PRIVACY POLICY

Effective Date: 01-08-2022​

 

Thank you for visiting our website.  Jacobs Douwe Egberts (“JDE”) is dedicated to protecting the privacy of those who visit our website. We ask that you read the policy below carefully.  

JDE (Jacobs Douwe Egberts IE Limited, 2nd Floor, Block F1, East Point Business Park, Alfie Byrne Road, Dublin 3) (“WE”) with brands (L'Or, Tassimo, Illy, Kenco) is the Controller of your personal information, which means that we are responsible for how and why your personal information is being processed. "We", "Us" "Our" and JDE", whether capitalized or not, means JDE on behalf of itself and its affiliates and related entities operating as a JDE brand, and each of their respective officers, directors, members, employees, agents, representatives, successors and assigns. 

This Privacy Policy sets out how and why we collect, store, process, and share your personal data. It applies to all the personal information we collect about you on our website, when you visit our corporate offices, communicate with us (including through customer service, social media platforms, and other means) or interact with us in other ways. 

This Privacy Policy contains references to the EU General Data Protection Regulation (GDPR) and may thus contain references that may not apply to your specific country or jurisdiction. Where corresponding provisions exist under your national law, these may be assumed for the purposes of this Privacy Policy.  

In addition, certain jurisdictions may prohibit or limit the collection, use, or sharing of specific categories of personal data; accordingly, this Privacy Policy describing our practices may be limited by those laws and/or further clarified in any country-specific sections applicable to you within this Privacy Policy. 

We may amend this Privacy Policy from time to time. Please refer to this Privacy Policy regularly to be updated on our processing activities. 

 

Table of contents 

  1. Collection and use of your personal data
  2. How we share and disclose personal data
  3. Advertising and marketing
  4. Retention periods
  5. Cookies
  6. Embedded videos
  7. Captcha
  8. Social Media data processing
  9. Data security
  10. Your rights as data subjects
  11. Contact details of our data protection officer

 

1. Collection and use of your personal data 

In the following section, you will find information on how we collect your personal data, for which purposes we process your data, on which legal basis we do so, and for how long we retain your data.  

A legal basis for processing your data will arise when one or more of the following conditions apply:  

  • Consent: You have given us your consent to the use of your information which you can revoke at any time, Art. 6 (1) (a) GDPR.
  • Contract: You have/or are about to enter into an agreement with us and your information is needed to provide you with the requested products or services, Art. 6 (1) (b) GDPR.
  • Legal obligation: We may be required to process your information to comply with certain legal obligations such as tax and employment law-related reporting, Art. 6 (1) (c) GDPR.
  • Legitimate interest: We might use your information because we have—or a third party has—a legitimate interest in doing so. This happens only in cases where we think the way we are using your data doesn’t significantly impact your privacy, that you might expect such processing or there is a compelling reason to do so, Art. 6 (1) (f) GDPR.

 

For JDE Professional Customers, see the “JDE Professional Data Processing” table below for additional information on how we process your data.  

 

How we collect data

What data is collected

Use and legal basis

Data deletion

When you visit our website 

We collect your browser type, operating system, error logs, and other similar information regarding your visit to our site such as:   

- the date and time of the query, 

- the transferred data volume, 

- the access status (content transferred, content not found), 

- the referral link, which indicates from which page you reached ours, 

-  shortened IP address (to prevent establishing a personal reference)  

 

The above-mentioned log data will only be evaluated anonymously. 

 

We may also collect additional information (including which links you click on, which pages or content you view and for how long, and other similar statistics about your interactions) from cookies, trackers, web beacons, and other unique identifiers.  

 

Our cookie banner allows you to decide if we can collect this data.  Please see our cookie section for more information on how we use cookies, trackers, and other similar technologies.  

The data is used to remember your website preferences, language, and cookie choices.  It also makes it easier to use the site and can help us to provide personalized advertising according to your preferences. 

 

The legal basis is our legitimate interest to improve our services or your consent when required.    

Your cookie data storage duration may vary according to the type of cookie implemented. See our cookie section in section 5 below for more information.    

When you register /create an account on our webshop  

If you register a webshop account, we process your account registration data as provided in the registration process.   

