1.Update on the Processing of Personal Data
We would like to inform you that for BIBECOFFEE the protection of the personal data of its customers is of primary importance. For this reason, we take the appropriate technical and organizational measures to protect the personal data we process and to ensure that their processing is always carried out in accordance with the obligations set by the legal framework, both by the company itself and by third parties who process personal data on its behalf.
This Privacy and Personal Data Protection Policy applies to the services we provide to our customers, to the communication to each interested party and to the website www.bibecoffee.com and its online services.
2.What is GDPR?
The General Data Protection Regulation (GDPR) 2016/679 ( EE ) is the new regulatory framework of the European Union (EU) in the field under consideration. The Greek implementing law 4624/2019 specifies the application of the GDPR in Greek legislation. The object of the law is the establishment of the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons and in particular the right to the protection of personal data.
3.BIBECOFFEE as the processor.
BIBECOFFEE , based in Athens, as it is legally represented, for the purposes of carrying out its business activities, processes personal data on behalf of its customers, in accordance with the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons against the processing of personal data and for the free movement of such data (General Data Protection Regulation) as applicable. BIBECOFFEE , during the exercise of its activities, processes personal data on behalf of its customers, and therefore acts as a processor, in accordance with article 4, paragraph 8 of the GDPR.
For any issue related to the processing of personal data, you can contact the Department of Personal Data Protection and the Data Protection Officer ( DPO ) of BIBECOFFEE at the following contact details:
email : dpo@bibecoffee.com
4.What personal data do we process?
We process your personal data only for a legitimate purpose, as long as one of the conditions of article 6 par.1 of the GDPR is met. The website www.bibecoffee.com was designed so that users can visit it without having to reveal their identity and without having to give personal data unless they want to. In carrying out our activities and our cooperation with you, we will need to collect and process some of your personal data in order to offer you specific services and to be able to respond adequately to your needs. More specifically:
a) Personal data that we process and the provision of services to our customers.
The legal basis for the above processing is the performance of our contractual obligations (GDPR article 6 par.1΄b).
b) Personal data from the use of electronic services on our website.
c) Personal data published by third parties.
d) Personal data for commercial transactions.
e) Personal data collected and processed by BIBECOFFEE for staff.
f ) Personal data when collecting resumes from BIBECOFFEE.
5.Basic principles of personal data processing.
5.1 The processing of personal data takes place in a legal, fair and transparent manner.
5.2 The collection of personal data is carried out only for specified, clear and lawful purposes.
5.3 The collection of personal data is sufficient and relevant.
5.4 Personal data is accurate and up-to- date .
5.5 Personal data that is not accurate is corrected or deleted.
5.6 Personal data is kept confidential and stored securely.
5.7 Personal data is not disclosed to third parties unless it is necessary to offer them services upon agreement.
6.Where is your personal data shared?
BIBECOFFEE may transmit the personal data provided by natural persons to third parties, in the following cases and for specific purposes.
6.1 To the employees or external partners of BIBECOFFEE . They are experienced healthcare professionals who are sufficiently informed about the confidentiality obligations regarding the personal data of clients. The employees/external partners of BIBECOFFEE have access only to the personal data of customers, which are deemed absolutely necessary for the performance of their duties. There is always a contractual relationship between BIBECOFFEE and its employees/external partners, with the necessary commitments of confidentiality and taking the appropriate organizational and technical measures to protect customers’ personal data.
6.2 Other third parties, due to law: We may share your necessary personal data, to comply with the law or to respond to a mandatory legal process (eg for tax purposes), or to protect the rights or safety of BIBECOFFEE.
6.3 Other third parties, for the implementation of BIBECOFFEE services : There are cases where we have to share the necessary personal data of customers for the smooth operation of some electronic services ( data center , hosting , etc.). In any case, it will become special reference to the relevant service contract.
6.4 Other third parties with your consent . In addition to the disclosures described in this Privacy and Personal Data Protection Policy, we may transfer information about you to third parties if you give us your free and express consent.
