STARBUCKS PRIVACY STATEMENT
At Starbucks, we approach data and privacy as we approach everything we do: we put people first. We believe that taking care of you includes taking care of your data and privacy. Grab a cup of coffee and learn more below.
Last Revised: 16.06.2021
Overview
This Starbucks Privacy Statement describes the types of personal data that we collect, how we use it, how and when it is shared, and the choices and rights you have with respect to your data. It also explains how we communicate with you and how you can make requests or submit inquiries to us about your data. Thank you for taking the time to read and understand our data and privacy related practices.
Contents
You may skip to the specific sections of our Privacy Statement by selecting any of the sections listed below.
1. Applicability and Scope
2. Updates to this Privacy Statement
3. Data We Collect
4. How We Use Your Data
5. How We Share Your Data
6. Starbucks Mobile Application
7. Your Choices and Rights
8. How We Protect Your Data
9. Retention and Disposal of Your Data
10. Children
11. International Transfers
12. Contact Us
1. Applicability and Scope
This Privacy Statement ("Statement") applies to the website located at https://www.starbucks.at/ and operated by Starbucks EMEA Limited (“Starbucks EMEA”) ("Website"), the Starbucks mobile application available at https://www.starbucks.at/ and operated by Starbucks EMEA ("Application"). It also applies to the personal data processed when you visit a Starbucks store in Austria, all of which are operated by Starbucks Coffee (Austria) GmbH (“Starbucks Austria”), ("Stores").
Starbucks EMEA and Starbucks Austria, are (joint) controllers in relation to data collected on the Website, Application and in a Store as further described below and in the Appendix to the Starbucks Privacy Statement.
In this Statement, the terms "we," “our,” or "us" refers to Starbucks EMEA and Starbucks Austria.
2. Updates to this Privacy Statement
This Statement went into effect on the “Last Revised” date noted near the top of this page. This Statement may be updated from time to time. When this is the case, you will be notified of any modifications to this Statement that might materially affect your rights or the way that we use or disclose your personal data prior to the change becoming effective by means of a message e.g., on the Website. We encourage you to look for updates and changes to this Statement by checking the “Last Revised” date when you access the Website and Application.
3. Data We Collect
As you use the Website and Application or visit a Store, we collect data about you and the services you use. The data we collect falls into three main categories: (1) data you voluntarily provide us; (2) data we collect automatically; and (3) data we collect from other sources.
Some examples of when we collect this data include when you browse or make a purchase on the Website or an Application; create a Starbucks account; use the Website or Application to purchase, reload or redeem a Starbucks Card; use the order and pay functionality in the Application; or participate in a survey or promotion.
Here you can find a general description which data we collect. For detailed information on the purposes of the processing, the categories of personal data that is processed, the legal basis of the processing and responsibilities of the controllers, please refer to the Appendix to the Starbucks Privacy Statement.
(a) Data You Voluntarily Provide Us
Some data we collect is provided when you use our services, such as when you create an account, add a Stored Value Starbucks Card, or join the Starbucks Rewards loyalty program; pay for products; or submit online forms through the Website or Application.
You may also choose to permit us to access data directly from your device, such as data in the device’s “contacts list". The term “your device” as used in this Statement refers to any computer, talet, smart phone or other device you are using to access the Website or to operate the Application. For more information about mobile application permissions, please see the Starbucks Mobile Application section below.
You are generally free to provide your personal data and the provision of such data is not necessary to enter into and/or perform a contract, with the exception of Starbucks Card or Starbucks Rewards where the provision is necessary.
(b) Data We Collect Automatically
Some data is collected automatically by us or by service providers performing business functions at our direction, including when you access the Website, download and use the Application, open emails we send or click certain links within them, or otherwise interact with our services. For example:
Purchasing Data – We collect data about your transactions in the Stores, on the Website or via the Application including what products you purchase, how frequently you purchase them, and any Rewards or promotions associated with a purchase.
Device Usage and Location Data – We collect certain data using cookies to enable our systems to recognize your browser or device and to provide our services to you. For more information about cookies and how we use them, please refer to the Appendix to the Starbucks Privacy Statement and read the Cookies Notice.
CCTV Data – Closed circuit video surveillance cameras (“CCTV”) are installed at some of our Stores to monitor building security and assist in crime prevention, detection, and investigation, and to ensure the health and safety of our staff and visitors to our facilities. Further information about CCTV is available in Stores.