 

If we collect additional data during this process, these will be marked as voluntary and the processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. 

This data is used to perform the contract as requested under Art. 6 (1) (b) GDPR. 

You may delete your account at any time through your “My Account” on the applicable web shop or by contacting Consumer Care via details on any JDE website.    

 

The legal basis is your consent which you can withdraw at any time. 

Your account data is stored until you delete your account via My Account or Consumer Care. Webshop accounts are automatically deleted 5 years after no log-in and no orders are made. 

When you make a purchase on our webshop 

We collect your purchase information e.g., name, email, billing and shipping address, and payment type.  

 

Where we receive your email address in connection with the sale /negotiations for the sale of a product or service, we may use the e-mail address for direct marketing of our own similar goods or services, unless you have objected to the processing. You can object to this processing easily at the point of data collection and by using the unsubscribe link provided in every marketing e-mail. 

This data is used to process your order according to the purchase contract. 

 

The legal basis is the contract with us and because your information is needed to provide you with the requested products or services as requested under Art. 6 (1) (b) GDPR.  

 

The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR.  

Data deletion: The data collected will be retained for up to 10 years after the last purchase OR according to local retention requirements. 

When you subscribe to our newsletters or other marketing communications 

We collect your name, email address, and marketing preferences (where applicable).  

 

We may ask you to agree to further newsletter tracking which allows us to recognize when you open the newsletter and to determine when you clicked on a specific link within the newsletter.  

In addition to the above-mentioned data, we also collect your complete IP address at the time of the registration or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us. 

This is used to deliver the JDE newsletters and contact you about offers, products, events, and surveys via e-mail and social media platforms. 

The legal basis is your consent which you can withdraw at any time via the Preference Center or unsubscribe link in every email. 

 

We use this data, when necessary, as proof of your newsletter registration.  

 

The legal basis for the data processing is our legitimate interest to be able to account for the legality of the newsletter delivery according to Art. 6 (1) (f) GDPR. 

 

For more information on our Marketing and Advertising processing, see Section 3 below. 

Your data and your preferences are stored until you withdraw your consent. Your details will be deleted automatically if there has not been consumer engagement for 24 months.  *Consumer engagement includes placing an order, clicking on / opening a JDE email 

When you visit our offices 

We collect you full name, business information, and other details regarding your visit. 

We use this to keep a record of visitors and support the safety and security of our associates and premises.  

 

The legal basis is our legitimate interest to secure our associates and premises.   

Your data will be retained according to local retention requirements. Please contact the applicable local JDE company or our DPO for further information.  

When you contact us (via Consumer Service, Email, social media platforms or via other means)  

We collect your name, email, account information, and other information required to process your request.  

 

If you contact us by phone, we may also collect audio recordings of your call of which you will be informed, with the option of objection.  

The data is used to respond to your customer service requests. Where calls are recorded, the data is used for training and customer care purposes.   

 

The legal basis is our legitimate interest to improve customer service and for staff training purposes or your consent where required.    

 

Where you contact us with regards to a service or (pre) contract inquiry, your data will also be stored in our Consumer Relationship Management system. The legal basis is because processing your data is necessary to provide you with the requested information, products or services as requested according to Art. 6 (1) (b) GDPR.  

Personal data processed by Consumer Service is deleted 6 months after the resolution of the case for which it was collected.  

 

We delete your data as soon as it is no longer required for further communication or the contractual relationship with you and there are no outstanding legal retention obligations. 

When you join our Consumer Loyalty program 

We collect your username, log in information and any other information which you voluntarily decide to share on the program pages.  

This data is used to provide you with requested customer loyalty program services.  

 

The legal basis is your consent which you can withdraw at any time. 

Consumer loyalty program data is stored until your account is deleted.  To delete your account, please contact Consumer Service. Your D. E Loyalty account will be deleted if you no longer have any value points in your account and have also not logged in to your account within the last 5 years.  Your Maison du Café account will be deleted if you have not logged-in for 1 year.     

When you participate in our surveys, questionnaires, contests, raffle draws, leave us product or service reviews. 

We collect your name, company name (where applicable) email address, opinions and other information which you provide voluntarily.  