7.Recipients outside the EU
We do not provide customers’ personal data to recipients based outside the European Union or the European Economic Area.
8.Storage Period
The period of data storage is decided based on the following specific criteria depending on the case:
When the processing is imposed as an obligation by provisions of the applicable legal framework, the personal data of customers will be stored for as long as the relevant provisions impose.
When the processing is performed on the basis of a contract, the personal data of customers is stored for as long as is necessary for the execution of the contract and for the establishment, exercise, and/or support of legal claims based on the contract.
9.Security of Personal Data
BIBECOFFEE implements appropriate technical and organizational measures aimed at the secure processing of personal data and the prevention of accidental loss or destruction and unauthorized and/or illegal access, use, modification or disclosure thereof. These technical and organizational measures are taken both during the design of the means of processing (e.g. encryption of server and company computer data, anonymization , etc.), and by definition, so that only the personal data necessary for the respective purpose of the processing (principle of minimization of personal data). BIBECOFFEE does not rest on the technical security measures it has taken so far, but is constantly looking for new and modern methods in order to shield the personal data it collects and processes. In any case, the way the internet works and the fact that it is free to anyone, does not allow to provide guarantees that unauthorized third parties will never gain the possibility to violate the applied technical and organizational measures, gaining access and possibly using personal data for unauthorized and/or illegal purposes.
10.Actions in case of breach of personal data of data subjects.
In the event that a violation of the personal data of the data subjects is found and this violation may cause a risk to their rights and freedoms, BIBECOFFEE undertakes to notify without delay and in any case within 72 hours from the moment it becomes aware of the fact violation, to the customer acting as the controller of the personal data.
11.Contribution of BIBECOFFEE to the satisfaction of the rights of data subjects.
BIBECOFFEE cooperates and provides all possible assistance to its customer, who acts as a controller, in order to be able to respond in a timely manner to the requirements, requests and satisfaction of the rights of the data subjects, such as the right to access, correct or delete the data, restriction of processing, opposition to processing, withdrawal of consent to processing of personal data, portability , filing a complaint with the Data Protection Authority, etc.
12.Cookies .
BIBECOFFEE uses cookies as part of facilitating and operating the services through its website. Cookies are small files, which are sent and stored on your computer allowing websites such as www.bibecoffee.com , to function seamlessly, to collect your choices, to recognize frequent users, to facilitate your access to it, and to collect data to improve the content of the website. Cookies do not cause damage to your computers, nor to the files stored on them.
Our primary goal is to constantly upgrade the navigation experience of our website visitors. In order to achieve this and to meet your every need, we use information that relates exclusively to your preferences when browsing our website. You must keep in mind that Cookies are absolutely necessary for the website www.bibecoffee.com. In addition, we share information about how you use our website with social media, advertising and analytics partners, who may combine it with other information you have provided to them or that they have collected in connection with your use of the services their. In any case, you can delete Cookies according to the instructions of the manufacturers of the browser you are using.
13.Third party websites.
This personal data protection policy applies only to the website www.bibecoffee.com and does not cover links to other websites and therefore the information collected by the parties that own and control said websites, or their use of Cookies .
14.Children.
By giving your consent, you responsibly declare that you are over 16 years old. If you are under 16 years of age, you may use our website and its services only with the involvement and approval of a parent or guardian.
15.CCTV
The company “BibeCoffee” (hereinafter “Company”) uses a CCTV Monitoring System for the protection of people and assets in its premises. The processing is necessary in the context of the legitimate interest of the Company that acts as a Data Controller (article 6(1) (f) GDPR). Therefore, the Company is Data Controller of your personal data, pursuant to EU General Data Protection Regulation 679/2016 (hereinafter “GDPR”) and Greek Law 4624/2019.
You can find more details in our Privacy Statement that is provided in order to inform you on the image and video data collected via CCTV monitoring.