Privacy & Cookies | Warawul Coffee

Status: January 2025

1. Data Controller

The data controller responsible for data processing on this website is:

Warawul Coffee GmbH

You can find the contact details in our legal notice (Imprint).

If you have any questions regarding data protection, you can contact us at any time via the email address provided in the legal notice.

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services.

Personal data is generally processed only with the explicit consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and where the processing of the data is permitted by law.

2.2 Legal Basis for the Processing of Personal Data

Where we obtain consent from the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.

When processing personal data necessary for the performance of a contract or for the implementation of pre-contractual measures, Article 6(1)(b) GDPR serves as the legal basis.

Where processing is necessary to comply with a legal obligation, Article 6(1)(c) GDPR serves as the legal basis.

Where processing is necessary to protect vital interests of the data subject, Article 6(1)(d) GDPR serves as the legal basis.

Where processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override those interests, Article 6(1)(f) GDPR serves as the legal basis.

2.3 Data Deletion and Storage Duration

Personal data is deleted or blocked as soon as the purpose of storage no longer applies.

Further storage may take place where required by statutory provisions.

Data is also deleted or blocked when legally prescribed retention periods expire, unless further storage is required for the conclusion or fulfillment of a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data from the accessing computer system.

Collected data includes:

Browser type and version
Operating system of the user
IP address
Date and time of access
Referring websites
Websites accessed via our website

The data is stored in log files. This data is not merged with other personal data.

3.2 Legal Basis for Data Processing

The legal basis is Article 6(1)(f) GDPR.

3.3 Purpose of Data Processing

Storage is necessary to deliver the website, ensure its functionality, optimize it, and guarantee the security of our IT systems.

No evaluation for marketing purposes takes place.

3.4 Storage Duration

Session data is deleted after the session ends.

Log files are deleted or anonymized no later than seven days after creation.

3.5 Right to Object and Removal

The collection of data is essential for the operation of the website. There is therefore no right to object.

3.6 Hosting

This website is hosted on servers operated by Cloudflare.

Cloudflare is a content delivery network and web security service.

The legal basis is Article 6(1)(f) GDPR.

Further information:
https://www.cloudflare.com/de-de/privacypolicy/

4. Cookies

4.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the browser that enable recognition.

Cookies are used to make our website more user-friendly.

4.2 Cookies Used

4.2.1 Technically Necessary Cookies

vendure-auth
Purpose: Authentication of logged-in users
Type: HTTP-only cookie
Storage duration: 7 days
Legal basis: Article 6(1)(b) GDPR
Necessity: Strictly required
Setting: Cannot be disabled

PARAGLIDE_LOCALE
Purpose: Storage of language preference
Type: Cookie
Storage duration: Session or longer
Legal basis: Article 6(1)(f) GDPR
Setting: Cannot be disabled

4.2.2 Analytics Cookies

PostHog Cookies
Purpose: Analysis of user behavior
Provider: PostHog Inc., USA
Legal basis: Article 6(1)(a) GDPR
Setting: Can be disabled via cookie settings
Data storage location: EU

Further information:
https://posthog.com/privacy

4.3 Cookie Settings

Cookie settings can be changed at any time.

Options include:

Using the cookie banner
Deleting or blocking cookies in browser settings

Disabling cookies may limit website functionality.

4.4 Legal Basis

Technically necessary cookies: Article 6(1)(f) GDPR
Analytics cookies: Article 6(1)(a) GDPR

4.5 Purpose of Data Processing

Cookies are required for:

Shopping cart functionality
User authentication
Language preference storage

Analytics cookies are used to improve the website.

4.6 Storage Duration and Right to Object

Cookies are stored on the user’s device.

Users can delete or disable cookies at any time.

If cookies are disabled, some functions may not be available.

5. Contact Form and Email Contact

5.1 Description and Scope of Data Processing

When using the contact form, the following data is processed:

First name
Last name
Company
Email address
Phone number (optional)
Subject
Message

Additionally:

IP address
Date and time of submission

Alternatively, contact via email is possible.

We use Resend to transmit contact form data.

5.2 Cloudflare Turnstile

We use Cloudflare Turnstile to protect our forms from abuse and spam.

Collected data:

IP address
Browser information
Form interactions

Legal basis: Article 6(1)(f) GDPR

Further information:
https://www.cloudflare.com/de-de/privacypolicy/

5.3 Legal Basis

Consent: Article 6(1)(a) GDPR
Email contact: Article 6(1)(f) GDPR
Contractual purposes: Article 6(1)(b) GDPR

5.4 Purpose of Data Processing

Processing contact requests
Ensuring IT security
Preventing misuse

5.5 Storage Duration

Contact and email data: until the conversation is concluded
Technical data: deleted after no more than seven days

5.6 Right to Object and Removal

Consent can be withdrawn at any time.

Upon withdrawal, all stored personal data will be deleted.

5.7 Email Delivery (Resend)

We use Resend, Inc., USA, for transactional emails.

Processed data:

Email address
Name
Message content
Email metadata
IP address

Legal basis:

Article 6(1)(b) GDPR
Article 6(1)(f) GDPR
Article 6(1)(a) GDPR

Further information:
https://resend.com/legal/privacy-policy

6. Newsletter

6.1 Description and Scope of Data Processing

Only the email address is required to subscribe to the newsletter.

6.2 Klaviyo

The newsletter is sent via Klaviyo, USA.

Collected data:

Email address
Registration time
IP address
Double opt-in status

Legal basis: Article 6(1)(a) GDPR

Further information:
https://www.klaviyo.com/legal/privacy

6.3 Double Opt-In

Registration time, confirmation time, and IP address are stored.

6.4 Right to Object

Unsubscription is possible at any time via the unsubscribe link in each email.

7. Registration and Orders

7.1 Description and Scope

Collected data:

Email address
First name
Last name
Company name
Address details
Phone number

Additionally:

IP address
Registration timestamp

7.2 Backend Server (Railway)

Backend hosting is provided by Railway, USA.

Legal basis: Article 6(1)(b) GDPR

Further information:
https://railway.app/legal/privacy

7.3 Purpose

Contract fulfillment and pre-contractual measures

7.4 Storage Duration

Data is deleted once it is no longer required for its purpose.

7.5 Right to Object

Registration can be canceled at any time.

8. Payment Processing

8.1 Stripe

Payments are processed via Stripe.

Further information:
https://stripe.com/privacy

8.2 PayPal

Payments are processed via PayPal.

Further information:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8.3 Klarna

Payments are processed via Klarna.

Further information:
https://www.klarna.com/de/datenschutz/

8.4 Local Storage

We do not store payment data.

9. Content Management System

We use Sanity CMS.

Legal basis: Article 6(1)(f) GDPR

Further information:
https://www.sanity.io/legal/privacy

10. Rights of the Data Subject

Data subjects have the following rights:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

11. Data Transfers to Third Countries

Data transfers occur only where necessary and subject to appropriate safeguards.

12. Data Security

All data transmissions are encrypted using SSL/TLS.

13. Updates

Status: January 2025

This privacy policy may be updated.

14. Contact

Warawul Coffee GmbH

Further contact details can be found in the legal notice (Imprint).

Status: January 2025