Café Milagro values our customers and respects their privacy. We collect customer information in an effort to improve your shopping experience and to communicate with you about our products, services, and promotions. Café Milagro recognizes that it must maintain and use customer information responsibly. We do not sell or rent the information you provide to us to third parties.



1. Background


1.1. (“Website”) and the mobile apps, web interfaces, APIs, documentation, servers and all other Intellectual Property, software and infrastructure (individually referred to as “Café Milagro” and collective as “ Café Milagro” are owned, registered and operated by Café Milagro ("Company"), a company, incorporated under the laws of Costa Rica. 


1.2. This Privacy Policy covers: (i) the type of information collected from the users through the Website, Café Milagro, including sensitive Personal Data or information; (ii) the purpose, means and modes of usage of such information; and (iii) how and to whom such information which has been collected will be disclosed. 


1.3. For the purpose of this Privacy Policy, wherever the context so requires the term “administrator”, “customer”, ‘Team Creator” shall mean any user who creates a team and invites other users to use the  Café Milagro. “User” shall mean any natural person who has been invited to use any  Café Milagro Product from the  Café Milagro by an administrator or customer. The term “We”, “Us”, “Our” shall mean the Company, its employees, and authorized agents that perform any services on the Company’s behalf. 


1.4. The administrator is the controller for all information related to the teams created by the customer and the users invited to Café Milagro by them. The company is the controller for all the information related to the administrators themselves and for other individuals for whom data is collected directly by us. 

This privacy policy primarily covers administrators/customers and does not directly cover their end users.


1.5. We reserve the right to make changes to this Privacy Policy at any time. Any such modifications will become effective immediately upon posting to the Website or Café Milagro and continued use of Café Milagro constitutes agreement to such modifications. You agree to periodically review the current version of the Privacy Policy as posted on the Website. We will notify you of material changes in advance by email or by notice when you log in to the Sites and Services or both.


2. Information collected from the Administrator/User(s)


2.1. Company protects Personal Data in accordance with applicable laws and our data privacy policies. In addition, Company maintains the appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We collect information directly from administrator, as well as automatically through use of our Website, services through the  Café Milagro Suites and, in some cases, from third parties. 


2.1.1. Information That Our Customers Give is:

First and last name;
Email address(es);
Physical Address;
Mobile and other phone number(s);
Date of birth;
Organization information;
Mobile device information, including, without limitation, device type, ID, model number, operating system, application, and related information;
Payment information, including credit/debit card or other payment account information (payment information is submitted and payment is processed through a secure connection.);
MAC and/or IP address;
Any other required account or other information to utilize the Café Milagro website. 


2.1.2. Information Collected Automatically: When User use or interact with our Website and services, we receive and store information generated by activity, like Usage Data, and other information automatically collected from browser or mobile device. This information may include IP address; browser type and version; preferred language; geographic location using IP address, wireless, or Bluetooth technology on device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Website, including date and time. We also may log the length of time of visit and the number of times User visit and use the services. We may assign User one or more unique identifiers to help keep track of future visits. 


2.1.3. Information from Other Sources: If we receive any information about User from other sources, we may add it to the information we already have about User. For example, if we receive a list of subscribers to a  Café Milagro Product and we note that User is a user of our products and also a subscriber, we may combine that information. Examples of information we may receive from other sources includes updated delivery or payment information which we use to correct our records, purchase or redemption information, customer support or enrollment information, page view, search term and search result information from business partners, and credit or identity information which we use to help prevent and detect fraud.

Further we use Google Analytics for analytics and measurement to understand how our services are used. For example, we analyze data about your visits to our sites to do things like optimize product design.


2.1.4. Information from our website visitors: Our website visitors contact us for more information or request for product demos. For this purpose, we generally request for name, email, company name and contact number. 


2.2. Sensitive Data: We do not generally seek to collect sensitive data (also known as special categories) through this Website or otherwise. Administrator may seek this information and User should ensure User obtain administrator’s privacy policy prior to sharing sensitive data via Café Milagro.


3. How the collected information will be used 


3.1. Lawful Basis of processing 

We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations. 

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. 


