Privacy Policy

Last updated: October 21, 2021

At Vollers Group GmbH (together with its subsidiaries and affiliated companies, will be referred to herein as "Vollers Group" or "We"), We value our users' privacy ("you" or "your") and your desire to know how your information will be handled Security and used. To better protect your privacy, We provide this Privacy Policy (this "Policy"), which explains Vollers Group's information collection practices and the circumstances under which your information may be disclosed by Vollers Group. This Policy summarizes (i) the general information We collect when you access V-Hub located at www.vollers.com (the "Site") and/or when you use any Vollers Group products or services (collectively referred to herein as "Services"), (ii) how We use such information, and (iii) with whom such information is shared.

This Policy applies to the information We collect (i) on this Site; (ii) in email communications between you and this Site.

Please read this Policy carefully to understand how your information is collected and handled.

Vollers Group's V-Hub Site includes links to other websites whose privacy practices may differ from those of Vollers Group. If you submit personal information to any of those sites, your information is governed by their privacy policies. Vollers Group encourages you to carefully read the privacy statement of any website you visit.

Introduction

Your privacy is critically important to us. Therefore, we have a few fundamental principles:

We do not ask you for personal information unless it is required to provide functionality or service.
We do not share your personal information with anyone except to comply with the law, to develop our Services, or protect our rights.
We treat your personal information with the highest regard to privacy and security.

The Services are operated, and maintained by:

Vollers Group GmbH
Speicherhof 308
28217 Bremen
Germany

Controller

For the purpose of the General Data Protection Regulation (EU) 2016/679, the data controller is Vollers Group GmbH a company registered in Germany with number HRB 30224 HB, with its registered office at Speicherhof 308, 28217 Bremen, Germany.

Information Collection and Storage

We collect and store several types of information from and about users of our Site and Services, including the following information:

Information You Provide

To use the Services, you must first complete the registration form and agree to our Terms of Service. During registration you will be required to provide personal information such as your name, email address, country of residence, company name and password. Vollers Group will also collect your credit card or other payment information if you choose to become a paying customer.

There are several other chances you might share personal information with Vollers Group. This may include information about your equipment (e.g. roast machine manufacturer), employee names and suppliers.

You may decide to send Vollers Group personally identifying information in an email message which might contain information or inquiries about Vollers Group's Services. Vollers Group will use this information to identify you as a Vollers Group customer and to respond to the electronic mail. Vollers Group will only use the information obtained to resolve the issue identified in the e-mail.

Necessary Cookies

On our website, we use cookies which are necessary in order for the site to function. Cookies are small text files that can be placed on your computer or mobile device by websites that you visit. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information on certain settings and cannot be linked to a person. They may also be necessary to enable user guidance, security and implementation of the site. The legal basis for using these cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.

You can set your browser to inform you about the placement of cookies. This is in order to make the use of cookies transparent for you. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our web pages may not be displayed correctly and some functions may no longer be available.

Log Data

When you use the Service, We automatically record information from your device, its software, and your activity using the Services log files. This information may include the device's protocol (IP) addresses, browser type, operating system, Java version, Uniform Resource Locators (URLs), error messages, date and time stamps associated with the transactions, the website you visited before visiting the Site, information you search on the Site, your mobile carrier, metadata concerning the Services, and other interactions with the Service. We use this data for analysis and troubleshooting. The legal basis for this processing is Art.6 (1) (f) GDPR.

Storage of IP Addresses for Security Purposes

We store the complete IP address transmitted by your web browser for a period of 7 days in the interest of detecting, limiting and eliminating attacks on our web pages. After this period, we delete or anonymize the IP address. The legal basis for this processing is is Art. 6 (1) (a) or Art. 6 (1) (f) GDPR.

Use of Your Information

We will only use information held about you for the following purposes:

Information you give to us

To present our Site and its contents to you.
To provide you with information, products, or services that you request from Vollers Group.
To fulfill any other purpose for which you provide it.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and Vollers Group.
To allow Vollers Group to provide you with the Services.
In any other way We may describe when you provide the information.
To administer your account and keep track of billing and payments.
To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
To notify you about changes to our Services.

The legal basis for this processing is Art. 6 (1) (b) or Art. 6 (1) (f) GDPR.

Information we collect about you

When you visit our website, our web server temporarily evaluates usage data for statistical purposes in order to improve the quality of our website. This data consists of the following data categories:

The name and address of the requested content
The date and time of the query
Of the transferred data volume
The access status (content transferred, content not found)
The description of the used web browser and operating system
The referral link, which indicates from which page you reached ours
The IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The legal basis for this processing is Art.6 (1) (f) GDPR.

The above-mentioned log data will only be evaluated anonymously.

Disclosure of Your Information to Third Parties

Vollers Group will only share your personal information with third parties under the following circumstances:

Vollers Group has your consent (Art. 6 (1) lit. a) GDPR;
To Vollers Group's contractors, services providers, and other third parties We use to support our business. These partys are usually data processors within the meaning of Art. 28 GDPR. Our service providers are strictly bound by contracts and our instructions.
To a buyer or other successor of Vollers Group in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Vollers Group's assets, whether as a going concern or as part of bankruptcy, liquidation, or other similar proceeding, in which personal information held by Vollers Group about our Site users is among the assets transferred, for the purposes of the legitimate interests of Vollers Group, Art. 6 (1) lit f) GDPR.
If Vollers Group determines that it is required to do so by law; such as in response to a court order or subpoena, Art. 6 (1) lit. c) GDPR
If Vollers Group finds that you are in breach of its terms of service or any of its policies or usage guidelines for specific products or Services, including any agreements regarding billing and collection, for the purposes of the legitimate interests of Vollers Group, Art. 6 (1) lit f) GDPR.
If Vollers Group determines it is necessary prevent, investigate, detect or prosecute criminal offenses or attacks on the technical integrity of the Services or Vollers Group's network, Art. 6 (1) lit. c) GDPR or Art. 6 (1) lit f) GDPR.
If Vollers Group believes disclosure is necessary to protect the rights, property, or safety of Vollers Group or its employees, the users of its Services, or the public, Art. 6 (1) lit f) GDPR.
If disclosure facilitates technical and administrative aspects of the Services (e.g., credit card processing), offering customer service, or perform functions related to the administration of them (e.g. hosting services), Art. 6 (1) lit. b) GDPR or Art. 6 (1) lit. f) GDPR. However, Vollers Group is not responsible in the event that personal information is disclosed at a result of a breach or security lapse by any such third party.

Sub-processors

Vollers Group cerrently uses the following Sub-processors:

Entity	Purpose of data transfer	Location
Freshworks Inc.	User support ticket system and FAQ	United States
Microsoft Corporation	Hosting & Infrastruture Provider Used as an ondemand cloud compution platform Email, File Storage and API's User relationship management	The Netherlands
Sparkpost, Inc.	Email	United States
Stripe Payments Europe Ltd	Invoicing	Ireland
Vollers Group GmbH	Customer support	Germany

V-Hub-Platform

Vollers provides an online platform "V-Hub" that connects coffee sellers who provide green coffee to coffee buyers. These services are accessible at https://v-hub.vollers.com as well as at any other websites through which Vollers makes his services available.
With regard to the legal basis and the purpose of processing, must be made a distinction between platform users who are themselves contractual partners = sole trader (a) and those who are employees of another corporate customer (b):
- (a) Client: Sole Trader
  The data processing regarding sole trader is carried out for the performance of the contract with the sole trader.
  The legal basis for this processing is Art.6 (1) (b) GDPR.
- (b) Client: other companies as corporate customers
  The data processing regarding other companies as corporate customers is carried out in the legitimate interest of Vollers. It is important to note that the contracts between the other companies acting as corporate customers are concluded on the platform. The legal basis for the data processing is Art. 6 (1) (f) DSGVO.

Freshdesk Contact Form

You may contact us third-party via contact form via our helpdesk ("Freshdesk") on https://v-support.vollers.com/support/home and on V-Hub-Platform via the help widget. In order to use our contact form, we will require you to provide the data marked as mandatory.

The legal basis for this processing is Art. 6 (1) (f) GDPR, being our legitimate interest to respond to your request. You can decide whether or not you would like to provide us with further information. This information is provided voluntarily and is not required to contact us.
We process your voluntary details on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Your data will only be processed to process your request.
We will delete your data if they are no longer required and there are no legal obligations to retain them. Where the processing of your data which is transmitted via the contact form is based on legitimate interest in accordance with Art. 6 (1) (f) GDPR, you have the right to object to that processing at any time. To do so, please use the email address provided in the imprint. In addition, you can withdraw your consent to the processing of your voluntarily provided information at any time. To do so, please use the email address provided in the imprint.
The helpdesk tool "Freshdesk" is provided by Freshworks Inc, (USA), who supports us as processor according to Art. 28 GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Freshdesk, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal.

Protection of Your Personal Information

Vollers Group has implemented reasonable security mechanisms to protect personal information that is maintained on Vollers Group's servers from loss, misuse and unauthorized access, disclosure, alteration and destruction. Examples of these security mechanisms include limited and password-protected access, high security public/private keys, and SSL encryption to protect transmission of data.

The safety and security of your information also depends on you. Where We have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access personal information in spite of these measures. Vollers Group cannot guarantee the security of your information.

Policy Toward Children

If you are under 18, or not legally considered to be an adult in the jurisdiction in which you reside, you may only use the Services with the consent of your parent or legal guardian. Additionally, Vollers Group's Services are not directed to persons under 13, and Vollers Group does not knowingly collect personally identifiable information from children under 13. If you are under 13, do not use or provide any information on this Site or register for any features on the Site, make any purchases through the Site, use any of the interactive features of this Site or provide any information about yourself to us, including your name, address, telephone number, or email address. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at v-hub@vollers.com. If we become aware that a child under 13 has provided us with personal information without verification of parental consent, we will take steps to delete such information from our files.

YOUR RIGHTS AS A DATA SUBJECT

WHEN PROCESSING YOUR PERSONAL DATA, THE GDPR GRANTS YOU CERTAIN RIGHTS AS A DATA SUBJECT:

RIGHT OF ACCESS BY THE DATA SUBJECT (ART. 15 GDPR)

YOU HAVE THE RIGHT TO OBTAIN CONFIRMATION AS TO WHETHER PERSONAL DATA CONCERNING YOU ARE BEING PROCESSED; IF THIS IS THE CASE, YOU HAVE THE RIGHT TO BE INFORMED OF THIS PERSONAL DATA AND TO RECEIVE THE INFORMATION SPECIFIED IN ART. 15 GDPR.

RIGHT TO RECTIFICATION (ART. 16 GDPR)

YOU HAVE THE RIGHT TO RECTIFICATION OF INACCURATE PERSONAL DATA CONCERNING YOU AND, TAKING INTO ACCOUNT THE PURPOSES OF THE PROCESSING, THE RIGHT TO HAVE INCOMPLETE PERSONAL DATA COMPLETED, INCLUDING BY MEANS OF PROVIDING A SUPPLEMENTARY STATEMENT WITHOUT DELAY.

RIGHT TO ERASURE (ART. 17 GDPR)

YOU HAVE THE RIGHT TO OBTAIN THE ERASURE OF PERSONAL DATA CONCERNING YOU WITHOUT UNDUE DELAY IF ONE OF THE REASONS LISTED IN ART. 17 GDPR APPLIES.

RIGHT TO RESTRICTION OF PROCESSING (ART. 18 GDPR)

YOU HAVE THE RIGHT TO REQUEST THE RESTRICTION OF PROCESSING IF ONE OF THE CONDITIONS LISTED IN ART. 18 GDPR IS MET, E.G. IF YOU HAVE OBJECTED TO THE PROCESSING, FOR THE DURATION OF OUR EXAMINATION.

RIGHT TO DATA PORTABILITY (ART. 20 GDPR)

IN CERTAIN CASES, WHICH ARE LISTED IN DETAIL IN ART. 20 GDPR, YOU HAVE THE RIGHT TO RECEIVE THE PERSONAL DATA CONCERNING YOU IN A STRUCTURED, COMMONLY USED AND MACHINE-READABLE FORMAT, OR TO REQUEST THAT THIS DATA BE TRANSFERRED TO A THIRD PARTY.

RIGHT TO WITHDRAW CONSENT (ART. 7 GDPR)

IF THE PROCESSING OF DATA IS BASED ON YOUR CONSENT, YOU ARE ENTITLED TO WITHDRAW YOUR CONSENT TO THE USE OF YOUR PERSONAL DATA AT ANY TIME IN ACCORDANCE WITH ART. 7 (3) GDPR. PLEASE NOTE THAT THE WITHDRAWAL IS ONLY EFFECTIVE FOR THE FUTURE. PROCESSING THAT TOOK PLACE BEFORE THE WITHDRAWAL IS NOT AFFECTED.

RIGHT TO OBJECT (ART. 21 GDPR)

IF DATA IS COLLECTED ON THE BASIS OF ART. 6 (1) 1 F GDPR (DATA PROCESSING FOR THE PURPOSE OF OUR LEGITIMATE INTERESTS) OR ON THE BASIS OF ART. 6 (1) 1 E GDPR (DATA PROCESSING FOR THE PURPOSE OF PROTECTING PUBLIC INTERESTS OR IN THE EXERCISE OF OFFICIAL AUTHORITY), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. WE WILL THEN NO LONGER PROCESS THE PERSONAL DATA UNLESS THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF DATA IS STILL NEEDED FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (ART. 77 GDPR)

ACCORDING TO ART. 77 GDPR, YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY IF YOU BELIEVE THAT THE PROCESSING OF YOUR DATA VIOLATES DATA PROTECTION REGULATIONS. THIS RIGHT MAY BE ASSERTED IN PARTICULAR WITH A SUPERVISORY AUTHORITY IN THE MEMBER STATE OF YOUR HABITUAL RESIDENCE, YOUR PLACE OF WORK OR THE PLACE OF THE SUSPECTED INFRINGEMENT.

Asserting your rights

Unless otherwise described above, please contact us to assert your rights. You will find our contact details in our imprint.

Consent

If you wish to subscribe to our marketing communications, we will use your name and email address to send communications to you.

We will only send the you our marketing communications if you have given us your express consent. After you have completed the registration on our website, you will receive a confirmation e-mail at the e-mail address you provided (double opt-in).

You may withdraw your consent at any time. An easy way to withdraw your consent is, for example, to use the unsubscribe link provided in every marketing communication.

As part of the registration process, we store certain data in addition to the above-mentioned data, as far as it is necessary to prove so that you have registered for our marketing communications. This may include storing the complete IP address at the time of the registration or confirmation of the marketing communications, as well as a copy of the confirmation mail sent by us.

The legal basis for the data processing is our legitimate interest to be able to account for the legality of the marketing communications delivery according to Art. 6 (1) (f) GDPR.

Retention

We retain Personal Data for as long as we provide the Services to you or your account remains open. However, we may keep some data after your account is closed or you cease using the Service, for the purposes set out below.

After you have closed your account, we may retain Personal Data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes or fulfil your request to "unsubscribe" from further messages from us.

We will retain de-personalized information after your account has been closed.

Where we store your Personal Data

The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). We also use service providers in third countries outside the EU without an adequate level of data protection, which entails the following risks: Access by authorities without information, no rights of data subjects, no legal remedies, loss of control. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These service providers are usually data processors within the meaning of Art. 28 GDPR. Our service providers are strictly bound by contracts and our instructions. Such staff may be engaged in, among other things, the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We always ensure that your information is only transferred in full accordance with German data protection laws and/or applicable EU data protection law. In particular, this means that your information will only be transferred to a country that provides an adequate level of protection (for example, because the European Commission has determined that a country provides an adequate level of protection) or the recipient is bound by standard contractual clause according to conditions provided by the European Commission ("SSC Standard Contractual Clauses"). You are responsible for checking the privacy policy of any third-party websites we link to.

Our Service is accessible via the Internet and may potentially be accessed by any user around the world. Other users may access the Service from outside the EEA. This means that where you chose to upload your data to the Service, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Service, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Service; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Changes to this Privacy Policy

Vollers Group retains the discretion to amend or modify this Privacy Policy from time to time. If We make material changes to the way we collect, use or disclose personal information, we will notify you by posting a clear and prominent announcement on Vollers Group through a direct communication to your Vollers Group account. For new users, the change or update will become effective upon posting. For existing users, the change or update will become effective 14 days after posting. Your continued use of the Site after We make changes is deemed to be acceptance of those changes, so please check the Site periodically for updates to the Policy.

Contact Us

Vollers Group welcomes your questions and comments about security and privacy. Please send any questions or comments via email to v-hub@vollers.com or to the following address:

Vollers Group GmbH
Speicherhof 308
28217 Bremen
Germany

Contact Details of our Data Protection Officer

Our external data protection officer is available to provide further information on data protection.

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

When contacting our data protection officer, please specify the name of the company, stated in our imprint.