(c) Data We Collect from Other Sources
Some data we collect is from unaffiliated sources, including in some cases data that is publicly available, provided by or purchased from marketing business partners, or present on social media platforms.
For example, we may collect data you submit to a blog, a chat room, or a social network like Facebook or Twitter. We may also collect or license data about you from other companies and organizations, such as data aggregators or event or promotion co-sponsors, including to supplement data that we receive from you. In some cases, we receive data about you from affiliated entities, which we handle in accordance with this Statement. By gathering additional data about you, we can correct inaccurate data, enhance the security of your transactions and help prevent fraud, and give you product recommendations and special offers that are more likely to interest you.
4. How We Use Your Data
We use your data for business and commercial purposes, including to provide the products and services you request, to perform customer service functions, for security and fraud prevention, for marketing and promotional purposes, and to perform website and mobile application analytics.
Here you can find general information on the purposes and the legal bases we rely upon to process personal data. For detailed information on the purposes of the processing, the categories of personal data that is processed, the legal basis of the processing and on responsibilities of the controllers, please refer to the Appendix to the Starbucks Privacy Statement.
(a) To Conclude or Perform Our Contract With You. We process certain personal data when you access or use our services, for example, to:
- process your purchases of, or requests for, products and services;
- register and verify user accounts;
- support our loyalty programs, such as Starbucks® Rewards;
- facilitate the functionality of the Website and Application, including payment-related functionality.
If you do not provide certain personal data to us when using our services, we will not be able to perform our contract with you (for example, if you do not provide us with your payment details, we will not be able to complete transactions with you).
(b) For our Legitimate Business Purposes. We process certain personal data in our legitimate business interests and in your legitimate interests, for example:
To Communicate With You. We process certain data in order to communicate with you in relation to your accounts, our services, our marketing, and your requests, including to:
- allow users to access and browse the Website
- communicate with you about orders, purchases, returns, services, accounts, programs, contests, and sweepstakes;
- respond to your customer service inquiries and requests for information;
- post your comments or statements on the Website;
- send you personalized promotions, content, and special offers;
- communicate with you about our brands, products, events, or other promotional purposes; and
- implement your communications preferences, such as sharing data with business partners so that they may email you about their promotions, products and initiatives.
For Research, Development, and Improvement of Our Services. We want to ensure that the Website, Application, and services are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we process certain personal data, including to:
- maintain, improve, and analyze our Website, Application, ads, and the products and services we offer; and
- detect, prevent, or investigate suspicious activity or fraud.
To Enforce our Terms, Agreements, or Policies. To maintain a safe, secure, and trusted environment for you when you use the Website, Application, and other services, we use your personal data to ensure our terms, policies, and agreements with you and any third parties are enforced.
(c) To Comply with Applicable Laws. We are required to process certain personal data under certain laws and regulations, such as tax laws, as well as to:
- maintain appropriate records for internal administrative purposes as required by applicable law; and
- comply with applicable legal and regulatory obligations such as to provide important product safety information and notice of product recalls), and to respond to lawful governmental requests, as needed.
(d) With Your Consent. If we have your consent to do so, we will process certain personal data, including to:
- send you personalized promotions and special offers via email and other electronic means; and/or
- to inform you about our brands, products, events, or other promotional purposes.
You can withdraw your consent at any time by modifying your promotional preferences in your Starbucks user account online, or by contacting us as described in the Contact Us section below. Withdrawing your consent does not affect the lawfulness of the processing prior to the withdrawal.
We do not currently make decisions based solely on automated processing (automated decision-making), including profiling, which produces legal effects or similarly significantly affects you.
5. How We Share Your Data
We share your data as needed to fulfill the purposes described in this Statement and as permitted by applicable law. This includes sharing between Starbucks EMEA and Starbucks Austria, among affiliated entities for internal business purposes, sharing with service providers to help perform business functions at our direction, sharing with your consent, sharing for marketing purposes, sharing as part of corporate transactions, and sharing to protect lawful interests.
We share personal data in the following circumstances:
(a) When We Work Together – We share data with subsidiaries and affiliated companies, including Starbucks Corporation, for fraud monitoring and services and other business purposes. For example, in some cases, we share personal data to administer our loyalty programs, process orders and requests, and expand and promote our product and service offerings.