Where we use this data to promote our services or products, the legal basis of the processing will be your consent which you can withdraw at any time. 

Retention may vary depending on your type of participation. Please read the official notices or details of the relevant contest/promotion for further information.  

 

ADDITIONAL JDE PROFESSIONAL DATA PROCESSING INFORMATION

How we collect data 

What data is collected

Use and legal basis

Data deletion

When you register /create an account on our webshop 

We collect your account registration data as provided in the registration process.   

 

If we collect additional data during this process, these will be marked as voluntary and the processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. 

This data is used to perform the contract as requested under Art. 6 (1) (b) GDPR.  

Your account data is stored until you delete your account via Customer Care.  

Webshop account data is retained subject to local legal retention schedules.  

When you make a purchase on our webshop 

We collect your purchase information e.g., name of contact person, company name, email, billing and shipping address, and payment type. 

 

Where we receive your email address in connection with the sale /negotiations for the sale of a product or service, we may use the e-mail address for direct marketing of our own similar goods or services, unless you have objected to the processing. You can object to this processing easily at the point of data collection and by using the unsubscribe link provided in every marketing e-mail. 

This data is used to process your order according to the purchase contract. 

 

The legal basis is the contract with us and because your information is needed to provide you with the requested products or services as requested under Art. 6 (1) (b) GDPR.  

 

The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR.  

Webshop account data is retained subject to customer categories and local legal retention schedules. 

When you enter into a contract with us (online or offline) 

We collect your purchase information e.g., name of contact person, company name, email, billing and shipping address, and payment type. 

 

Where we receive your email address in connection with the sale /negotiations for the sale of a product or service, we may use the e-mail address for direct marketing of our own similar goods or services, unless you have objected to the processing. You can object to this processing easily at the point of data collection and by using the unsubscribe link provided in every marketing e-mail. 

This data is used to process your order according to the purchase contract. 

The legal basis is the contract with us and because your information is needed to provide you with the requested products or services as requested under Art. 6 (1) (b) GDPR.  

 

The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR.  

Contract data will be retained for the period of our contractual relationship with consideration to customer categories and local legal retention schedules.  

When you subscribe to our newsletters or other marketing communications 

We collect your name, email address, and marketing preferences (where applicable).  

 

We may ask you to agree to further newsletter tracking which allows us to recognize when you open the newsletter and to determine when you clicked on a specific link within the newsletter.  

In addition to the above-mentioned data, we also collect your complete IP address at the time of the registration or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us. 

This is used to deliver the JDE newsletters and contact you about offers, products, events, and surveys via e-mail and social media platforms. 

The legal basis is your consent which you can withdraw at any time OR our legitimate interest (where applicable).  

 

You may unsubscribe or object to this processing via Customer Care or unsubscribe link in every email. 

 

We use this data when necessary, as proof of your newsletter registration.  

 

The legal basis for the data processing is our legitimate interest to be able to account for the legality of the newsletter delivery according to Art. 6 (1) (f) GDPR 

Your data and your preferences are stored until you withdraw your consent and in line with JDE retention schedules.  

When you contact us via Consumer Service  

We collect your name, email, account information, and other information required to process your request.  

 

If you contact us by phone, we may also collect audio recordings of your call of which you will be informed, with the option of objection.  

Where you contact us with regards to a service or (pre) contract inquiry, your data will also be stored in our Customer Relationship Management system. The legal basis is because processing your data is necessary to provide you with the requested information, products or services as requested according to Art. 6 (1)(b) GDPR.  

We delete your data as soon as it is no longer required for further communication or the contractual relationship with you and there are no outstanding local legal retention obligations. 

 

To object to the processing of your data in case of legitimate interest processing OR to withdraw your consent to the processing of your data, please visit the JDE Preference Center, click on the unsubscribe link in any marketing email or contact us via the e-mail address stated in the imprint. 

 

2. How we share and disclose personal data 

We will not share, sell, transfer or otherwise disseminate your Personal Data to third parties, unless this is:  

  • required by law according to Art. 6(1)(c) GDPR; 
  • required for the purpose of your contract according to Art. 6(1)(b) GDPR,  
  • the third-party acts as a data processor on our behalf according to Art. 28 GDPR, as a Joint Controller according to Art 26 GDPR, or you have given us express consent to do so according to Art. 6(1)(a) GDPR or Art. 49(1)(a) GDPR where applicable. 

