By using the Website, you agree to the collection and use of information in accordance with this policy and with the requirements of the greek Law, the EU General Data Protection Regulation (GDPR) and the relevant decisions and acts of the relevant Authority.
For the purposes of the GDPR , we are deemed to be the “data controller” in respect of any personal information that you provide to us or we otherwise obtain about you.
Personal Information We collect from you
We collect information when you use our services or corresponding with us.
In particular :
- We keep information you give us directly when you sign up , such as contact information (name, surname, e-mail address and mobile phone number), or ( optional ) birth date and gender
- We log through cookies and analyze the frequency of your visits to the Website, details of your purchases, if you benefit from our offers and any possible entries in our competitions.
- We record your comments and if there is any reported incident by you , we may need to record your personal information about it, subject to your specific consent.
- If you contact Us directly (by mail, e-mail or telephone) and complain or give feedback, or enter a competition, we will record details and all related information such as emails, letters and phone calls.
Information we receive from third parties
We may receive your information from other people. This can happen when you participate in market research or for fraud prevention .
Information Collection And Use
Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us. The certain personally identifiable information you may provide to us , could reasonably be used by us as permitted by and in accordance with applicable data protection law, to : (i) identify you and enable you to use our Website ( for the administration and delivery of an order) or in response to any query; (ii) send promotional and marketing communications to you regarding us and our products and Website; (iii) data share with our affiliates , business partners and market research companies to conduct market research and analysis about our Website on our behalf; (iv) send newsletters , updates and e‐mails; (v) support any other intended purpose stated at the time at which your information is collected, subject to any preferences which you may have indicated; (vi) prevent fraudulent transactions and theft; and (vii) comply with applicable law, governmental request, court order, or otherwise protect the rights, property, or safety of us or others.
By participating to our Services you acknowledge and consent to us using your information in those limited circumstances and for the purposes described.
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This Website, and any services available from this Website, do not knowingly collect or process any sensitive personal data
How We Share Your Personal Information
In certain circumstances we may pass your Personal Information to carefully selected third parties. We will never pass your Personal Information for such purposes unless you have allowed us to do so or we have a lawful right to do so.
We use third party providers for the following services:
- Sending promotional offers
- Customer feedback surveys
- Customer services
- IT development, support, maintenance and hosting, including the provision of website hosting
- Order and delivery processing through the Coffee Island stores franchised system.
- Payments’ processing to enable you to pay by credit or debit card
If after having given us permission to pass your Personal Information to third parties you change your mind you can opt out by contacting us as described below.
Cookies are files with small amount of data, which may include an anonymous unique identifier.
Cookies are sent to your browser from a web site and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. For further details, please read our cookies policy.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
The technology that we use and the policies that we have implemented are intended to safeguard your privacy from unauthorised access and improper use.
Where appropriate, we attempt to provide for the secure transmission of information, such as credit card details, from your computer to our server by utilising SSL (Secure Sockets Layer) encryption software. However, due to the inherent open nature of the internet, we cannot guarantee that all data transmitted will be secure since no method of transmission over the Internet, or method of electronic storage, is 100% secure. Use of this Website demonstrates your assumption of this risk.
Customer and Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to Coffee Island using this website. These include your rights to request that Coffee Island :
- confirms to you what personal data it may hold about you and for what purposes
- changes the consent which you have provided in relation to your personal data
- corrects any inaccurate or incomplete personal data which may be held about you
- provides you with a complete copy of your personal data for you to move elsewhere
- stops processing your personal data, whilst an objection from you is being resolved
- permanently erases all your personal data promptly, and confirms to you that it has done so (there may be reasons why we may be unable to do this)
- transfers of your personal data to another organization
To contact Us, please see our contact details below.
If We don’t address your request, or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Hellenic Data Protection Authority (HDPA) to make a complaint. They can be contacted via mail ( Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, Γραφεία: Κηφισίας 1-3, Τ.Κ. 115 23, Αθήνα ) , email ( email@example.com) or by telephone (+30-210 6475600 ).
How Long We Keep Your Personal Information
We will not keep any personal information about you for any longer than is necessary. We follow a personal data retention policy which determines how long we keep specific types of personal information for. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary. For further information you can contact Us.
Transferring Personal Information Outside Of The EEA
The Personal Information you provide to us will be transferred to and stored on our servers, which sits within the EEA.
We will not transfer your information outside the European Economic Area ("EEA") unless you are a user located outside the EEA in which case it may need to transfer your information to deliver your goods, process payment/refunds, or to send you promotional information you have subscribed to.
We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Policy and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside the EEA.
For the avoidance of doubt, in the event that the UK is no longer a part of the EEA, references in this paragraph to the EEA shall mean the EEA and the UK.
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). The non-provision of the personal data would have the consequence that the contract with you could not be concluded.
Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
Contact Us-Opt out