CoffeePals

Legal · Compliance

Privacy Regulation Compliance

We take data privacy seriously. Learn how CoffeePals adheres to GDPR and other privacy regulations to keep your information secure and compliant.

There are significant changes happening in the data privacy regulatory environment. To consolidate useful information regarding our products and privacy regulations in one location, we have created this reference page. If you have any queries, feedback, or concerns regarding our Privacy Policy, your data, or your rights concerning your information, please reach out to us at privacy@coffeepals.com.

EU General Data Protection RegulationData Processing AddendumSubprocessorsCalifornia Consumer Privacy Act

EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. CoffeePals is compliant.

Does GDPR affect me?

The scope of GDPR is extensive if you operate in or have dealings within the EU. In case you have any personal data of EU residents in your CoffeePals account, like names, email addresses, or any other identifiable information, GDPR applies to you. As per GDPR regulations, you are considered a Controller of personal data and must sign a GDPR-compliant Data Processing Addendum (DPA) with all online service providers and third-party vendors you utilize, including CoffeePals.

Data Processing Addendum

For processing personal data of individuals in the EU, it is mandatory to have a contract that complies with GDPR regulations. To ensure that GDPR privacy principles, rights, and obligations are upheld in all instances of personal data processing, we offer a standard Data Processing Addendum (DPA). The DPA is applicable when you use CoffeePals services to process Customer Data as defined in the DPA and the General Data Protection Regulation is applicable. The DPA incorporates the Standard Contractual Clauses of the European Commission to extend GDPR privacy principles, rights, and obligations.

How do I execute the DPA?

  1. 1Download the Data Processing Addendum
  2. 2Complete and sign the DPA as described under “HOW TO EXECUTE THIS DPA”
  3. 3Send the DPA to support@coffeepals.com
  4. 4We’ll sign the DPA and return it to you

Subprocessors

To deliver our services, CoffeePals employs third-party subprocessors such as customer support software and cloud computing providers. We have signed GDPR-compliant data processing agreements with each of these subprocessors and also insist that they have the same in place.

View full list of CoffeePals subprocessors

California Consumer Privacy Act (CCPA)

The CCPA makes a crucial distinction between “service providers,” “businesses,” and “third parties.” You can review the definitions of these terms on the website of the California Attorney General.

According to the CCPA, CoffeePals is classified as a “service provider.” Therefore, we only process the data you provide us for the specific purpose you signed up for. Our business model is straightforward: we charge our customers a recurring subscription fee, and we do not use your data for any commercial purposes or sell your personal information unless you have given us explicit consent.

Moreover, the CCPA grants additional rights to California residents concerning their data. We extend those rights to all our customers, and they are explained in detail in our Privacy Policy. Our Privacy Policy also outlines the data we collect for providing our services and clearly specifies the only situations where we access or share your information.

Adapted from the Basecamp open-source policies / CC BY 4.0

Related policies

Privacy PolicyTerms of ServiceCookie PolicySubprocessorsSecurity