2.1 Transfers of Data 

We may transfer your data due to legal reasons or in the case of a merger or acquisition. In the event that a JDE entity or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your personal data with any of our legal successors.  

We will also disclose your personal data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our website. 

2.1.1. All transfers of personal data will be carried out in accordance with the applicable privacy regulations and in adherence to JDE internal policies.  

Transfers to service providers: 

We use third-party service providers to offer or facilitate services on our behalf and share your Personal Data with such providers to the extent necessary for such providers to perform their services on our behalf.   

- Payment processing: we use payment service providers to bill you for goods and services and for credit card processing; 

- Order fulfillment: we use several shipping and delivery companies to fulfill orders depending on the product and location; 

 - Customer Service: we use several customer service providers to facilitate customer service; 

-  Cloud Provider: for our CRM system and an external provider for the hosting of our websites; 

- Marketing and Advertising: we work with media agencies such as Havas Media to deliver our social media and other advertising campaigns.    

We partner with companies for interest-based advertising and also use identity facilitators to help us recognize our consumers across our websites, our partner websites, and their shops. We also partner with ad networks and other ad serving providers (“Advertising Providers”) that serve advertising on our behalf and other non-affiliated companies on the internet. Some of those advertisements may be tailored to your interests based on information collected on JDE sites or on non-affiliated websites over time.  

The privacy policies for all the above can be found on their corporate websites. JDE is not responsible for the policies of third-party providers. 

2.2. Transfers outside the EU and EEA 

Please note that with regards to transfers of personal data outside the EU or European Economic Area (EEA), there is a risk that local authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action. 

In order to grant sufficient protection of your personal data in this context, all data transfers above are covered under an appropriate legal transfer mechanism such as an adequacy decision according to Art 45 GDPR or standard data protection clauses adopted by the European Commission according to Art. 46(2)(c) GDPR. 

Where you consent to the transfer of your data according to Art 49 GDPR, to our vendors or partners (such as Google, Facebook, YouTube) in the USA, please note that there is a risk of unauthorized processing or access to your data by local authorities and that you may not be able to effectively enforce your rights in the US.  You can revoke your consent to this transfer and data processing at any time by changing your cookie preferences via our cookie banner or through the JDE Preference Center.  

 

3. Advertising and marketing    

If we have your consent, where required, we use your personal data for advertising, remarketing, and (re)targeting.  We may serve ads to target partner websites and their shops, and also use digital agencies to manage our social media and other advertising campaigns. 

We may share your hashed email address and other identifiers such as name, location, phone number, and browsing behavior with our marketing partners, publishers, and other third-party service providers to assist with our targeting advertising on their sites, apps, or social networks.  We may also use this service to reach new target audience groups which are similar to our existing customers based on their characteristics and other identifiers.  

Custom Audiences: We and our partners may also compare demographic information including interests and social connections to segment groups based on an automated advanced matching technique of similarities in their profiles. This process can happen in real-time and the matching can be performed independently of the device you are using.   

This is done by uploading an encrypted customer list to a third party, or by incorporating a tracking technology from a third party onto our website. The third party then matches individuals who appear in both our data and their data. Because of how this matching process works, the third party can’t read our encrypted customer list if they don’t already have it. 

We use the custom audience functionalities of Facebook, Google, LinkedIn, and other social networks to match personal data against platform user data that the social network already controls to target ads to the relevant audiences.  

JDE has no influence on the advanced matching processes or which data is evaluated by the 3rd party for the purposes of creating these reference groups 

You can opt-out of these custom audiences, pixels, and similar technologies via our website cookie banner, by using browser-based ad blockers or by managing your privacy settings within your social media platforms.  

If you decide that you no longer wish to receive such custom audience-based communications, you can unsubscribe by following the instructions provided in each such communication or by adjusting your privacy settings within the relevant digital media platform. 

