Privacy Policy

Last updated: December 2024

1. Introduction

AltoKaffee ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our coffee subscription service, in compliance with Swiss Federal Data Protection Act (FADP) and EU General Data Protection Regulation (GDPR).

2. Data Controller

AltoKaffee, located in Zurich, Switzerland, is the data controller responsible for your personal data.

Contact:

Email: privacy@altokaffee.ch

Address: AltoKaffee, Zurich, Switzerland

3. Information We Collect

3.1 Personal Information

We collect the following personal information when you subscribe to our service:

  • Account Information: Name, email address, phone number
  • Delivery Information: Shipping address, delivery preferences
  • Payment Information: Processed securely through Stripe (see section 5)
  • Communication Data: Customer service inquiries, feedback

3.2 Automatically Collected Information

  • Website Usage: IP address, browser type, pages visited, time spent
  • Device Information: Device type, operating system, screen resolution
  • Cookies: Session cookies, preference cookies (see section 8)

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: Processing subscriptions, shipping coffee, managing accounts
  • Payment Processing: Billing, invoicing, and payment collection
  • Customer Support: Responding to inquiries, resolving issues
  • Communication: Order updates, delivery notifications, service announcements
  • Legal Compliance: Meeting tax, accounting, and regulatory requirements
  • Service Improvement: Analytics to enhance user experience (anonymized data only)

4.1 Legal Basis for Processing

Our legal basis for processing your data includes:

  • Contract Performance: Processing necessary to fulfill our subscription service
  • Legitimate Interest: Customer support, service improvement, fraud prevention
  • Legal Obligation: Tax reporting, accounting requirements
  • Consent: Marketing communications (where applicable)

5. Payment Processing and Stripe

We use Stripe, Inc. as our payment processor. When you make a payment:

  • Your payment information is transmitted directly to Stripe and encrypted using SSL
  • We do not store your complete credit card information on our servers
  • Stripe processes payments in compliance with PCI DSS standards
  • Stripe's privacy policy applies to payment data: stripe.com/privacy

We receive limited payment information from Stripe (transaction IDs, payment status) necessary for order fulfillment and customer service.

6. Data Sharing and Transfers

6.1 Third-Party Service Providers

We share limited data with trusted service providers:

  • Shipping Partners: Name and delivery address for coffee delivery
  • Payment Processor (Stripe): Payment processing and fraud prevention
  • Email Service: Order confirmations and customer communications
  • Analytics Providers: Website usage statistics (anonymized data)

6.2 International Transfers

Some service providers may be located outside Switzerland/EU. We ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights and the safety of our users.

7. Data Retention

We retain your personal data for:

  • Active Subscriptions: Throughout your subscription period
  • Cancelled Subscriptions: 7 years for tax and accounting purposes
  • Marketing Data: Until you withdraw consent or opt-out
  • Website Analytics: Up to 26 months (anonymized)

After retention periods expire, we securely delete or anonymize your personal data.

8. Cookies and Tracking

Our website uses the following types of cookies:

  • Essential Cookies: Required for website functionality and security
  • Performance Cookies: Anonymous analytics to improve our service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

9. Your Rights (GDPR/Swiss DPA)

You have the following rights regarding your personal data:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: For marketing communications

To exercise these rights, contact us at privacy@altokaffee.ch. We will respond within 30 days.

10. Data Security

We implement appropriate security measures to protect your data:

  • SSL/TLS encryption for data transmission
  • Secure cloud hosting with regular backups
  • Access controls and employee training
  • Regular security assessments and updates
  • Payment data handled exclusively by PCI-compliant Stripe

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If we become aware of such data collection, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or website notice. The "Last Updated" date indicates the most recent revision.

13. Complaints

If you have concerns about our data handling practices, please contact us first. You also have the right to lodge a complaint with:

Swiss Federal Data Protection and Information Commissioner (FDPIC)

Website: edoeb.admin.ch

Questions about this policy?

If you have any questions about this policy, please contact us at:

Email: legal@altokaffee.ch

Address: AltoKaffee, Zurich, Switzerland