Privacy Policy

In this privacy policy, we, Cold Brew Crew KlG, (hereinafter "Cold Brew Crew"), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation conditions, and similar documents may govern specific matters. Personal data includes all information related to an identified or identifiable person.

If you provide us with personal data of other individuals (e.g., family members, work colleagues), please ensure that they are aware of this privacy policy and that you are authorized to share their data with us, ensuring that the information provided is accurate.

This privacy policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA"), and the revised Swiss Data Protection Act ("revDPA"). Whether and to what extent these laws apply depends on the individual case and the legal scope of application.

Controller

The entity responsible for the data processing described herein is Cold Brew Crew KlG. If you have any privacy-related concerns, you may contact us at the following address: Cold Brew Crew KlG,  Waldenburgerstrasse 32, 4052 Basel, info@coldbrewcrew.ch.

Collection and Processing of Personal Data

We primarily process personal data that we obtain from our customers and other business partners in the course of our business relationships or that we collect from users of our websites, apps, and other applications. Additionally, we may obtain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, media, and the internet) or receive such data from authorities or third parties.

In addition to data you provide directly, categories of personal data we receive from third parties may include information from public registers, data related to administrative and legal proceedings, details regarding your professional roles and activities (e.g., to facilitate business transactions with your employer), correspondence and interactions with third parties, creditworthiness data, information provided by individuals in your environment (e.g., family members, advisors, legal representatives), references, delivery addresses, authorizations, compliance-related information (e.g., anti-money laundering measures), and data related to transactions and services used (e.g., payments, purchases). We may also collect information from media and online sources where relevant, such as during applications, press monitoring, or marketing activities. Additionally, we process data related to the use of our website (e.g., IP addresses, MAC addresses, device information, settings, cookies, visit timestamps, accessed pages, referring websites, and location data).

Purposes of Data Processing and Legal Bases

We process the personal data we collect primarily to fulfill our contractual obligations with our customers and business partners, particularly in relation to the sale of cider and the procurement of goods and services from suppliers and subcontractors, as well as to comply with legal obligations domestically and abroad.

Additionally, we process personal data for the following purposes, where permitted and where we have a legitimate interest:

  • Offering and improving our services, websites, apps, and other platforms;

  • Communication with third parties and handling their inquiries (e.g., job applications, media inquiries);

  • Evaluating and optimizing customer engagement strategies;

  • Marketing and advertising (including event organization), provided you have not objected to such use;

  • Market and opinion research, media monitoring;

  • Asserting and defending legal claims;

  • Preventing and investigating criminal activities (e.g., fraud detection);

  • Ensuring operational security, particularly for IT systems, websites, apps, and other platforms;

  • Implementing security measures such as access controls and surveillance;

  • Corporate transactions, such as mergers and acquisitions.

If you have given consent for specific data processing activities (e.g., signing up for newsletters, background checks), we process your data based on that consent, unless another legal basis applies. You may revoke consent at any time, but this does not affect prior data processing.

Cookies, Tracking, and Other Website Technologies

Data Sharing and International Transfers

In the course of our business activities, we may disclose personal data to third parties, either because they process the data on our behalf or because they require it for their own purposes. Such recipients may include:

  • Service providers, including data processors (e.g., IT providers);

  • Vendors, suppliers, subcontractors, and other business partners;

  • Customers;

  • Authorities, courts, and governmental agencies;

  • Media outlets;

  • The public, including website and social media visitors;

  • Competitors, industry organizations, associations, and advisory bodies;

  • Other parties in legal proceedings.

These recipients may be located within Switzerland or abroad, including in countries where Cold Brew Crew has a presence or where our service providers operate (e.g., Europe, the USA). If data is transferred to a country without adequate legal protection, we ensure compliance through contractual safeguards (e.g., EU standard contractual clauses) or rely on legal exceptions (e.g., consent, necessity for contract execution, legal claims, or public interest).

Retention Period

We retain personal data for as long as necessary to fulfill contractual and legal obligations, or as required for business purposes, including evidence and documentation. Data may be retained beyond the business relationship for legal claims, compliance obligations, or legitimate business interests. Once data is no longer needed, it is deleted or anonymized, subject to shorter retention periods for operational data (e.g., system logs, typically kept for 12 months or less).

Data Security

We implement appropriate technical and organizational security measures to protect personal data from unauthorized access and misuse.

Obligation to Provide Personal Data

In the context of our business relationship, you must provide personal data necessary for establishing and fulfilling contracts. Without this data, we may not be able to enter into or execute contracts. Website use may also require certain data, such as IP addresses, for functionality and security reasons.

Profiling and Automated Decision-Making

We may process personal data automatically to assess specific personal aspects (profiling). This helps us provide targeted product recommendations and services. We use analytics tools for personalized communication, marketing, and market research.

Data Subject Rights

Under applicable data protection laws (e.g., GDPR), you may have rights to access, rectify, delete, or restrict data processing, object to processing (particularly for direct marketing), and request data portability. Please note that we may impose legal restrictions on these rights, for example, where data retention is required by law or for legitimate interests.

If exercising your rights incurs costs, we will inform you in advance. The exercise of these rights may conflict with contractual obligations, potentially leading to early contract termination or additional costs. Proof of identity (e.g., a copy of an ID) may be required to process such requests.

To exercise your rights, contact us at the address provided in Section 1. You also have the right to file a complaint with a supervisory authority. In Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Changes to the Privacy Policy

We may update this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of significant changes via email or other appropriate means.

Version as of February 21, 2025.