   

Personalization (offline and online). With your consent (where required), we may use your personal data (including your JDE transactions and online interests) to analyze your preferences, and habits, anticipate your needs based on our analysis of your profile, improve and personalize your experience on our websites and provide you with targeted advertising and content. 

You may opt-out of the processing of your personal data for this purpose by changing your cookie preferences via our cookie banner or by following the instructions provided in any such marketing communication. 

3.1. Affiliate and Partner Advertising 

We use your personal data to send you information (e.g., marketing communications or advertisements) about our goods and services and those of our partners. Some of these communications or advertisements are run on third-party websites and/or on social networks. When required, we will collect your consent prior to sending or showing you such information, e-mails, or advertisements.  

You can withdraw your consent or object to the processing of your personal data for these purposes by changing your cookie preferences via our cookie banner or by following the instructions provided in any such marketing communication.  

The advertising and marketing processing as provided above may be done by marketing affiliates, partners, or other 3rd parties.  Some of these companies and 3rd parties may be located in the USA and other countries outside of the European Union (EU)/ European Economic Area (EEA).  In order to grant sufficient protection of your personal data in this context, all data transfers above are covered under the appropriate legal transfer mechanisms such as Standard Data Protection Clauses adopted by the European Commission according to Art. 46(2)(c) GDPR, a European Commission Adequacy Decision or your consent according to Art 49 GDPR.  

Where the data is processed outside the EU/EEA based on your consent (according to Art. 49(1)(a) GDPR), please note that there is a risk of unauthorized processing or access to your data by local authorities and that you may not be able to effectively enforce your rights.  You can revoke your consent to this transfer and data processing at any time by changing your cookie preferences via our consent banner, accessible via , or through the JDE Preference Center. 

 

Further information on the advertising and targeting cookie and tracker processing can be found in our Cookie Section below or in the Privacy Policy of the corresponding provider.  

 

4. Retention periods 

Unless otherwise specified in this policy, we will delete your personal data if they are no longer required for the relevant processing purposes and no legal retention obligations oppose deletion. 

 

5. Cookies 

How to manage your cookie preferences OR withdraw your consent 

You may withdraw your consent or object (“opt-out”) to the placing of any cookies by adjusting your cookie settings through our consent banner at any time, accessible via .  

5.1. Cookies and tracking technologies 

JDE and our third-party partners use cookies and similar technologies like pixels, tags, web beacons and similar technologies (“cookies”), and other identifiers to provide you with the best possible service and optimize our website performance. These cookies may also help us remember your preferences, understand user interactions as well as personalize our website and marketing communications.  

Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA. In some countries such as the US, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action. 

Where we use providers or work with third parties in countries outside the EU or the EEA, without an adequate level of protection and you give your consent to the processing, the transfer to this non-EU/EEA country is based on Art. 49(1)(a) GDPR. 

More information about our cookie usage and that of the third-party partners and /or providers we work with is available in the Cookie Information section below. 

5.2. Cookie Information 

Updated information on cookies and corresponding vendors is available on the cookie banner.   

5.2.1. Strictly Necessary Cookies 

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will no longer work.  

These cookies usually do not store any personal data. In the exceptional case that these cookies allow a personal reference, the processing is based on legitimate interest.  

Cookie/ Provider 

Purpose 

Retention Period 

Level of data 

protection 

One Trust  

Consent Management Platform 

Data retained for 1 year - or – earlier if cookies are deleted from the device or consent is withdrawn. 

Processing within EU/EEA  

Google USA 

Provision of Google Tag Manager which facilitates the management of tags for tracking, site analytics, remarketing, etc.  

Google Tag Manager does not collect, retain, or share any information about visitors.  

No adequate level of data protection. The data is transmitted on the basis of Art. 49(1) of the GDPR. 

 

5.3. Functional Cookies 

Functional cookies allow our website to remember choices you make, enhance your experience, and improve response speed and efficiency by storing certain frequently-accessed information. For example, they help to remember your display preferences (e.g., language, font size), the contents of your shopping basket, store your login details, make the website perfectly fitted for your device, or to remember a search term or filter you used.  You can choose not to allow some of these cookies; however, this may impact your experience of the site and the services we can offer. 

