Privacy policy

Last updated: 14 April 2025

This policy explains how we collect, use, and protect your personal data when you interact with Coffee Collective – including through our webshop, newsletter, or job applications.

The Coffee Collective A/S is the data controller for your personal data.


Contact details:
The Coffee Collective A/S
Godthåbsvej 34B
2000 Frederiksberg
mail@coffeecollective.dk
+45 60 15 15 25 (09.00-15.00)

Our website address is https://coffeecollective.dk, which also hosts our webshop. Our server is hosted by Netlify.


Processing of Personal Data
We collect and process personal data when you:

  • Visit our website
  • Order from our webshop
  • Contact us via email or phone
  • Sign up for our newsletter
  • Apply for a job

Legal Basis for Processing
We process your personal data based on:

  • Your consent (Article 6(1)(a) GDPR)
  • Performance of a contract (Article 6(1)(b) GDPR)
  • Legal obligations (Article 6(1)(c) GDPR)
  • Legitimate interests (Article 6(1)(f) GDPR)


1. Specific Data Processing Activities
1.1 Visits to Our Website
See our section on "Cookies" below.


1.2 Webshop Orders
When you place an order, we collect:

  • Name, address, phone number, email address, IP address, and order details.

We use this data to process and deliver your order. Your IP address helps us validate your order and prevent fraud. We do not store your payment details, as they are entered directly into our secure payment gateways.


1.3 Contact via Email or Phone
If you contact us with inquiries or regarding an order, we collect relevant information such as your name, contact details, and any payment or order details.
We retain this data for up to five years for up to five years, unless otherwise required by law.


1.4 Newsletter
If you sign up for our newsletter, we collect your email address and send you a confirmation email to verify your consent.
You can unsubscribe at any time. If you unsubscribe, we retain your consent record for two years for documentation purposes, in accordance with the Consumer Ombudsman’s Spam Guide.


1.5 Job Applications
If you apply for a job, we process the data you provide (name, contact information, CV, etc.).

  • Unsolicited applications: Deleted without undue delay if not relevant.
  • Applications for specific jobs: Deleted once the recruitment process is concluded unless you are hired. If you are hired, you will receive separate information about our processing of your data.


2. Cookies
We use cookies to enhance your experience on our website, for analytics, and for marketing purposes. Cookies collect data such as:

  • IP address, browser details, pages visited, and time spent on our website.

You can choose which cookies you consent to, except for those that are functionally necessary.
We also use cookies to:

  • Maintain your login session
  • Remember your display preferences

For specific information about the cookies used to power our store on Shopify, please refer to Shopify’s Cookie Policy.


3. Data Processors
To deliver our services, we work with trusted external partners who process your personal data on our behalf. All our partners act as data processors under data processing agreements, ensuring your personal data is handled securely and in compliance with the GDPR.

Logistics & Fulfilment

  • PostNord: Delivery partner for shipments both within Denmark and internationally. We share your name, address, and contact details to ensure successful delivery of your order.
  • DSV: International delivery partner (includes subcontractors like FedEx, DHL, TNT, GLS). We share your name, address, and contact details to ensure successful delivery of your order.
  • Webshipper: Logistics platform for booking shipments and printing labels.

E-commerce & Subscriptions

  • Shopify: E-commerce platform for managing orders and subscriptions.
  • Recharge: Manages subscription schedules and details.

Payment Processing

  • Stripe: Secure payment gateway for processing transactions, including subscription payments migrated from our previous e-commerce platform.
  • Shopify Payments: Main payment solution for our webshop, used to securely process transactions and handle payment details in accordance with data protection regulations.

Accounting & Compliance

  • Dynamics 365 Business Central: Accounting and tax compliance.

Hosting & Analytics

  • Netlify: Website and webshop hosting.

Marketing & Communications

  • Klaviyo: Email marketing platform for newsletters and promotional emails.



4. Transfer to Third Countries
Some of our trusted service providers process data outside the European Economic Area (EEA). When we transfer data to third countries, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Adequacy decisions by the European Commission

Our main non-EEA processors:

  • Stripe (USA): Payment processing.
  • Shopify (Canada/USA): E-commerce platform.
  • Recharge (USA): Subscription management.
  • Netlify (USA): Web hosting.
  • Klaviyo (USA): Email marketing.

Additionally, we may share order details with the FDA (USA) for regulatory compliance when shipping coffee to the USA. This is done under Article 49(1)(b) and (c) GDPR.
We regularly review our data transfer mechanisms to ensure GDPR compliance and maintain the security of your personal data.



5. Children's Data
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.
As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.



6. Your Rights
You have the following rights regarding your personal data:

  • Right of access: Know what data we hold about you.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data in certain circumstances.
  • Right to restriction of processing: Request limitation of data processing under specific conditions.
  • Right to object: Object to data processing based on legitimate interests or for direct marketing.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to withdraw consent: Withdraw your consent at any time.

To exercise your rights, please contact us at mail@coffeecollective.dk.
If you believe your personal data is being processed in violation of the law, you have the right to file a complaint with the Danish Data Protection Agency: www.datatilsynet.dk



7. Changes to This Policy
We may update this policy from time to time. Any changes will be posted on our website and, where appropriate, notified to you via email.