Personal Data (hereafter generally referred to as "data") is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

In accordance with Article 4, paragraph 1 of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), "processing" means any operation or set of operations performed on personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.

With the following privacy statement, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, as far as we decide alone or jointly with others about the purposes and means of processing. We also inform you about the third-party components we use for optimization purposes and to improve the user experience, to the extent that they process data in their own responsibility.

Our privacy statement is structured as follows:

I. Information about us as the data controller
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the data controller

The responsible provider of this website within the meaning of data protection law is:

Trevo Coffee Roastery
Platz 30
6870 Bezau
Austria

Phone: +43 (0)681 20342541
Email: andrea@trevo.coffee

II. Rights of users and data subjects

In relation to the data processing described below, users and data subjects have the right:

• To confirm whether data concerning them is being processed, to access the data processed, to obtain further information about the data processing, and to receive copies of the data (see also Article 15 GDPR);

• To rectify or complete inaccurate or incomplete data (see also Article 16 GDPR);

• To the immediate erasure of data concerning them (see also Article 17 GDPR), or, alternatively, where further processing is necessary according to Article 17, paragraph 3 GDPR, to restrict processing in accordance with Article 18 GDPR;

• To receive the data concerning them and which they have provided, and to transmit this data to other providers/controllers (see also Article 20 GDPR);

• To lodge a complaint with a supervisory authority if they believe that their data has been processed by the provider in violation of data protection laws (see also Article 77 GDPR).

Furthermore, the provider is required to inform all recipients to whom the data has been disclosed about any correction, erasure of data, or restriction of processing that has occurred under Articles 16, 17 paragraph 1, and 18 GDPR. However, this obligation does not apply where such communication is impossible or involves a disproportionate effort. Notwithstanding this, the user has the right to know about these recipients.

Users and data subjects also have the right to object to the future processing of their data, as far as the data is processed by the provider in accordance with Article 6, paragraph 1 lit. f) GDPR. In particular, an objection can be raised against data processing for direct marketing purposes.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, no legal retention obligations prevent the deletion of the data, and no other contradictory information is provided for specific processing procedures.

Server Data

For technical reasons, especially to ensure a secure and stable website, data is transmitted to us or our webspace provider by your internet browser. These so-called server log files include, among others, the type and version of your internet browser, the operating system, the website from which you accessed our site (referrer URL), the pages of our website you visit, the date and time of each access, and the IP address of the internet connection from which you use our website.

These collected data are temporarily stored, but not combined with other data of yours.

This storage is based on Article 6, paragraph 1 lit. f) GDPR. Our legitimate interest lies in improving, stabilizing, and securing the functionality of our website.

The data is deleted at the latest after seven days, unless further storage is required for evidentiary purposes. Otherwise, the data will be excluded from deletion until the final clarification of an incident.

Cookies

a) Session Cookies

We use cookies with our website. Cookies are small text files or other storage technologies stored on your device by the internet browser you are using. Through these cookies, certain information such as your browser data, location data, or your IP address is processed.

This processing makes our website more user-friendly, efficient, and secure, for example, enabling the display of our website in different languages or offering a shopping cart function.

The legal basis for this processing is Article 6, paragraph 1 lit. b) GDPR, if these cookies are processed for contract initiation or contract performance.

If the processing is not related to contract initiation or performance, our legitimate interest lies in improving the functionality of our website. The legal basis then is Article 6, paragraph 1 lit. f) GDPR.

These session cookies are deleted when you close your internet browser.

b) Third-Party Cookies

If applicable, cookies from partner companies that we cooperate with for advertising, analytics, or website functionality may also be used.

For details on the purposes and legal grounds of processing such third-party cookies, please refer to the following information.

c) Removal Option

You can prevent or limit the installation of cookies through settings in your internet browser. You can also delete already stored cookies at any time. The necessary steps and measures depend on the specific internet browser you are using. If you have any questions, please use the help function or documentation of your internet browser or contact the manufacturer or support.

For Flash cookies, however, processing cannot be prevented through browser settings. In this case, you need to change the settings of your Flash player. The necessary steps and measures also depend on the specific Flash player you are using. If you have any questions, please refer to the help function or documentation of your Flash player or contact the manufacturer or support.

If you prevent or limit the installation of cookies, this may result in certain functions of our website not being fully usable.

Contract Execution

The data you transmit to us for the use of our goods and/or services is processed for the purpose of contract execution and is required for this purpose. Contract conclusion and execution are not possible without providing your data.

The legal basis for processing is Article 6, paragraph 1 lit. b) GDPR.

We delete the data upon complete execution of the contract, but must observe the tax and commercial law retention periods.

In the course of contract execution, we forward your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Article 6, paragraph 1 lit. b) GDPR.

Contact Inquiries / Contact Option

If you contact us via a contact form or email, the data you provide will be used to process your inquiry. Providing the data is necessary to process and respond to your inquiry – without it, we may not be able to answer your inquiry or may only be able to do so in a limited way.

The legal basis for this processing is Article 6, paragraph 1 lit. b) GDPR.

Your data will be deleted once your inquiry has been conclusively answered, unless legal retention obligations, such as those related to a subsequent contract execution, prevent deletion.