1. THE BASICS
a. About Us
CafeSupply is headquartered in the State of Washington in the United States (“we,” “us,” “our,” and “CafeSupply”) and operates a variety of Websites and online services and applications, including the “CafeSupply for Suppliers” application, the “CafeSupply” application, and CafeSupply’s “Services”.
CafeSupply is passionate about connecting Brands with their customers. Our Applications and Services enable Brands to connect with each other and sell in their products in new channels.
b. Key Terms
“Brand” means any person or entity that is registered with us to use CafeSupply’s Applications as a Supplier or Storefront .
“Personal Information” means any information that reasonably identifies a natural person. Examples of Personal Information include, but are not limited to, first and last name, date of birth, email address, and physical address.
“Visitor” means any natural person who visits any of our Websites.
“You” and “your” means, depending on the context, either a Brand, a Supplier, or a Storefront.
2. YOUR PERSONAL INFORMATION
This section applies to the Personal Information we collect and process from individuals who are Brands or potential Brands through the provision of the Services. In this section, “you” and “your” refer to Brands and potential Brands.
a. Information We Collect
The Personal Information that we may collect broadly falls into the following categories:
Information You Give Us. You may give us information about you. Personal Information is often, but not exclusively, provided to us when you sign up for and use the Services, consult with our customer service team, send us an email, integrate the Services with another website or service (for example, when you choose to connect your e-commerce account with our Applications, CafeSupply for Suppliers or CafeSupply), or communicate with us in any other way. The categories of information include:
- Identifiers such as real name, address, email address, phone number, employer, job title, username, and password for account registration and administration. All passwords are encrypted using secure cryptographic keys that exist only in the possession and under the control of our Brands. We have no way of accessing or providing decrypted passwords.
- Commercial information such as your billing address, shipping address, transactions and purchases of the Services. We do not store or process payment information, such as your credit or debit card number or your bank account number.
- Internet or other electronic network activity information, such as interactions with our Applications, interactions with our APIs, and communications and responses through our Services.
The categories of information include:
- Device information: We collect information about the device and applications you use to access the Services, such as your IP address, your operating system, your browser ID, and other information about your system and connection.
- Log data: Our web servers keep log files that record data each time a device accesses those servers and those log files contain data about the nature of each access, including originating IP addresses. We may also access metadata and other information associated with files that you upload into our Services.
- Product usage data: We collect usage data about you whenever you interact with our Services, which may include the dates and times you access the Services and your browsing activities (such as what portions of the Services are used). We also collect information regarding the performance of the Services.
We generally collect this information in the aggregate. We do not associate this information with you or your computer, unless you specifically ask us to troubleshoot any technical or security issues you have with using our websites, or we need to investigate a violation of our Terms.
Information We Collect From Third Parties. From time to time, we may obtain information about you from third-party sources, such as public databases, public profiles on social media platforms, and third-party data providers. We take steps to ensure that such third parties are legally and/or contractually permitted to disclose such information to us.
b. How We Use the Personal Information
We may use the Personal Information we collect through the Services or other sources for a range of reasons, including:
- To provide you with the Applications and Services on our Websites.
- To communicate with you about your account and provide customer support.
- To bill and collect money owed to us by you.
- To market our products and/or services to you.
- To analyze Website usage and improve the services offered.
- For market research, project planning, troubleshooting problems.
- For detecting and protecting against error, fraud or other criminal activity.
- To enforce compliance with our Terms and applicable law, and to protect the rights and safety of our Brands and third parties, as well as our own. This may include developing tools and algorithms that help us monitor the use of our Services and prevent violations.
c. How We Share the Personal Information
Affiliates and Service Providers. We share your information with our third-party service providers and any subcontractors as required to offer you our products and services. For example, we use third-party credit card processors to process billing and payments. These service providers are under a duty of confidentiality.
Third Party Links and Websites. Our website may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any data to these websites.
Disclosures Required by Law. We may be required to disclose your data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your personal data in order to comply with any legal obligation, to enforce or apply our Terms and other agreements, to protect our rights, property, or safety, or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
d. Legal Bases for Processing (EEA Individuals)
If you are from the European Economic Area, our legal bases for collecting and using your Personal Information is as follows:
- The performance of your contract or to enter into the contract and to take action on your requests. For example, the processing of your CafeSupply account registration, providing information on your interactions with our CafeSupply Apps, providing communications with your Contacts on the CafeSupply App.
- Our legitimate business interests. For example, fraud prevention, maintaining the security of our network and services, direct marketing to you, and improvement of our services.
- Compliance with a mandatory legal obligation. For example, accounting and tax requirements, which are subject to mandatory retention periods. We may also collect your Personal Information to record your requests to exercise your rights and to verify your identity for such requests.
- Consent you provide where we do not rely on another legal basis. Consent may be withdrawn at any time.
- In some limited cases, we may also have a legal obligation to collect Personal Information from you, in response to lawful requests by public authorities, including to meet law enforcement requirements, as described above in “How We Share the Personal Information?”
If you have questions about or need further information concerning the legal bases on which we collect and use your Personal Information, please contact us using the contact details provided in the “Contact Information” section below.
