Privacy Policy

Goldvein Coffee Company, S.A.S. (Colombia)
Effective date: [Month Day, Year]
Last updated: [Month Day, Year]

1) Who we are

This website (the “Site”) is operated by Goldvein Coffee Company, S.A.S., a company incorporated in Colombia (“Goldvein,” “we,” “us,” “our”).

Controller / Responsible Party (Data Controller): Goldvein Coffee Company, S.A.S.
Registered address: [Full legal address, Colombia]
Business contact: info@goldveincoffee.com
Phone (optional but recommended): [phone]
If you have an EU/UK representative (only required in some cases): [Name + address + email]

Under EU/EEA privacy law, a “controller” is the entity that determines the purposes and means of processing personal data. GDPR+1

2) Scope

This Policy explains how we collect, use, disclose, and protect information when you:

Visit the Site

Create an account

Place an order

Contact us

Subscribe to marketing communications

Interact with our ads, analytics, or social media integrations (if enabled)

This Policy applies to personal data we process about:

Visitors

Customers

Business contacts

Newsletter subscribers

3) Key definitions

“Personal data / personal information”: information that identifies or can reasonably be linked to an individual (e.g., name, email, device identifiers, IP address).

“Processing”: collection, storage, use, disclosure, deletion, etc.

“Cookies”: small files stored on your device and similar technologies (pixels, tags, SDKs). EU rules generally require consent for non-essential cookies. European Union+1

4) What we collect

A) Information you provide to us

We may collect:

Identifiers: name, email, phone number

Account information: login credentials (hashed), preferences

Order and transaction data: items purchased, order history, returns, customer service history

Shipping and billing details: shipping address; billing address

Payment processing data: we typically receive limited payment-related metadata (e.g., payment confirmation, last 4 digits, payment method type). We do not store full card numbers when using standard payment processors.

Communications: emails/messages you send us, support requests

B) Information collected automatically

When you use the Site, we may collect:

Device and network data: IP address, browser type, device type, time zone/locale

Usage data: pages viewed, clicks, referring URLs, search terms, session duration

Approximate location: inferred from IP (city/region level)

Cookie and tracking data: identifiers associated with cookies or similar technologies

C) Information from third parties (if applicable)

Payment processors (confirmation and fraud signals)

Shipping carriers (delivery status)

Advertising/analytics partners (campaign performance, attribution)

Social networks (if you interact with social plugins)

5) Why we use your data and our legal bases (EU/EEA/UK)

If EU/EEA/UK privacy law applies, we rely on these lawful bases (GDPR Art. 6):

Contract necessity (to fulfill orders, provide requested services)

Legitimate interests (e.g., fraud prevention, security, basic site analytics, improving our services)

Consent (e.g., marketing emails where required; non-essential cookies in the EU) Usercentrics+1

Legal obligation (tax, accounting, compliance)

We provide notices in a clear, accessible form as required by GDPR transparency rules. GDPR

Purposes (what we do with it)

We process personal data to:

Process and deliver orders, payments, shipping, returns

Provide customer support

Create and manage accounts

Communicate service messages (order confirmations, shipping updates)

Improve and secure the Site (debugging, preventing fraud/abuse)

Run analytics to understand Site performance

Marketing and advertising (where permitted; subject to your choices)

Comply with legal requirements and enforce our terms

6) Sensitive data

We do not intend to collect “sensitive” categories (e.g., health, biometrics, precise geolocation) as part of normal e-commerce operations. If we ever process sensitive data, we will do so only with a lawful basis and appropriate safeguards.

7) Cookies and similar technologies (summary)

We use cookies and similar technologies for:

Strictly necessary functions (cart, checkout, security)

Preferences (language, region)

Analytics (how the Site is used)

Advertising (measuring and improving marketing)

In the EU/EEA/UK, non-essential cookies generally require prior consent and must be as easy to withdraw as to give. Usercentrics+1
See Section 14 (Cookie Policy) for detailed information and controls.

8) Sharing / disclosure of personal data

We may share personal data with:

Service providers (processors): website hosting, payment processing, order fulfillment, email delivery, analytics, customer support tools

Shipping carriers: to deliver purchases

Professional advisers: legal, accounting, auditors (as needed)

Authorities: where required by law or to protect rights/safety (e.g., subpoenas, fraud investigations)

We do not allow service providers to use your personal data for their own unrelated purposes.

