Privacy Policy & Use of Cookies

I. GENERAL INFORMATION

This Privacy and Cookie Use Policy is a set of rules for the processing of personal data and the collection of
cookies by „!Fest Coffee Mission” Ltd with its registered office at Lviv, Ukraine, address; 24-26,
Staroznesenska street (hereinafter: “Administrator“), inter alia on
https://festcoffeemission.com/ (hereinafter: “Website“), and sets out what personal
data we collect, how we use it and with whom we share it. This notice also describes the measures we take to
protect personal data.
This document is addressed to all persons who visit the website https://festcoffeemission.com/, contact the
Administrator of personal data (by telephone, e-mail, letter), including if they are employees, co-workers or
representatives of the Administrator’s contractors (hereinafter: “Users“).
Users can contact the Administrator in the following ways:
- by letter to: 24-2 STAROZNESENSKA STREET, Lviv city, Lviv region, Ukraine, 79044;
- via email: welcome@festcoffeemission.com;
- By phone: +380 95 498 80 35.
Personal data is any information relating to an identified or identifiable natural person. This type of data
includes, but is not limited to, name, address, telephone number and e-mail address. Information that cannot be
linked to a specific or identifiable person (such as statistical data) is not considered personal data.
Before using the Website and the services of the Administrator, the User should read this privacy and cookie use
policy. The purpose of the document is, inter alia, to fulfil the information obligation referred to in Articles
13(1) and (2) and 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter:
“GDPR”).

II. PROTECTION OF DATA

The Administrator, through the use of appropriate technical and organisational measures, shall make every effort
to protect personal data against loss or misuse.
All data protection notifications are recorded and thoroughly explained and analysed based on the applicable
legislation.

III. DATA SUBJECTS’ RIGHTS

The data subject has the right to:
- to be informed of and have access to the data concerning them (the data subject’s right of
  access under Article 15 GDPR);
- to rectify his or her personal data that are incorrect and to update his or her data (right of
  rectification, Article 16 GDPR);
- request the erasure of his or her personal data (right to erasure, under Article 17
  GDPR);
- to request the cessation of processing (right to restrict processing, under Article 18
  GDPR);
- to request the transfer of data to another Administrator (right to data portability, under
  Article 20 GDPR);
- to object to the processing of his/her personal data (right to object, under Article 21
  GDPR).

IV. WITHDRAWAL OF CONSENT TO THE PROCESSING OF PERSONAL DATA AND THE MECHANISM OF WITHDRAWAL OF CONSENT

Where processing is based on the person’s consent, we would like to inform you that the person has the
right to withdraw consent at any time. The declaration of withdrawal of consent shall be made by submitting a
statement to the Administrator by email or via post.
The receipt of such a statement does not affect the lawfulness of prior processing of personal data.
The withdrawal of consent for the processing of personal data shall be ineffective to the extent necessary for
the proper provision of the services or the provisions of the ongoing contract, including the complaint process.
In such a case, the withdrawal of the aforementioned consent shall become effective upon cancellation of the
services, termination of the ongoing contract or the complaint process.
Despite the effective withdrawal of consent to process the data, the Administrator is entitled to process the
data to the extent necessary for:
- the assertion of contractual claims;
- fulfilment of a legal obligation incumbent on the Administrator;
- the performance of a task carried out in the public interest or in the exercise of official authority
  vested in
  the Administrator;
- purposes resulting from legitimate interests pursued by the Administrator or by a third party, except
  where such
  interests are overridden by the interests or fundamental rights and freedoms of the data subject.
In connection with a declaration of withdrawal of consent to data processing, for the purposes of identifying
the person making the declaration and in order to protect against unauthorised access to the data, the
Administrator shall be entitled to obtain additional confirmation of the identity of the person making such
declaration.

V. CATEGORIES OF PERSONAL DATA PURPOSES OF PROCESSING AND LEGAL BASIS

In order to provide the Services and to fulfil the Contract with its Customers [Pursuant to Article 6(1)(b)
GDPR], the Administrator may process necessary data, such as registration data, data of contact persons on the
Customer’s side, i.e. name, surname, official position, telephone, signature, e-mail address, work position,
delivery address.
The provision of personal data is voluntary, but is necessary for the performance of the Services, provided by
the Administrator.
The Administrator also processes data in connection with the performance of its Services:
- on the basis of consent [Pursuant to Article 6(1)(a) and Article 7 of the DPA] – in particular for
  marketing
  purposes or in order to respond to a request to the Administrator
- on the basis of the Administrator’s legitimate interests [Pursuant to Article 6(1)(f) GDPR] – in
  particular
  such as: satisfaction surveys of the services provided (and also for the purpose of analysing the
  results of the
  surveys completed as part of this survey and the possibility of contacting the person responding back);
- in order to fulfil its legal obligations [Pursuant to Article 6(1)(c) of the DPA], such as: correct
  billing of
  the Service provided, processing of complaints, tax settlements;
For the purpose of defending against and pursuing claims [Pursuant to Article 6(1)(f) GDPR].
The use of the Website may involve the processing of personal data by the Administrator for the following
purposes:
- Placing of an order by a contractor and activities aimed at its fulfilment – data sent for the purpose
  of order
  fulfilment such as: registration data, name of the representative, address, delivery address, e-mail,
  telephone
  number;
- Contact via the contact form [Pursuant to Article 6(1)(f) GDPR] – data sent via the contact form such
  as: name,
  email address, telephone number, which is required for processing and responding to the enquiry;
  [Pursuant to
  Article 6(1)(a) GDPR] consent for processing such data as: address-email, telephone number is required
  for
  contact for the purpose of making a commercial offer.
- Contacting a consultant via chat or redirecting to Whatsapp messenger [Pursuant to Article 6(1)(f) of
  the DPA] –
  data sent during a conversation with a consultant, such as email address, name, telephone number, may be
  processed in order to verify the question asked and to provide an answer.

