Koffeecup privacy notice
We take the privacy of our Website users (“you”) very seriously. We ask that you read this Policy carefully as it contains important information about how we will process your personal data.
1. ABOUT US
“We” or “Koffeecup” are Koffee Cup Ltd, a company registered in England and Wales. Our company registration number is 05594558 and our registered office is at 6-16 Arbutus Street, London, England, E8 4DT.
2. HOW WE COLLECT INFORMATION ABOUT YOU
We may obtain personal data in a number of circumstances relating to your access to and/or use of the Website, including where:
you apply for a job at Koffeecup. When you apply for a Job your CV as well as any other extra personal information you have provided, will be uploaded on G Suite and internal access will be granted only to those involved in the recruitment process.
you register to our newsletters. When you registered to our newsletters your personal data will only be stored in the database of Squarespace (the content management & hosting system we use, which is also provider of newsletter management services).
you use the Website;
3. THE INFORMATION WE COLLECT
Personal Data: When you subscribe to our newsletters, the personal data we collect about you includes your name and your email address. When you apply for a job, we collect personal information that you have decided to include on your CV document and your email.
Other Data: We may also collect device information from or about the computers, phones, or other devices where you install or access the Website, depending on the permissions you have granted. We may associate the information we collect from your different devices, which helps us provide consistent Website services across your devices. Here are some examples of the information we collect: (i) attributes such as the operating system, hardware version, device settings, file and software names and types, and device identifiers; (ii) device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals; and (iii) connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
4. ON WHAT LEGAL BASIS DO WE PROCESS INFORMATION ABOUT YOU
In order to process personal data, the GDPR states that we must satisfy one of these six lawful basis: (i) explicit consent, (ii) contractual obligations, (iii) legal obligations, (iv) vital interests, (v) public interests (vi) and legitimate interests.
We justify our listed processing activities on the following basis:
When you register with our newsletter we rely on Explicit Consent as the lawful basis on which we collect and use your personal data.
Where you apply for a job opening through the Website or through a Third Party (such as LinkedIn), we rely on your Explicit Consent, which is freely given by you during the application process.
When you use our website we rely on Legitimate Interest as the lawful basis on which we collect analytics for fine-tuning the user experience
5. HOW WE WILL USE THE INFORMATION ABOUT YOU
We use the information that you have given us in order to:
send you newsletters or approach you directly through email
contact you with regards to your job application
6. WITH WHOM ARE WE SHARING YOUR DATA?
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. These processors are GDPR compliant and we disclose your information to them for the following purposes only:
Squarespace (Content management & hosting system) in order to manage newsletter communications
G Suite (Google Drive) in order to host your CVs and keep them safe.
In some circumstances we are legally obliged to share information with law enforcement agencies in connection with any investigation to help prevent unlawful activity
7. HOW WE PROTECT YOUR INFORMATION
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. For example:
we store your personal data on secure Third Party cloud service operators who comply with GDPR (Squarespace and G Suite);
we are using SSL technology to ensure a secure connection from the web server to Your browser.
we’ve setup an internal Information Security Management System (ISMS), which all of our employees need to comply with
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal data transferred from you or to you via the internet.
8. HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain your data related to our newsletter communications until you unsubscribe from it. Once you have unsubscribed we may retain your data for up to 6 months to ensure that your data has been deleted throughout.
When you are applying for a job, we will hold your personal data for no more than 7 months from the day you send your application to us.
Your personal information will be deleted on one of the following occurrences:
receipt of a written request by you to us
termination of the retention period, with regards to your job application, as this described above
withdrawal of your consent to receive newsletters. You can withdraw either by clicking unsubscribe, at the bottom of the newsletter or by contacting us directly at firstname.lastname@example.org
By submitting your personal information you consent to the use of that information as set out in this Policy.
10. WHAT ARE YOUR DATA PROTECTION RIGHTS?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
Right to be informed: you have the right to know what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
Right of access: you have the right to request a copy of the information we hold on you.
Right of rectification: you have the right to request to correct personal data that is inaccurate or incomplete. You can also update your account details yourself at any time by visiting your profile.
Right to be forgotten: in certain circumstances, you can ask for the data we hold on you to be erased from our records.
Right of portability: you can request to transfer any data that we hold on you to another company.
Right to restrict processing: you can request that we limit the way we use your personal data.
Right to object: you have the right to challenge certain types of processing, such as direct marketing.
Right related to automated decision making including profiling: you are free to request a review of automated processing if you believe the rules aren’t being followed.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: email@example.com
11. OVERSEAS TRANSFERS
We may transfer your personal data to a jurisdiction outside the European Economic Area if in our discretion such transfer is necessary or desirable for our purposes as described in this Policy. Certain of those jurisdictions may not have data protection laws equivalent to those in the UK. By submitting your information you consent to these transfers.
13. HOW TO CONTACT US
We welcome your feedback and questions. If you would like to contact us, please send an email to firstname.lastname@example.org
14. HOW TO CONTACT THE APPROPRIATE AUTHORITY
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office whose details can be found at: http://www.ico.org.uk/