9) International transfers (EU/EEA/UK)

Because we are based in Colombia and may use vendors in other countries, your data may be processed outside your country of residence.

If EU/EEA data is transferred to countries without an adequacy decision, we typically rely on Standard Contractual Clauses (SCCs) and other safeguards where appropriate. European Commission+1
(If the UK applies, UK transfer tools may apply as well.) ICO

10) Data retention

We keep personal data only as long as needed for the purposes described above, including legal, accounting, and fraud-prevention needs.

Typical retention periods (fill these in honestly):

Orders/invoices/tax records: [e.g., 5–10 years depending on legal requirements]

Account data: until you delete the account, then [X] months unless required for legal claims

Customer support messages: [e.g., 24 months]

Marketing lists: until you unsubscribe, then [e.g., 30 days to process + suppression list retained to honor opt-out]

Analytics event data: [e.g., 14–26 months]

Cookie identifiers: see Cookie Policy / your consent settings

11) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data. No internet transmission is 100% secure; however, we work to prevent unauthorized access, alteration, disclosure, or destruction.

12) Your rights and choices

A) Colombia (Habeas Data – Law 1581/2012 and related rules)

Under Colombian data protection law, you have rights to know/access, update, rectify, delete, and revoke authorization (subject to legal exceptions), and to file complaints with the competent authority. CMS Law+2suin-juriscol.gov.co+2
To exercise these rights, contact info@goldveincoffee.com with the subject line: “Datos Personales – Solicitud Titular”.

(If you maintain procedures for petitions/complaints, reference them here; many Colombia policies also describe how to submit a “consulta” or “reclamo.”)

B) EU/EEA (GDPR) and UK (UK GDPR)

If GDPR/UK GDPR applies, you may have rights to:

Access

Rectification

Erasure

Restriction

Data portability

Object (including to certain marketing and legitimate-interest processing)

Withdraw consent at any time (where processing is based on consent)

Controllers must facilitate these requests and respond within applicable timelines. European Data Protection Board+1

C) United States (including California)

Depending on your state of residence and applicable thresholds, you may have rights such as:

Access/know

Delete

Correct

Data portability

Opt out of certain processing (e.g., targeted advertising, sale/sharing, profiling in some states)

California (CCPA/CPRA): California provides rights and requires disclosure of categories collected and the ability to opt out of “sale” or “sharing” of personal information. California DOJ+1

“Do Not Sell or Share” (California)

If our use of third-party cookies/ads constitutes “sale” or “sharing” under California law, you can opt out via:

Cookie Preferences / Privacy Choices link on the Site, and/or

A request to info@goldveincoffee.com

(Strongly recommended: include a footer link labeled “Your Privacy Choices” and/or “Do Not Sell or Share My Personal Information” if you run ad/analytics that trigger it.)

Global Privacy Control (GPC) / universal opt-out signals

Where required, we will process opt-out preference signals sent via browser/device mechanisms (e.g., GPC). (Implementing this is a technical task; don’t promise it if you won’t honor it.)

13) How to exercise your rights

Email: info@goldveincoffee.com
Subject: “Privacy Request” / “Solicitud de Datos”
Include:

Your name

The email used on the Site

The request type (access/delete/correct/opt out)

Any order number (if relevant)

Identity verification: We may ask for reasonable verification to protect you from fraud.

Authorized agents (California): If you use an authorized agent, we may request proof of authorization and verification consistent with applicable law.

14) Marketing choices

Email marketing: You can unsubscribe using the link in emails or by contacting us.

SMS (if used): Reply STOP or follow instructions provided.

Targeted advertising: You can adjust cookie preferences (see Cookie Policy) and use browser privacy controls; where required, we offer opt-out mechanisms.

15) Children’s privacy

The Site is not intended for children under 13, and we do not knowingly collect personal information from children under 13 without parental consent. U.S. COPPA imposes specific requirements on child-directed services and collection from children under 13. Federal Trade Commission+1
If you believe a child has provided us personal information, contact info@goldveincoffee.com and we will take appropriate steps.

16) Third-party links

The Site may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

17) Changes to this Policy

We may update this Policy. We will update the “Last updated” date and, where required, provide additional notice.

18) Contact and complaints

Questions or requests: info@goldveincoffee.com

EU/EEA/UK: If applicable, you may lodge a complaint with your local supervisory authority.
Colombia: You may also contact the relevant authority for data protection matters (commonly the SIC for general personal data protection).