
This privacy policy informs you about the type, scope, and purpose of processing personal data when visiting our website kokocoffeelab.de and when placing orders in our online shop.
The controller within the meaning of the GDPR is Johannes Konopka, KOKO COFFEE LAB, Münzstraße 5, 97070 Würzburg, email: shop@kokocoffeelab.de. You can find the full contact details in our legal notice.
When you visit our website, information is automatically processed in server log files (IP address, date and time, page accessed, browser type, operating system). The legal basis is Art. 6 para. 1 lit. f GDPR (secure and stable operation). Transmission is encrypted (SSL/TLS).
Our website is hosted by Vercel Inc.; we operate our database with Neon. Both process data on our behalf (Art. 28 GDPR). For technical reasons, personal data (e.g., IP addresses) may be processed.
Our shop uses Shopify's storefront technology. The order and payment process (checkout) is handled via Shopify International Ltd.'s hosted checkout. Data processed there (name, delivery and billing address, payment details) is required for contract performance (Art. 6 para. 1 lit. b GDPR).
Payment processing is handled by the respective payment service providers depending on your chosen method (including Shopify Payments, PayPal, Klarna, credit card). These process your payment data under their own responsibility.
We use cookies. Non-essential cookies (statistics, marketing) are only set with your consent (Art. 6 para. 1 lit. a GDPR). Management is handled via our consent tool; you can adjust or revoke your selection at any time via "Cookie settings" in the footer. Details and a cookie overview can be found in our cookie policy.
To measure reach, we use – only with your consent – Google Analytics 4 (Google Ireland Ltd.). We use Google Consent Mode v2; without consent, no analytics cookies are set. The legal basis is Art. 6 para. 1 lit. a GDPR.
For sending emails we use Resend (Resend, Inc., USA) as a processor (Art. 28 GDPR). It is used to send: (a) system administration emails (e.g. sign-in and password emails for authorized staff) and (b) messages you send us via our contact or B2B form. The legal basis is Art. 6(1)(b) and (f) GDPR. As Resend also processes data in the USA, a transfer to a third country takes place; this is safeguarded by [EU-US Data Privacy Framework / standard contractual clauses — please verify]. Order and shipping confirmations for your purchase, however, are sent via Shopify (see section 4).
When you contact us or create a customer account, we process the data provided to handle your request or manage your account (Art. 6 para. 1 lit. b and f GDPR).
You have the right to access, rectification, deletion, restriction of processing, data portability, and objection. You can revoke any consent given at any time with effect for the future.
You have the right to lodge a complaint with a data protection supervisory authority – the competent authority for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Ansbach.