By using the Website, you agree to the collection and use of information in accordance with this policy and with the requirements of the greek Law, the EU General Data Protection Regulation (GDPR) and the relevant decisions and acts of the relevant Authority.
For the purposes of the GDPR , we are deemed to be the “data controller” in respect of any personal information that you provide to us or we otherwise obtain about you.
We collect information when you use our services or corresponding with us.
In particular :
We may receive your information from other people. This can happen when you participate in market research or for fraud prevention .
Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us. The certain personally identifiable information you may provide to us , could reasonably be used by us as permitted by and in accordance with applicable data protection law, to : (i) identify you and enable you to use our Website ( for the administration and delivery of an order) or in response to any query; (ii) send promotional and marketing communications to you regarding us and our products and Website; (iii) data share with our affiliates , business partners and market research companies to conduct market research and analysis about our Website on our behalf; (iv) send newsletters , updates and e‐mails; (v) support any other intended purpose stated at the time at which your information is collected, subject to any preferences which you may have indicated; (vi) prevent fraudulent transactions and theft; and (vii) comply with applicable law, governmental request, court order, or otherwise protect the rights, property, or safety of us or others.
By participating to our Services you acknowledge and consent to us using your information in those limited circumstances and for the purposes described.
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This Website, and any services available from this Website, do not knowingly collect or process any sensitive personal data
In certain circumstances we may pass your Personal Information to carefully selected third parties. We will never pass your Personal Information for such purposes unless you have allowed us to do so or we have a lawful right to do so.
We use third party providers for the following services:
If after having given us permission to pass your Personal Information to third parties you change your mind you can opt out by contacting us as described below.
Cookies are files with small amount of data, which may include an anonymous unique identifier.
Cookies are sent to your browser from a web site and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. For further details, please read our cookies policy.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
The technology that we use and the policies that we have implemented are intended to safeguard your privacy from unauthorised access and improper use.
Where appropriate, we attempt to provide for the secure transmission of information, such as credit card details, from your computer to our server by utilising SSL (Secure Sockets Layer) encryption software. However, due to the inherent open nature of the internet, we cannot guarantee that all data transmitted will be secure since no method of transmission over the Internet, or method of electronic storage, is 100% secure. Use of this Website demonstrates your assumption of this risk.
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to Coffee Island using this website. These include your rights to request that Coffee Island :
To contact Us, please see our contact details below.
If We don’t address your request, or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Hellenic Data Protection Authority (HDPA) to make a complaint. They can be contacted via mail ( Data Protection Authority, Office: 3, Leof. Kifisias 1, Athina 115 23 ) , email ( [email protected]) or by telephone (+30-210 6475600 ).
We will not keep any personal information about you for any longer than is necessary. We follow a personal data retention policy which determines how long we keep specific types of personal information for. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary. For further information you can contact Us.
The Personal Information you provide to us will be transferred to and stored on our servers, which sits within the EEA.
We will not transfer your information outside the European Economic Area ("EEA") unless you are a user located outside the EEA in which case it may need to transfer your information to deliver your goods, process payment/refunds, or to send you promotional information you have subscribed to.
We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Policy and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside the EEA.
For the avoidance of doubt, in the event that the UK is no longer a part of the EEA, references in this paragraph to the EEA shall mean the EEA and the UK.
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). The non-provision of the personal data would have the consequence that the contract with you could not be concluded.
As a responsible company, we do not use automatic decision-making or profiling.
Your Personal Data may also be deleted upon request to [email protected] We undertake to perform the deletion within one month (30 calendar days) and will send you a confirmation once your Personal Data have been deleted. Wherever possible, we will aim to complete the request in advance of the deadline.