General terms of use of the coffetek.co.uk website

At Coffetek Ltd, we are committed to protecting the privacy and personal data of users of our websites, services and digital platforms, in accordance with current data protection legislation, in particular the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

 

This privacy policy describes how we process personal data.

 

 

WHO IS THE DATA CONTROLLER FOR YOUR PERSONAL DATA?

 

The data controller for personal data is Coffetek Ltd, contact email: responsableseguridad@azkoyen.com

 

 

FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

 

In the context of commercial relations, Coffetek Ltd will process personal data for the following purposes and on the following legal bases:

  • Handling requests for general corporate information, as well as information regarding our products and services. Legal basis: the data subject’s express consent in connection with the submission of the enquiry (Article 6(1)(a) of the UK GDPR).
  • Drafting and execution of commercial contracts (sale and purchase, distribution, maintenance services, software licences, etc.): the processing of the professional contact details of individuals involved in the formalisation and execution of contracts – whether they are sole traders or persons acting in a representative or managerial capacity on behalf of legal entities to which they provide services – will be processed on the legal basis of legitimate interest (Art. 6.1(f) UK GDPR).
  • Compliance with legal obligations in tax, accounting and administrative matters arising from the contractual relationship established with the data subject. Legal basis: compliance with a legal obligation (Art. 6.1(c) UK GDPR).
  • Management of the corporate whistleblowing channel, joint responsibility for processing carried out by the subsidiaries comprising Azkoyen VPS. Legal basis: compliance with a legal obligation (Art. 6.1(c) UK GDPR). 
  • Sending of commercial information by the responsible subsidiary of Azkoyen VPS to its own customers, by any means – including electronic communications – regarding products and/or services similar to those previously contracted. Legal basis: legitimate interest (Art. 6.1(f) UK GDPR).
  • Management of the technical support service (SAT). Should you need to access the SAT platform, you may register using your email address, first name and surname. Legal basis: existence of a legitimate interest (Art. 6.1.f) UK GDPR)
  • Where your express consent is obtained, sending of commercial information, by any means – including electronic means – by other companies within the Azkoyen VPS group. Legal basis: Consent of the data subject (Art. 6.1(a) UK GDPR).
  • Where consent is given for the use of “non-exempt” cookies, information regarding browsing on our website will be collected in order to measure activity on the site and, where appropriate, to improve the user experience and the functioning of the website. Legal basis: Consent of the data subject (Art. 6.1(a) UK GDPR).
  • Guest Wi-Fi access: information regarding IP address, MAC address and browsing history will be collected during the connection in order to provide the service. Legal basis: Legitimate interest (Art. 6.1(f) GDPR).
  • In the context of relations with job applicants, the data controller, Azkoyen VPS, may process personal data contained in the CVs it handles. Legal basis: implementation of pre-contractual measures at the data subject’s request (Art. 6.1(b) GDPR).

 

 

TO WHOM WILL WE DISCLOSE YOUR PERSONAL DATA?

Your personal data may be disclosed to external auxiliary service providers with access to personal data contracted by Coffetek Ltd, such as IT service providers with access to personal data (technical/IT maintenance service providers, cybersecurity, hosting), environmental management companies, consultancy firms, administrative agencies, recruitment agencies, advertising and marketing companies, and other auxiliary service providers who will act as data processors under the instructions of the contracting entity.

Where we have your express consent, your data may be transferred for commercial purposes to the other subsidiaries of Azkoyen VPS. 

For the purpose of managing the procurement of our products and services, your data will be disclosed to subsidiaries of Azkoyen VPS; likewise, to official distributors of the responsible entity who have signed a commercial collaboration agreement.

Where legally required, your data may also be disclosed to public authorities, auditors, notaries, court experts, lawyers, solicitors, courts and tribunals, and law enforcement agencies in the course of their duties. In addition, your data may be transferred to Azkoyen Vending & Payment Solutions, S.L.U., the parent company of Azkoyen VPS, for administrative purposes within the business group.

 

 

HOW LONG WILL WE RETAIN YOUR PERSONAL DATA?

Your personal data will be retained only for as long as is necessary to fulfil the purpose for which it was collected. Accordingly, once your personal data is no longer required for such purposes, it will be deleted. However, it may be blocked beforehand, remaining available only to judges, courts, public prosecutors or the competent public authorities – in particular the data protection authorities – for the purpose of addressing any potential liabilities arising from the processing, and only for the duration of the applicable limitation period.

  • Personal data obtained via the contact form will be retained only for the time necessary to respond to the request for information.
  • Personal data obtained via the registration form for recruitment processes will be retained whilst such processes are ongoing and for a maximum period of two years from inclusion in the job bank. Thereafter, it will be retained for two years, except in the case of candidates who are ultimately hired, whose CVs will be incorporated into their employment file (in which case the data protection policy applicable to the employment context will apply).

 

  • Personal data obtained via the whistleblowing channel will be retained in that channel’s system for a maximum period of three months, after which the data will be deleted or anonymised, without prejudice to the fact that, should an investigation be initiated, the data may be processed in the information system of those assigned control and compliance functions.
  • Personal data relating to commercial transactions with customers and suppliers operating as self-employed individuals, as well as the data of the legal and commercial representatives of customers and suppliers, shall in all cases be retained for the duration of the contractual relationship and for a further six years following its termination; this period may be extended whilst limitation periods for legal actions remain in force.
  • Personal data of a professional nature that has been included in databases for commercial purposes will be retained unless we are notified of your objection, or where we are aware that the data has become out of date, or where the database is being purged.

 

 

WHAT SECURITY MEASURES WILL BE APPLIED TO YOUR PERSONAL DATA?

The processing of the personal data provided will be carried out by adopting the necessary physical, logical and organisational security measures to prevent loss, misuse, alteration and unauthorised access to such data, taking into account the state of technology, the nature of the data and the risk analysis carried out.

 

 

WILL INTERNATIONAL TRANSFERS OF PERSONAL DATA TAKE PLACE?

In the event that international transfers of personal data take place outside the United Kingdom, such transfers will be carried out in accordance with the applicable data protection regulations, including the UK GDPR. In particular, we will ensure that such transfers are subject to appropriate safeguards, such as adequacy decisions or the use of approved contractual mechanisms, in order to ensure a level of protection equivalent to that required by current legislation.

 

 

HOW CAN YOU EXERCISE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA AND CONTACT OUR DATA PROTECTION OFFICER?

To withdraw any consent you may have given, or to exercise your rights of access, rectification, erasure, objection, restriction, data portability and not to be subject to automated individual decision-making, you may submit a written request to:

Avda. San Silvestre s/n, 31350, Peralta (Navarra, Spain), or

responsableseguridad@azkoyen.com

Should the data subject deem it appropriate, they may contact our Data Protection Officer (DPO) via the same email address indicated above, as well as lodge the corresponding complaint regarding the protection of rights with the Information Commissioner’s Office.

 

 

MANDATORY OR OPTIONAL NATURE OF THE DATA REQUESTED

The mandatory fields on each form are marked with an asterisk (*). Refusal to provide such information will prevent communication with the user and, where applicable, make it impossible to provide the requested information and/or service.