VI. DATA SHARING

The Administrator may share personal data:
- to the Administrator’s group companies and subcontractors (e.g. transport partners) for the purpose of
  processing orders, including the delivery of parcels;
- entities that are under contract to provide services to the Administrator, in particular IT service
  providers;
- other persons or organisations on the basis of the applicable legislation;
- to state authorities, officers and law enforcement agencies in order to meet national security
  requirements or
  as part of ongoing investigations.

VII. RETENTION PERIOD AND DELETION OF DATA

The Administrator processes personal data only for as long as is necessary to fulfil the purpose for which they
were collected.
Where personal data is processed in connection with the performance of a contract concluded with the Client, we
will retain it for the period of performance of the contract and, to the extent necessary, for 5 years counting
from the end of the calendar year in which the deadline for payment of tax due in connection with the conclusion
and performance of the contract has expired, or longer if required by law;
The User has contacted the Administrator – their data will be processed for the period necessary for the
purposes of contacting the User and for a period of 2 years after the end of the contact.
If personal data is processed based on the User’s consent, it will be processed until the consent is
withdrawn.
If the User’s personal data are no longer necessary for the purposes for which they were processed, the
Administrator will keep them for the purpose of establishing, investigating or defending against possible claims
on the part of both the Administrator and the User only for the periods of limitation of claims, as defined by
law.
After the expiry of the entitlement period for storing personal data, it is permanently deleted.

VIII. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA

Personal data may be transferred to third countries in the event that the services that the Administrator
provides are also to be performed in the territory of a third country. Personal data may also be transferred to
the Administrator’s subcontractors (e.g. entities that deliver a consignment in the territory of a third
country) and entities that provide tax, legal, audit and billing advice to the Administrator, if they carry out
their activities in the territory of a third country.
The Administrator does not transfer personal data to international organisations.
The Administrator does not transfer personal data to third countries where this is impossible or would be
incompatible with generally applicable law.
The level of protection of Personal Data outside the European Economic Area (“EEA”) is not the same as
that provided by European law. Accordingly, the Administrator transfers Personal Data outside the EEA only when
necessary, while ensuring an adequate level of data protection in accordance with applicable regulations.

IX. SOURCE OF PERSONAL DATA

Personal data of Users that is not collected from them directly may be obtained from their employers, colleagues
or
entities that the User represents. The Administrator may also process personal data from publicly available
sources.

X. COOKIES

Cookies are web data, in particular text files, which are stored on the User’s terminal device (computer,
mobile phone, tablet). First of all, they contain the name of the website of their origin, their unique number,
the time they are stored on the end device. Cookies provide the Administrator with statistical information about
User traffic, User activity and the use of the Website. They make it possible to adapt the content and services
to the User’s preferences.
In connection with our use of cookies, we provide the most important information on their use:
- The cookie mechanism is not used to obtain any information about Users, with the exception of
  information about
  their behaviour on the Website.
- The Administrator stores cookies on Users’ computers for:
  - the proper adaptation of the Website to the needs of Users and optimisation of the use of the
    websites;
  - to remember the User’s preferences and individual settings, to recognise the User’s device and
    to
    appropriately display the website adapted to the User’s needs (full version, mobile version of
    the website);
  - the creation of viewing statistics for the Website, which help us to understand how visitors use
    the websites,
    so that we can improve their structure and content;
  - maintaining a User session (after logging in), thanks to which a User does not have to re-enter
    his/her login
    and password on each page of the Website.
There are two main types of cookies used on the Website:
- “session cookies” and
- “permanent” (“persistent cookies”).
“Session” cookies are temporary files that are stored on the User’s terminal equipment until the
User logs out, leaves the website or switches off the software (web browser). “Permanent” cookies are
stored on the User’s terminal equipment for the time specified in the parameters of the cookies or until
they are deleted by the User.
The following types of cookies are used within the Service:
- “necessary” cookies to enable the use of services available on the Website, e.g. authentication
  cookies used for services requiring authentication on the Website;
- cookies used for security purposes, e.g. used to detect misuse of authentication on the Website;
- “performance” cookies, enabling the collection of information about the use of the Website’s
  websites;
- “functional” cookies, which make it possible to “remember” the User’s selected settings
  and to personalise the User’s interface, e.g. with regard to the chosen language or region of origin of
  the
  User, the font size, the appearance of the website, etc.

XI. BLOCKING COOKIES

In many cases, web browsers allow cookies to be stored on the User’s terminal equipment by default. Users of
the Website may at any time make changes to their settings concerning cookies, e.g. in such a way as to block
the automatic handling of cookies or inform on their each placing in the equipment of a User of the Website.
Detailed information on the possibility and methods of using cookies is available in the settings of browsers or
on the following websites:
- in Internet
  Explorer;
- in the Mozilla
  Firefox browser;
- in the Chrome browser;
- in the Safari
  browser;
- in the Opera browser;
However, the Administrator informs that restricting the use of cookies may affect some of the functionalities
available on the Website.

Apply as competitor