3.2. Use of Customer Data – We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you. 

The information collected by Us when customers use the Website and services, shall be used in the manner described below: 

Facilitate use of the  Café Milagro Suite, its upgrades, its replacements and to maintain the  Café Milagro Suite.
Process payment and verify payment information;
Contact and communicate with Customers and Users with respect to  Café Milagro Suite;
Provide technical service and support, including updates;
Respond to legal requirements, exercise our legal rights or defend against legal claims, to protect our interests, fight fraud or illegal activity, to enforce our policies, or to protect third party rights, property, or safety.
Customize and/or tailor the  Café Milagro Suite and user experience, which may include displaying information based on their search or content from other users.
Responding to our customer on queries and support issues 
Responding to our Customer’s end users on queries and support issues 

As part of our contractual agreements with our customers, we also provide their end users with support on queries and technical support. In doing so, we act as processors for our customers and any data collected from such end users is collected on behalf of our customers. 


3.3. Consent 

When you give you consent to us for contacting you for marketing purposes by signing up for our blog, demo of  Café Milagro or during an event that you attend. 


3.4. Users under 16 years of age 

The Sites and Services do not knowingly collect personal information from users under the age of 16. If you are under the age of 16, you are not permitted to use the Sites and Services except maybe as an end user of our customers in accordance with their privacy policy.


4. Customers’ Rights with respect to Processing Personal Data 

Customers are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to: 

Request access to the Personal Data: This right entitles customers to know whether We hold Personal Data about them and, if we do, to obtain information on and a copy of that Personal Data.
Request a rectification of Personal Data: This right entitles customers to have Personal Data be corrected if it is inaccurate or incomplete.
Object to the Processing of Personal Data: This right entitles Customer to request that Company no longer Processes Personal Data.
Request the erasure of Personal Data: This right entitles Customer to request the erasure of Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
Request the restriction of the processing of Personal Data: This right entitles Customer to request that Company only processes Personal Data in limited circumstances, including with consent.
Request portability of Personal Data: This right entitles Customer to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that administrators have provided to Company, or request Company to transmit such Personal Data to another data controller. 
As a user, you would need to submit a request via your administrator to request for deletion, opt-out or to receive a copy of your data. If we receive a request directly from you, the same will be forward to the administrator for your team for approval.

To the extent that the processing of Personal Data is based on Consent, Customers have the right to withdraw such Consent at any time by contacting Company’s Data Privacy Officer. Please note that this will not affect Company’s right to process Personal Data obtained prior to the withdrawal of consent, or its right to continue parts of the processing based on other legal basis other than consent.


5. Cookies 


5.1. Café Milagro uses cookies, which are files that web browser puts on system when User visit a website, to store certain information that is not sensitive personal information. The information collected through these cookies is used by us for the technical administration of the Company’s research and development, and to improve the quality of our services. 


5.2. We may use third party cookies to track visitor behavior and to improve the quality of our services. However, such cookies will not store any kind of personal information, nor will such information be disclosed to any third party. 


5.3. These cookies are intended to be automatically cleared or deleted when the User quits the browser application. User are encouraged to use the “clear cookies” functionality of browser to ensure such clearing / deletion, since it is impossible for us to guarantee, predict or provide for the behavior of system. User have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Users browser and other choices may impact experiences with our products. 


5.4. The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal development and maintenance of the  Café Milagro Suite and to retarget and re-market Café Milagro and our products to User.


6. Third Party Links 

We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the User’s use of them, or the information practices of their operators.


7. Data Security Procedures 


7.1. We maintain organizational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake to protect any kind of personal sensitive information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. 
We adopt market leading security measures to protect Personal Data. 


7.2. Regarding use of our Websites, User should understand that the open nature of the internet is such that information and Personal Data flows over networks connecting User to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.


8. Retention of Information 

We will retain Personal Data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria: 

We retain Data as long as we have an ongoing relationship with our Customer. Once our customers choose to close their accounts, the information is deleted within 30 days of such closure. When you decide to close your account, we delete all personal information about you including any user generated content.
We will only keep the data while account is active or for as long as needed to provide services.
We retain data for as long as needed in order to comply with our legal and contractual obligations.

9. Choice/Opt-Out 

If the Customer wishes to opt- out of receiving non-essential (promotional, marketing-related) communications from us, after setting up an account, they may choose to do so by making such preference changes within the application or by clicking ‘UNSUBSCRIBE’ on any email received.


10. Governing Law 

This Privacy Policy shall be governed by and constructed in accordance with the laws of Costa Rica, without reference to conflict of laws principles. The courts in Costa Rica shall have the exclusive jurisdiction to determine any disputes arising in relation to, or under, these Privacy Policy. User agree to submit to the jurisdiction of the courts in Costa Rica, and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts.