1. Controller
Kaffee-Automat GbR
(Civil law partnership under German law)
Bachemer Str. 190, 50935 Köln
Email info@kaffee-automat.io
Phone: +49 170 813 853 4
Partners: Tom Großgart, Jan Lars Wapelhorst
No Data Protection Officer has been appointed, as the statutory requirements are not met. For data protection inquiries, please contact us at the address above.
2. Hosting and Server Log Files
This website is hosted by Strato AG, Berlin, Germany. Each time the website is accessed, server log files are automatically collected: pages accessed, date and time of access, volume of data transferred, browser type and version, operating system, referrer URL, and anonymized IP address. This data cannot be attributed to specific individuals and is used solely to ensure uninterrupted operation.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of the website). Log files are automatically deleted after 7 days.
A data processing agreement pursuant to Art. 28 GDPR has been concluded with Strato AG. Data processing takes place on servers in Germany.
3. Registration and User Account
Use of the platform requires registration. The following data is collected: company name, contact person (name, email address), location, details of roasting capacities or roasting requirements, and a self-chosen password.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures). Data is stored for as long as the user account exists. After deletion of the account, data is erased within 30 days, unless statutory retention obligations apply.
4. Profile Pages
Business data entered in the profile (capacities, machine type, location, prices, packaging options) is displayed on the platform and visible to other registered users. This serves the purpose of discoverability and matchmaking.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Users may edit or delete their profile at any time via account settings.
5. Contact and Messages
When you contact us by email or use the platform's internal messaging system, the data you provide (name, email, message content) is stored to process your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Data is deleted once the purpose of storage no longer applies, no later than 3 years after last contact.
6. Payment Processing via Stripe
For payment processing on the platform, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
During payment transactions, the payment data you enter (e.g. credit card number, IBAN, account holder name) is transmitted directly to Stripe. The platform operator does not store complete payment data. Stripe processes this data independently for payment execution, fraud prevention, and compliance with statutory obligations (e.g. anti-money laundering).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Where Stripe processes data beyond contract performance (e.g. fraud prevention), Stripe acts as an independent controller. Additionally, a data processing agreement pursuant to Art. 28 GDPR has been concluded with Stripe for transaction processing.
Stripe is certified under the EU-U.S. Data Privacy Framework. For further information on data processing by Stripe, please refer to Stripe's privacy policy at https://stripe.com/privacy.
7. Cookies
This website uses only technically necessary cookies required for the operation of the platform: session cookies (login status, language settings), a cookie to store your cookie preferences, and where applicable, cookies technically required for the Stripe payment process.
Legal basis: Section 25(2) TDDDG (technical necessity). Consent is not required for technically necessary cookies. No analytics, tracking, or marketing cookies are used.
8. Disclosure to Third Parties
Personal data is generally not disclosed to third parties unless this is required for contract performance, you have given explicit consent, or a statutory obligation exists.
Service providers currently in use:
• Strato AG, Berlin, Germany (hosting, servers in Germany, DPA concluded)
• Stripe Payments Europe, Ltd., Dublin, Ireland (payment processing, partly independent controller, partly processor, DPA concluded, EU-U.S. Data Privacy Framework certified)
9. Data Security
Your data is transmitted using SSL/TLS encryption. We implement appropriate technical and organizational measures to protect your data against loss, destruction, unauthorized access, alteration, or distribution.
10. Your Rights
You have the following rights regarding your personal data: access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection to processing (Art. 21 GDPR).
To exercise your rights, please contact: info@kaffee-automat.io
Supervisory authority: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, https://www.ldi.nrw.de
11. Last Updated
April 2026. We reserve the right to amend this privacy policy to reflect changes in the legal framework or in our data processing activities.