Privacy policy & Cookies

Data Controller

The Data Controller of personal data processed through the coffeebi.com website is:

  • Name: EuroEuro s.r.l. – CoffeeBI brand
  • Registered office: Via Messina 47, 20154, Milan, Italy
  • VAT number: IT-03885410963
  • Privacy contact e-mail: [email protected]
  • Phone: +39 02 80887843

CoffeeBI is a brand of EuroEuro s.r.l., an independent consulting firm specializing in business intelligence and analytics for the coffee industry.

EU Representative (if required): Marcello Peluso ([email protected])

Data Protection Officer (DPO): Marcello Peluso ([email protected])

The website primarily targets users located in the European Economic Area and processes personal data in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.

Categories of personal data processed

Data provided directly by the user

When using CoffeeBI’s services, you may voluntarily provide certain personal data, including:

  • Identification and contact data: first name, last name, e-mail address, company, job title, country, phone number and similar details, depending on the forms you fill in.
  • Professional data: industry, company type, content preferences and business interests related to the coffee sector.
  • Billing and payment data (if you purchase reports, services or subscriptions): billing address, VAT number, and payment data processed by third-party payment providers (Stripe, PayPal)
  • Content of communications: messages sent via contact forms, commercial requests, partnership proposals, support requests, comments and any other information you decide to share.

Providing some data may be necessary to deliver the requested services; if you do not provide such data, CoffeeBI may not be able to fulfil your request.

Data collected automatically while browsing

While you browse coffeebi.com, certain technical and usage data are collected automatically, including:

  • IP address.
  • Information about your browser and device (user agent, operating system, screen resolution, language, etc.).
  • Log data: visited pages, date and time of access, time spent on pages, referring URL (referrer) and interactions with the website.
  • Information related to cookie consent and tracking preferences, managed via the consent management platform (Complianz).

These data are mainly collected through cookies and similar technologies, as described in the Cookie Policy and in the cookie banner.

Purposes and legal bases of processing

Personal data are processed for the following purposes and legal bases:

  1. Provision of website services
    • To enable navigation on the website, access to content, download of materials, registration to events, creation of accounts (if available), and use of CoffeeBI’s business intelligence and market insights services for the coffee industry.
    • Legal basis: performance of a contract or pre-contractual measures under Article 6(1)(b) GDPR.
  2. Handling contact and support requests
    • To respond to information requests, quotes, collaborations, partnerships, media enquiries and support questions sent via contact forms or other channels.
    • Legal basis: performance of pre-contractual measures and/or the Controller’s legitimate interest in managing communications with users and prospects (Article 6(1)(b) and 6(1)(f) GDPR).
  3. Newsletter, informational and marketing communications
    • To send newsletters, reports, market updates, event invitations, webinars, offers and editorial content related to CoffeeBI and the coffee industry.
    • Legal basis: the user’s consent (Article 6(1)(a) GDPR), given through dedicated subscription forms or via the consent banner, which can be withdrawn at any time (for example by using the “unsubscribe” link included in every e-mail).
  4. Customer, partner and contract management
    • To manage customers, business partners and suppliers, including orders, subscriptions, access to premium content, invoicing, accounting and compliance with tax and regulatory obligations.
    • Legal basis: performance of a contract and legal obligations (Article 6(1)(b) and 6(1)(c) GDPR).
  5. Analytics and website improvement
    • To use statistical and analytics tools (preferably privacy-friendly or configured with IP anonymization) in order to measure traffic, understand how the website is used and improve content, performance, usability and the service offering.
    • Legal basis: the Controller’s legitimate interest (Article 6(1)(f) GDPR) or consent, when required via the cookie banner, depending on the tools implemented and the configuration within Complianz. {specify the analytics tools you actually use, e.g. Google Analytics 4, Matomo, Burst Statistics, etc.}
  6. Website security and prevention of abuse
    • To prevent fraudulent activities, unauthorized access, spam and cyber-attacks, by means of system logs, firewalls, anti-spam systems and other security tools.
    • Legal basis: the Controller’s legitimate interest in ensuring network and information security (Article 6(1)(f) GDPR).
  7. Compliance with legal obligations and legal defence
    • To comply with legal obligations and requests from public authorities, and to establish, exercise or defend legal claims in court or in out-of-court proceedings.
    • Legal basis: legal obligation (Article 6(1)(c) GDPR) and the Controller’s legitimate interest (Article 6(1)(f) GDPR).

Cookies and similar technologies

This website uses technical, statistical and, where configured, profiling or third-party cookies (for example for advanced analytics, advertising or social media integrations).

