of any contract, or when we have legitimate business reasons for doing so.
When you provide payment data to pay for your purchases through our website, we will share this payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
For the purpose of managing your order, or managing our recruitment process, we may disclose your personal information to our affiliates and service partners (i.e. companies we’ve hired to provide customer support, hosting our systems, assist in protecting and securing our systems, or assist us in our recruitment processes) that are entrusted to process your information on our behalf and in accordance with our instructions, this Privacy Notice and other appropriate measures for privacy and security.
We may also disclose your personal information to third parties if we have good reasons to believe that access, use, retention or disclosure of such information is reasonable necessary to:
- comply with any court order, governmental order or decision, or other legal obligation,
enforce or apply our agreements,
manage and maintain the security of our products, including preventing or stopping an attack our computer system or network, and
protect the rights, property, or safety of Espresso House, its customer, its franchisees, or others.
6. Data subject rights
Espresso House complies with current data protection laws in the European Union, which, when applicable, include the following rights:
- You are free to request access to a record of your processing (as defined in the law), and you have the right to access to a copy of your personal data, request a correction and, in certain circumstances, deletion of your personal data,
- You are entitled to request restriction, and object to the processing, of your personal information which has as its basis our legitimate interests,
- You have the right to file a complaint with a data protection authority.
- The Swedish Data Protection Authority (Sw. ‘Datainspektionen’) is the authority in Sweden that oversees how we as a company comply with relevant data protection legislation.
- The Danish Data Protection Authority (D. “Datatilsynet”) is the authority in Denmark that oversees how we as a company comply with relevant data protection legislation.
- The Finnish Data Protection Authority (FI. ‘Tietosuojavaltuutetun toimisto’) is the authority in Finland that oversees how we as a company comply with relevant data protection legislation.
- The Norwegian Data Protection Authority (NO. ‘Datatilsynet’) is the authority in Norway that oversees how we as a company comply with relevant data protection legislation.
- If processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.
- You are entitled to request that we provide your personal information to another organisation responsible for processing your personal data (controller) in cases where our right to process your personal data is based either on your consent or performance of an agreement with you.
You will have reasonable access to your personal information at no extra cost, if you request this via firstname.lastname@example.org. If we cannot provide you with this within a reasonable time frame, we will provide you with a date for when the information can be provided. If such access is denied, we will explain to you why access has been denied.
When processing your personal information, we will do so in cooperation with our affiliates in order to offer you the products and services you use and have ordered, operate our business, meet our contractual and legal obligations, protect our systems and customers, or meet the legitimate interests as described in detail in the sections „How and why we use your personal data“ and „When and how we share information with others“ above. When we transfer personal data from the European Union, we make it based on a number of legal mechanisms, as described in the section „Data storage and retention“
To what extent do we use automated individual decision-making (including profiling)?
As a rule, we do not make decisions based on automated processing and profiling that will have legal effect for you as defined in Article 22 GDPR. If, in the future, we were to use such procedures on a case-by-case basis, we will inform you separately and request your consent before such new use of your personal data, to the extent required by law.
Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)
1. Right to object to processing which is based on our legitimate interests.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on article 6 (1) f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
If you choose to refrain from receiving interest-based advertising, it does not mean that you will no longer see advertisements on our web sites without the advertisements displayed will not be appropriate for you and therefore, are perceived as less relevant. See more under the section „Data subject rights“ below.
2. Right to object to the processing of data for marketing purposes. In certain cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer processes your personal data for such purposes. There are no formal requirements for lodging an objection; where possible it should be made by [insert link to webpage for objection, or relevant email].
Note: if you ask Espresso House not to contact you by email at a certain email address, Espresso House will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.
7. Security of your information
To help protect the privacy of data and personally identifiable information you transmit through use of our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis.
We restrict access to your personal data to those employees who need to know this information to provide services to you or to administer our systems. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
We commit to taking appropriate disciplinary measures to enforce our employees‘ privacy responsibilities.
8. Data storage and retention
Personal data handled by Espresso House is stored and processed in the region in which you live, in Sweden or in other European countries where Espresso House, its affiliates, subsidiaries, partners or suppliers are active. We take steps to ensure that the information we collect in accordance with this Privacy Notice is dealt with in accordance with the provisions of this Notice and in accordance with applicable laws where the information is available.
If we were to transfer your personal data to third countries, i.e. Countries outside the EU / EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements.
Espresso House retains personal data for as long as necessary to be able to provide you with our services, and to fulfil the purposes set out in section 4 above. Different types of data may be stored different amounts of time, due to certain criteria.
The criteria that determines how long we store your personal data may be:
How long is the personal data needed for us to be able to provide you with products and services? This includes, among other things, maintaining and improving the products and services, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.
Is the personal data considered sensitive? In these cases, the storage period is usually shorter.
Have you, as a data subject, consented to a longer storage period? In these cases, we store the information longer, with your consent.
Do we have legal, contractual or other similar obligations to store the data? Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the Espresso House privacy team at email@example.com.
Aggregated data: Aggregated data is collected and processed to monitor and evaluate user trends on the website. This means that information about your actions on our website is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may therefore be stored a longer time than your personal information.
Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.
Third Party Links: This Privacy Notice does not apply to any personal data that you provide to another user through the website or through any other means. Any third party links you click on via our website may be subject to these third parties’ privacy policies, terms or other rules. Please make sure you read the respective privacy information for each third party whose links you click in, to keep yourself up to date about the processing of your personal data.
Children: Espresso House does not knowingly collect personal data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any personal data through our website. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide personal data through the website without their permission. If you have reason to believe that a child under the age of 13 has provided personal data to us through the website, please email us at firstname.lastname@example.org, and we will endeavor to delete that information from our databases.
10. Changes and updates to the Privacy Notice
We will update our Privacy Notice when needed to reflect customer feedback, and changes to the Service. When the Notice is updated, the latest update date is shown at the top of the Notice and the changes are described on the Change History page. If there are major changes in the Notice or how Espresso House uses your personal information, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to keep you informed about how Espresso House protects your personal information and privacy.
11. Questions, concerns or complaints
Responsible for Swedish, Norwegian, Finnish and Danish customers and users lies with:
Espresso House Group AB
reg. no. 559014-3748
211 34 Malmö
Tel. no. 010-510 1000
To ask questions or comment about our Privacy Notice and our privacy practices, contact our group privacy team at:
Privacy Officer, Espresso House Group.
Drottninggatan 29, 11151 Stockholm.
You are also welcome to contact our data protection officer for Swedish, Danish, Finnish and Norwegian customers and users at:
Sharp Cookie Advisors AB, email@example.com
You are also welcome to contact our data protection officer for German customers and users at:
Data protection officer,
Balzac & Espresso House Germany
May 2018: Clarifications due to the entry into force of the new Data Protection Regulation („GDPR“) on May 25, 2018. The updated Privacy Notice will automatically enter into force for all existing customers and users on May 25, 2018. Your continued use of our services from that date will be subject to the new Privacy Notice. The Notice has also been revised to be concise, clear, comprehensible, and easier to understand.