The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. CoffeePals is compliant.
The scope of GDPR is extensive if you operate in or have dealings within the EU. In case you have any personal data of EU residents in your CoffeePals account, like names, email addresses, or any other identifiable information, GDPR applies to you. As per GDPR regulations, you are considered a Controller of personal data and must sign a GDPR-compliant Data Processing Addendum (DPA) with all online service providers and third-party vendors you utilize, including CoffeePals.
For processing personal data of individuals in the EU, it is mandatory to have a contract that complies with GDPR regulations. To ensure that GDPR privacy principles, rights, and obligations are upheld in all instances of personal data processing, we offer a standard Data Processing Addendum (DPA). The DPA is applicable when you use CoffeePals services to process Customer Data as defined in the DPA and the General Data Protection Regulation is applicable. The DPA incorporates the Standard Contractual Clauses of the European Commission to extend GDPR privacy principles, rights, and obligations.
To deliver our services, CoffeePals employs third-party subprocessors such as customer support software and cloud computing providers. We have signed GDPR-compliant data processing agreements with each of these subprocessors and also insist that they have the same in place. Please refer to the list of CoffeePals subprocessors for more information.
The CCPA makes a crucial distinction between "service providers," "businesses," and "third parties." You can review the definitions of these terms on the website of the California Attorney General at https://www.oag.ca.gov/privacy/ccpa.
According to the CCPA, CoffeePals is classified as a "service provider." Therefore, we only process the data you provide us for the specific purpose you signed up for. Our business model is straightforward: we charge our customers a recurring subscription fee, and we do not use your data for any commercial purposes or sell your personal information unless you have given us explicit consent.