  • Technical cookies are necessary for the proper functioning of the website and do not require the user’s consent.
  • Non-technical cookies (e.g. advanced statistics, marketing, social media) are installed only after the user has given consent through the banner managed by Complianz.
  • You can change your cookie preferences at any time by using the “Manage consent” / “Cookie settings” link available in the footer of the website or via the options offered by Complianz.

For more information on the types of cookies used, their purposes and retention periods, please refer to the dedicated Cookie Policy.

Methods of processing and security measures

Personal data are processed using electronic and/or telematic tools, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation and integrity.

The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction, including for example:

  • server and CMS security configurations, periodic updates and backups;
  • access control procedures and management of user credentials;
  • pseudonymisation or anonymisation of data for statistics and reporting purposes, where possible.

Recipients and categories of third parties

Personal data may be disclosed to third parties acting as Data Processors (Article 28 GDPR) or as independent data controllers, including:

  • Hosting and IT infrastructure providers: service providers hosting the coffeebi.com website and related databases. (Aruba, Italy)
  • Newsletter and e-mail marketing providers: platforms that manage mailing lists and send email communications (Mailchimp).
  • Analytics and tracking providers: e.g. Google Analytics, configured according to the privacy settings adopted.
  • Payment service providers: Stripe, PayPa, which process payment data as independent controllers or processors, according to their own terms.
  • Professional advisors: law firms, tax and accounting consultants, and other professionals assisting CoffeeBI with legal, administrative and tax obligations.
  • Affiliated companies or business partners: in the context of joint research projects or business initiatives in the coffee industry, limited to the purposes described and in compliance with the applicable legal bases (and, where necessary, based on the user’s consent).

An updated list of Data Processors can be requested from the Controller using the contact details provided above.

Transfers of personal data outside the EEA

Some service providers may be located or may process data outside the European Economic Area. In such cases, data transfers will take place in compliance with Chapter V of the GDPR, i.e.:

  • to countries for which the European Commission has issued an adequacy decision, or
  • on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission, or
  • on the basis of other appropriate safeguards.

Specific information on international transfers related to individual services (e.g. e-mail marketing, analytics or payment providers) is available in the privacy policies of those providers and can also be requested from the Controller.

Data retention periods

Personal data are retained only for as long as necessary to achieve the purposes for which they were collected, without prejudice to longer retention periods where required by law or where necessary to protect or enforce legal rights. In particular:

  • Contact and enquiry data: retained for the time necessary to process the request and, in any case, for no longer than 12 months from the last meaningful interaction.
  • Newsletter and marketing data: retained until the user withdraws consent or requests deletion (unsubscribe), without prejudice to limited retention for compliance and proof of consent management.
  • Contract and billing data: retained for the entire duration of the contractual relationship and for the statutory retention periods required under tax and civil law (typically up to 10 years).
  • Browsing data and system logs: retained for periods compatible with security and operational needs of the website, usually no longer than 12 months, unless longer retention is required by law or by a public authority.

After the retention periods have expired, personal data will be deleted, anonymised or aggregated in such a way that individuals can no longer be identified.

Data subject rights

Under the GDPR, you have the following rights:

  • Right of access: to obtain confirmation as to whether personal data concerning you are being processed and to access such data.
  • Right to rectification: to obtain correction of inaccurate personal data and completion of incomplete data.
  • Right to erasure (“right to be forgotten”): to request deletion of personal data in certain circumstances.
  • Right to restriction of processing: to request that processing be restricted in specific cases.
  • Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller, where technically feasible.
  • Right to object: to object at any time, on grounds relating to your particular situation, to processing based on the Controller’s legitimate interest; you also have the right to object at any time to processing of your personal data for direct marketing purposes (including profiling for such purposes).
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise your rights, you can contact the Controller at:

  • E-mail: [email protected]
  • Postal address: EuroEuro s.r.l. – CoffeeBI brand, Via Messina 47, 20154, Milan, Italy

You also have the right to lodge a complaint with the competent Supervisory Authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. In Italy, the Supervisory Authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

Children’s data

CoffeeBI’s services are not intentionally directed to children under 18 years of age.

If the Controller becomes aware that personal data of children have been collected without verifiable parental consent, reasonable steps will be taken to delete such information as soon as possible.

Links to third‑party websites

The coffeebi.com website may contain links to third-party websites, content or services (for example, partners’ websites, payment platforms, social networks, event registration tools or external marketplaces).

These websites are operated independently by third parties and are governed by their own privacy policies, which you are encouraged to review. The Controller is not responsible for how such external websites handle personal data.

Changes to this Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time, for example to reflect changes in the law, in the services offered or in technical developments.

Changes will be published on this page and, where appropriate, may be notified by a specific notice (for example, via a banner, a notice on the website or an e-mail communication, when technically and legally feasible).

  • Date of last update: 28.12.2025