Café Milagro values our customers and respects their privacy. We collect customer information in an effort to improve your shopping experience and to communicate with you about our products, services, and promotions. Café Milagro recognizes that it must maintain and use customer information responsibly. We do not sell or rent the information you provide to us to third parties.
1.1. www.cafemilagro.com (“Website”) and the mobile apps, web interfaces, APIs, documentation, servers and all other Intellectual Property, software and infrastructure (individually referred to as “Café Milagro” and collective as “ Café Milagro” are owned, registered and operated by Café Milagro ("Company"), a company, incorporated under the laws of Costa Rica.
1.4. The administrator is the controller for all information related to the teams created by the customer and the users invited to Café Milagro by them. The company is the controller for all the information related to the administrators themselves and for other individuals for whom data is collected directly by us.
2. Information collected from the Administrator/User(s)
2.1. Company protects Personal Data in accordance with applicable laws and our data privacy policies. In addition, Company maintains the appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We collect information directly from administrator, as well as automatically through use of our Website, services through the Café Milagro Suites and, in some cases, from third parties.
2.1.1. Information That Our Customers Give is:
- First and last name;
- Email address(es);
- Physical Address;
- Mobile and other phone number(s);
- Date of birth;
- Organization information;
- Mobile device information, including, without limitation, device type, ID, model number, operating system, application, and related information;
- Payment information, including credit/debit card or other payment account information (payment information is submitted and payment is processed through a secure connection.);
- MAC and/or IP address;
- Any other required account or other information to utilize the Café Milagro website.
2.1.2. Information Collected Automatically: When User use or interact with our Website and services, we receive and store information generated by activity, like Usage Data, and other information automatically collected from browser or mobile device. This information may include IP address; browser type and version; preferred language; geographic location using IP address, wireless, or Bluetooth technology on device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Website, including date and time. We also may log the length of time of visit and the number of times User visit and use the services. We may assign User one or more unique identifiers to help keep track of future visits.
2.1.3. Information from Other Sources: If we receive any information about User from other sources, we may add it to the information we already have about User. For example, if we receive a list of subscribers to a Café Milagro Product and we note that User is a user of our products and also a subscriber, we may combine that information. Examples of information we may receive from other sources includes updated delivery or payment information which we use to correct our records, purchase or redemption information, customer support or enrollment information, page view, search term and search result information from business partners, and credit or identity information which we use to help prevent and detect fraud.
Further we use Google Analytics for analytics and measurement to understand how our services are used. For example, we analyze data about your visits to our sites to do things like optimize product design.
2.1.4. Information from our website visitors: Our website visitors contact us for more information or request for product demos. For this purpose, we generally request for name, email, company name and contact number.
3. How the collected information will be used
3.1. Lawful Basis of processing
We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
3.2. Use of Customer Data – We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you.
The information collected by Us when customers use the Website and services, shall be used in the manner described below:
- Facilitate use of the Café Milagro Suite, its upgrades, its replacements and to maintain the Café Milagro Suite.
- Process payment and verify payment information;
- Contact and communicate with Customers and Users with respect to Café Milagro Suite;
- Provide technical service and support, including updates;
- Respond to legal requirements, exercise our legal rights or defend against legal claims, to protect our interests, fight fraud or illegal activity, to enforce our policies, or to protect third party rights, property, or safety.
- Customize and/or tailor the Café Milagro Suite and user experience, which may include displaying information based on their search or content from other users.
- Responding to our customer on queries and support issues
Responding to our Customer’s end users on queries and support issues
As part of our contractual agreements with our customers, we also provide their end users with support on queries and technical support. In doing so, we act as processors for our customers and any data collected from such end users is collected on behalf of our customers.
When you give you consent to us for contacting you for marketing purposes by signing up for our blog, demo of Café Milagro or during an event that you attend.
3.4. Users under 16 years of age
4. Customers’ Rights with respect to Processing Personal Data
Customers are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the Personal Data: This right entitles customers to know whether We hold Personal Data about them and, if we do, to obtain information on and a copy of that Personal Data.
- Request a rectification of Personal Data: This right entitles customers to have Personal Data be corrected if it is inaccurate or incomplete.
- Object to the Processing of Personal Data: This right entitles Customer to request that Company no longer Processes Personal Data.
- Request the erasure of Personal Data: This right entitles Customer to request the erasure of Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of Personal Data: This right entitles Customer to request that Company only processes Personal Data in limited circumstances, including with consent.
- Request portability of Personal Data: This right entitles Customer to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that administrators have provided to Company, or request Company to transmit such Personal Data to another data controller.
As a user, you would need to submit a request via your administrator to request for deletion, opt-out or to receive a copy of your data. If we receive a request directly from you, the same will be forward to the administrator for your team for approval.
To the extent that the processing of Personal Data is based on Consent, Customers have the right to withdraw such Consent at any time by contacting Company’s Data Privacy Officer. Please note that this will not affect Company’s right to process Personal Data obtained prior to the withdrawal of consent, or its right to continue parts of the processing based on other legal basis other than consent.
5.2. We may use third party cookies to track visitor behavior and to improve the quality of our services. However, such cookies will not store any kind of personal information, nor will such information be disclosed to any third party.
5.3. These cookies are intended to be automatically cleared or deleted when the User quits the browser application. User are encouraged to use the “clear cookies” functionality of browser to ensure such clearing / deletion, since it is impossible for us to guarantee, predict or provide for the behavior of system. User have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Users browser and other choices may impact experiences with our products.
5.4. The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal development and maintenance of the Café Milagro Suite and to retarget and re-market Café Milagro and our products to User.
6. Third Party Links
We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the User’s use of them, or the information practices of their operators.
7. Data Security Procedures
7.1. We maintain organizational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake to protect any kind of personal sensitive information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
We adopt market leading security measures to protect Personal Data.
7.2. Regarding use of our Websites, User should understand that the open nature of the internet is such that information and Personal Data flows over networks connecting User to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
8. Retention of Information
We will retain Personal Data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria:
- We retain Data as long as we have an ongoing relationship with our Customer. Once our customers choose to close their accounts, the information is deleted within 30 days of such closure. When you decide to close your account, we delete all personal information about you including any user generated content.
- We will only keep the data while account is active or for as long as needed to provide services.
- We retain data for as long as needed in order to comply with our legal and contractual obligations.
If the Customer wishes to opt- out of receiving non-essential (promotional, marketing-related) communications from us, after setting up an account, they may choose to do so by making such preference changes within the application or by clicking ‘UNSUBSCRIBE’ on any email received.
10. Governing Law