The legal basis is your consent in accordance with Art. 6 (1)(a) of the GDPR or our legitimate interest where applicable. 

Cookie/ Provider

 Purpose

Retention Period

 Level of data protection

Amazon 

AWSALBCORS 

This cookie is managed by AWS and is used for load balancing. 

7 Days 

The AWSALB cookies are encrypted and do not contain any personally identifiable information. 

Amazon 

AWSALB 

AWS ELB application load balancer 

7 Days 

The AWSALB cookies are encrypted and do not contain any personally identifiable information. 

 

5.4. Analytical Cookies  

These cookies collect aggregated information about how you use our website. We use them for web analytics, to recognize and measure returning visitors, to help us improve our online offerings, as well as to test different design ideas for particular pages. These cookies help us to see how effective our advertising is and help to make our marketing more relevant and improve your experience.  

This works by allowing us to store temporary and/or session cookies on your end device which we can access to recognize your browser or device (e.g., a browser fingerprint or your unabridged IP address).  

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) of the GDPR if you have given your consent via our consent banner, accessible via  

Where permitted by national law, this data processing is carried out on the basis of our legitimate interests according to Art. 6 (1)(f) GDPR or other applicable local regulations.  You can opt out of this processing at any time through our cookie banner. 

Some of these analytical cookies may be set by third-party companies located in the USA as stated in the table below. Where you consent to the transfer of your data (according to Art 49 GDPR), to our vendors or partners (such as Google) in the USA, please note that there is a risk of unauthorized processing or access to your data by local authorities and that you may not be able to effectively enforce your rights in the US.  You can revoke your consent to this transfer and data processing at any time by changing your cookie preferences via our cookie banner or through the JDE Preference Center (retail only).  

Third-party Provider 

Tools 

Maximum retention period 

Level of data protection 

Google Ireland Limited/ Google LLC (USA) 

Google Analytics 

26 months 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

Hotjar Ltd. 

Hotjar 

 12 months  

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

 

5.5. Advertising Cookies & Tracking Technologies 

We use these cookies to show you relevant advertising based on a profile of your interests. These may be set through our site by our advertising partners. Advertising cookies do not directly store personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. 

The legal basis for this data processing is your consent which you can withdraw at any time in accordance with Art. 6 (1)(a) of the GDPR.  

We also use cross-device tracking technologies to help us carry out marketing analytics, create custom audiences and show you targeted advertising on other websites based on your visit to our websites.   

We are not responsible for any third party’s failure to comply with opt-out requests. 

What does cross-device tracking mean? 

If you log on to the third-party provider with your user data, the respective identification characteristics of different browsers and end devices can be linked with each other. For example, if the third-party provider has created a unique identifier for each laptop, desktop personal computer, smartphone, or tablet you use, these individual identifiers can be associated with each other as soon as you log in to a third-party service using your login credentials. This allows the third party to target our advertising campaigns across multiple devices. 

 

Behavioral advertising  

We also use technology to understand and map your interest in our products/track your interest in our products. We may use these to understand what most appeals to you, so we can make our offers as appropriate as possible. This may include browsing behavior to create ads with product recommendations that we believe are best related to items you may have viewed on our website. These ads are then served /shown across other websites that you may visit, typically news sites, video sites, and blogs. This process is called behavioral advertising and, although the adverts seem to be individually tailored to you, the data is based on anonymized analytic data and insights that are stored temporarily. 

Some of these cookies and technologies may be set by third-party companies located in the USA as stated in the table below. Where you consent to the transfer of your data (according to Art 49 GDPR), to our vendors or partners (such as Google, Facebook, and YouTube) in the USA, please note that there is a risk of unauthorized processing or access to your data by local authorities and that you may not be able to effectively enforce your rights in the US.  You can revoke your consent to this transfer and data processing at any time by changing your cookie preferences via our cookie banner or through the JDE Preference Center 

 

Third-party Provider 

Tools 

Purpose 

Maximum retention period 

Level of data protection 

Facebook (USA and/or Ireland) 

Facebook Custom Audience 

It allows us to track the actions people take on our websites to create audiences on Facebook to create target groups and to find new potential customers/lookalikes. 

The maximum amount of time that data subjects will stay in a Custom Audience from our website or mobile app is 180 days. After 180 days, data subjects who have been in the website Custom Audience will be removed unless they revisit the e.g., website or mobile app. 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

 Google LLC (USA) 

DoubleClick Floodlight/ DoubleClick/ GA Audiences 

DoubleClick Floodlight allows us to track and report on conversions — the actions of users who visit our site after viewing or clicking on ads — and to report campaign effectiveness. 

 

DoubleClick allows us to optimize advertisements to onsite behavior, user characteristics, and interests in digital ads. It helps to manage digital campaigns across websites and mobile devices. 

 

GA Audiences allows us to create audiences on Google Analytics for remarketing purposes and to reach people who were previously engaged with our products/services. 

IP addresses are anonymized after 9 months and the data in cookies is anonymized after 18 months. 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

YouTube / Google (USA) 

Content Delivery  

YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services to display targeted advertising to web visitors across a broad range of their own and other websites. 

IP addresses are anonymized after 9 months and the data in cookies is anonymized after 18 months. 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

YouTube / Google (USA) 

VISITOR_INFO1_LIVE 

This cookie is used as a unique identifier to track the viewing of videos. 

180 days 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

YouTube / Google (USA) 

YSC 

YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services to display targeted advertising to web visitors across a broad range of their own and other websites. 

Session 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

Teads Altice International Sarl 

Advertising  

 Teads is the platform used to filter ad delivery according to the user profile, such as his interests, location, device used, or page content, and to prevent displaying the same ad to the same website visitor many times.  

12 months 

Adequate - EU Vendor  

Yotpo Ltd. USA  

Yotpo  

Ratings & Reviews 

Unlimited 

No adequate  

level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

 

6. Embedded videos 

On our websites, we embed videos that are not hosted on our servers. To ensure that accessing our websites containing embedded videos does not automatically lead to the download of third-party content, we only show locally hosted preview images of the videos as a first step. As a result, the third-party provider does not receive any information. 

Only after you click on the preview image, is content from the third-party provider downloaded. This provides the third party with information that you have accessed our site and with the usage data technically required for this purpose. Furthermore, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to download content from the third-party provider. 

The embedding is based on your consent in accordance with Art. 6 (1)(a) GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries such as the US, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action. Where we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49(1)(a) GDPR. 

 

Third-party Provider 

Level of data protection 

Withdrawal of consent 

YouTube / Google (USA) 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

If you click on a preview image, the content of the third-party provider is immediately downloaded. 

To withdraw your consent, please change your settings via our banner under section 3 above  

Vimeo (USA) 

No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR. 

If you click on a preview image, the content of the third-party provider is immediately downloaded. 

To withdraw your consent, please change your settings under section 3 above. 

 

7. Captcha 

To protect our web forms from automated requests, we use the system Google reCAPTCHA by Google LLC. Within the captcha function, you may be asked to carry out a specific task or click on certain checkboxes. The user input required in this context and, if necessary, the mouse movements are used to determine whether the input comes from a person or an automated program. 

As the Captcha function is provided by a third party, displaying the captcha will cause third-party content to be downloaded. This provides the third party with information that you have accessed our site and with the usage data technically required for this purpose. We have no influence on further data processing by the third-party provider. 

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. You declare your consent by using our web forms that are protected by reCAPTCHA. A corresponding indicator is displayed on these pages. 

Please note that the use of the Captcha function may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action. Where we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49(1) (a) GDPR. 

 

8. Social media data processing 

8.1. Plugins 

We may enable the usage of social media plugins such as Facebook, Twitter, Instagram, and YouTube on our website. However, for data protection reasons, we only integrate these social media plugins in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services unless you activate the respective social plugin by clicking on the preview image or icon connected to the desired social media platform.  

If you click on a plugin, the social media platform receives information about your visit to our websites. This happens regardless of whether you have registered an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile. They may also use this information to create user profiles based on your data and use them for personalized advertising. 

JDE is not responsible for the privacy policies and/or practices of third parties. When activating or linking to another website or platform, you should read the privacy policy on that site or platform.  

The legal basis for this integration is your consent according to Art. 6 (1) (a) GDPR if you have given your consent by clicking on the preview image. Please note that the integration of many social plugins means that your data is processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal.  

If we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49 (1) (a) GDPR. 

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by not clicking on the preview image or icon of the respective Social Plugin.  

8.2. Social Media Pages 

JDE, in addition to the provider of the social media platform (platform provider), is jointly responsible as data controllers for the processing activities concerning your data. The platform provider in this respect primarily determines the purposes and means of the processing activities, which we can influence only to a limited extent. To the extent that we can exert influence over or set parameters regarding the processing of your data, we will, within our means, take actions to ensure that the platform provider processes your data in compliance with applicable data protection regulations. 

We operate the following social media sites: 

- Twitter: [https://twitter.com/  
- Facebook: [https://www.facebook.com/ 
- YouTube: [https://www.youtube.com/user/ 
- Pinterest: [https://www.pinterest.com/ 
- Instagram: [https://www.instagram.com 
- Snapchat: https://www.snap.com 
- LinkedIn: https://www.linkedin.com 
- TikTok: https://www.tiktok.com 

Some of these social media platforms are located outside the EU or EEA and therefore there is a risk that the non- EU or EEA authorities may access your data for security and monitoring purposes without you being informed or having the right to appeal. Where these platforms are in third countries without an adequate level of protection and you give your consent to the processing, the transfer to this third country is based on Art. 49(1)(a) GDPR. 

8.2.1. Social Media Data Processing 

The data you provide directly on our social media pages such as comments, videos, pictures, likes, tweets, etc. is published by the social media platform. The processing by us is based on Art. 6 (1) (f) GDPR which refers to processing that is done in our legitimate interest. 

As part of this processing, we may: 

  •  Communicate with you via the social media platform; 
  • Share your content on any of our social media pages as well as on our website; 
  •  Allow you to participate in contests and/or raffles. 

8.2.2. Data processing by the provider of the social media platform 

We use several social media platforms and functionalities on our websites. In particular, we use Facebook Connect which is a single sign-on application that allows users to interact on other websites through their Facebook accounts.  

The provider of the social media platform uses web tracking methods. Web tracking may also take place independently of whether or not you are logged in or registered on the social media platform. Unfortunately, we cannot influence or restrict the web tracking methods of the social media platform. 

Please be aware that the platform provider may use your profile and behavioral data to evaluate, among other things, your habits, personal relationships, and preferences. We have no influence on the processing of your data by the platform provider. 

Please refer to the privacy policies of the platform provider for more information on the purpose and scope of data collection and data analysis undertaken by the social network as well as your options to modify settings and how to protect your privacy. 

 

9. Data Security 

We take technical and organizational measures to protect your personal data as comprehensively as possible from unauthorized access. These measures include encryption procedures on our web pages. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. 

You can recognize this by the lock symbol in the status bar of your browser and the address line beginning with https://. 

 

10. Your rights as a data subject 

The GDPR grants you certain rights as a data subject including: 

Rights 

Explanation  

Right of access (Art. 15 GDPR) 

 

You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR. 

Right to rectification (Art. 16 GDPR) 

 

You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay. 

Right to erasure (Art. 17 GDPR) 

 

You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies. 

Right to restriction of processing (Art. 18 GDPR) 

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have objected to the processing.  

Right to data portability (Art. 20 GDPR) 

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party. 

Right to withdraw consent (Art. 7 GDPR) 

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected. 

Right to object (Art. 21 GDPR) 

If data is collected on the basis of Art. 6 (1)(f) GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims. 

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) 

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement. 

 

Asserting your rights 

You can assert the above-mentioned rights by contacting us at the contact details provided in our website imprint with company details or via privacy@JDEcoffee.com. 

You may also contact our Customer or Consumer Service via the local phone number and the local email address provided on the website. 

 

11. Contact details of our data protection officer 

Our Global Compliance Officer and external data protection officer are available to provide further information on data protection.   

JDE Global Compliance Officer   
privacy@JDEcoffee.com    

FIRST PRIVACY GmbH,   
Konsul-Smidt-Str. 88,  
28217 Bremen, Germany  
www.first-privacy.com  
office@first-privacy.com