5. YOUR PRIVACY CHOICES
Marketing Opt-Out From CafeSupply Communications: If you have opted-in to CafeSupply directly, we may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send. You will still continue to receive service-related messages concerning our Services.
Opt-Out From Applications: You have the option to remove your profiles from our applications by submitting a request online. Once removed, Brands would no longer be able to contact you for partnership opportunities.
Exercising Your Privacy Rights: We have listed the privacy rights for several jurisdictions below, but we understand you may have additional rights in your jurisdiction. You may contact us directly at any time about exercising your data protection rights.
b. California Residents
Third Party Marketing. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us at the Contact Information below.
California Consumer Privacy Act. If you are a California consumer, you have the following rights beginning on January 1, 2020:
- The right to know what Personal Information is being collected about you.
- The right to know whether your Personal Information is sold or disclosed and to whom.
- The right to say no to the sale of Personal Information.
- The right to access your Personal Information.
- The right, in certain circumstances, to delete the information you have provided to us.
- The right to equal service and price, even if you exercise your privacy rights, unless the difference in service and/or price is reasonably related to the value provided to the you by your Personal Information.
Requests for Deletion and Information. In certain circumstances, California consumers have the right to request that we delete their information. In addition, California consumers have the right to request, up to twice in a 12-month period, that a business that collects Personal Information about the consumer disclose to the consumer the information listed below for the preceding 12 months. We have the right to request verification of your identity for all requests for information.
(1) The categories of Personal Information it has collected about that consumer.
(2) The categories of sources from which the Personal Information is collected.
(3) The business or commercial purpose for collecting or selling Personal Information.
(4) The categories of third parties with whom the business shares Personal Information.
(5) The categories of Personal Information that the business sold about the consumer and the categories of third parties to whom the Personal Information was sold, by category or categories of Personal Information for each third party to whom the Personal Information was sold.
(6) The categories of Personal Information that the business disclosed about the consumer for a business purpose.
(7) The specific pieces of Personal Information it has collected about that consumer.
To make such a request, please contact us at the contact information below.
Do Not Sell My Personal Information. We are not data brokers and we do not sell your data on the open market. However, under California’s new privacy law, the California Consumer Privacy Act, some of the ways we share information may constitute a “sale.”
- If you are an Influencer, we may share public information about you with Brands. You may also opt-in with us directly to discover new Brands. To remove your profile from CafeSupply’s applications, or to make a privacy request, please submit a request online.
c. EEA Residents
EEA Privacy Rights. If you are from the European Economic Area, you have the right, under certain circumstances, to:
- Access your Personal Information;
- Correct inaccurate Personal Information;
- Request erasure of your Personal Information without undue delay;
- Request the restricted processing of your Personal Information;
- Request portability of the Personal Information that you have given us; and
- To object to the processing of your Personal Information, including the ability to object to automated processing and/or profiling.
If you are from the European Economic Area, you also have the right to lodge a complaint with a supervisory authority, under certain circumstances.
You may contact us at the contact information below for more information, or to exercise your rights.
6. INTERNATIONAL TRANSFERS
Any data that you provide to us may be accessed, shared or processed by our offices, located in the United States, and service providers located in the United States and abroad, if such data transfer is necessary for the specific purpose for which you submitted your data (such as the provision of goods or services under a written contract). This may entail a transfer of your Personal Information across international borders, including, but not limited to, transfers from within the European Economic Area (the “EEA”) to the United States. The data protections standards may differ and be lower than the standards enforced in your jurisdiction. We maintain appropriate safeguards as required by applicable law for any Personal Information transferred internationally, and as required by applicable law, will seek your consent prior to such transfers.
7. CHILDREN’S PRIVACY
This website is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with Personal Information, please contact us at the Contact Information below. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information.
Brands are also required to implement age-gating techniques appropriate to the products and services they provide. If you become aware that an individual or Brand has provided us with Personal Information in violation of these Terms (e.g. Personal Information from individuals under 18 for tobacco products or adult services), please contact us at the Contact Information below.
8. DO NOT TRACK
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
9. CHANGE OF CONTROL
Personal information may be transferred to a third party as a result of a sale, acquisition, merger, reorganization or other change in control. If we sell, merge or transfer any part of the business, part of the sale may include your Personal Information.
10. DATA RETENTION
Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine the appropriate retention period:
- Whether we have a legal or contractual need to retain the data.
- Whether the data is necessary to provide our Services.
- Whether our Brands have the ability to access and delete the data within their CafeSupply accounts.
- Whether our Brands would reasonably expect that we would retain the data until they remove it or until their CafeSupply accounts are closed or terminated.
When we have no ongoing lawful basis to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
11. SECURITY PROTECTIONS
We take appropriate and reasonable technical and organizational measures to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
CafeSupply accounts require a username and password, or social media authentication, to log in. Account holders must keep their username and password secure, and never disclose it to a third party in accordance with our Terms.
12. POLICY CHANGES
13. CONTACT INFORMATION
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at: firstname.lastname@example.org