(b) When We Work with Service Providers – We share your data with service providers that provide us with support services, such as: credit card processing services; Website and Application hosting and management, the platform for our loyalty card; customer care services (such as assistance with responding to data subject access requests); email and postal delivery; location mapping; product and service delivery; fraud monitoring; analytics services; and conducting academic research. We contractually limit these service providers from retaining, using, or disclosing your personal data for any purpose other than performing agreed upon services for us.
(c) When We Work on Business Transactions – If we become involved with a merger, corporate transaction or another situation involving the transfer of some or all of our business assets, we may share your data with business entities or people involved in the negotiation or transfer.
(d) When Sharing Helps Us Protect Safety and Lawful Interests – We disclose personal data if we believe that the disclosure is required by law or legal process, if we believe that the disclosure is necessary to enforce our agreements or policies, or if we believe that the disclosure will help us protect our rights, property, health or safety or our customers or partners.
(e) When We Work with Marketing Service Providers – We share data with marketing service providers to assess, develop and provide you with promotions and special offers that may interest you, administer contests, sweepstakes and events or for other promotional purposes.
(f) When You Give Consent – We share data about you with other companies if you give us permission or direct us to share the data.
(g) When You Post on the Website – If you post data on a blog or another part of the Website, the data that you post may be seen by other visitors to the Website, including your user name.
We also share data in a way that does not directly identify you. For example, in some cases we share data about your use of the Website and Application in a manner that does not identify you, or combine data about the nature or frequency of your transactions with similar data about other people and share the aggregated data for statistical analysis and other business purposes.
6. Starbucks Mobile Application
In certain locations, we may offer the Application for our customers’ use and enjoyment. For more information on the Starbucks® Application for iPhone® or Android™, please visit: https://www.starbucks.at/ or your device’s mobile app store.
Use of the Application entails data collection in accordance with the Data We Collect section above, and includes ways for you (the “User”) to control Application functionality, such as location services, and setting push notification and in-app message preferences.
Here you can find general information on the purposes and the legal bases we rely upon to process personal data. For detailed information on the purposes of the processing, the categories of personal data that is processed, the legal basis of the processing and on the responsibilities of the controllers, please refer to the Appendix to the Starbucks Privacy Statement.
User Data -Through the use of an iOS, Android or other supported hardware device, some functionality of the Application requires the transmission of certain data provided by you, including:
- username and password;
- e-mail address;
- billing address;
- phone number;
- financial data, such as payment card numbers or account numbers;
- data related to a Starbucks stored value card (“Starbucks Card”); and
- GPS location (together, “User Data”).
This User Data is needed in order to purchase products through the Application. You have multiple options to securely and conveniently make your purchase, including:
by using the Application to pay in the same manner as you would pay with a Starbucks Card (“Mobile Payment”).
As described further below, certain optional data is also shared with us through the Application, including:
- advanced analytics data such as location data, diagnostic and usage data, and user interactions;
- location-based data, such as through GPS, Bluetooth-enabled iBeacons, or other location-based technology to enhance the user experience so that you may order ahead, receive directions, and see what is available at nearby Stores; and
- the day and month of your birthday, so that we may recognize you on your special day (we don’t ask for your birth year for this).
To enable the systems to recognize your browser or device and to provide the Application to you, cookies are used. For more information about cookies and how they are used them, please refer to the Appendix to the Starbucks Privacy Statement and read the Cookies Notice.
Controlling Application Functionality
Location Services - In order to use certain Application functionality (such as the in-app Store Locator) you must either (a) enable “location services” in the Application; and/or (b) set the permissions in your mobile device to allow communication of this data. More information about adjusting location services on iOS devices may be found here, and additional information on managing an Android device’s location settings may be found here.
If you use such Application functionality, including location services and voice ordering, you are transmitting User Data to us and/or our agents, and authorize us and/or its agents, to record, process, and store such User Data as necessary for the Application functionality and for purposes described in the Statement. Please see the rest of this Statement for more information about how we may use and store personal data, and how to control the use of your personal data.
User Responsibility
You are solely responsible for maintenance of the confidentiality and security of any User Data which you transmit from or store on a device for purposes of the Application including Mobile Payment and for all transactions and other activities undertaken with any Starbucks Card registered in the your name, whether authorized or unauthorized. You agree to immediately notify Starbucks EMEA of any unauthorized transactions associated with the Application including Mobile Paymentor any other breach of security. Starbucks EMEA shall not be responsible for any losses arising out of the loss or theft of User Data which you transmit from or store on a device or from unauthorized or fraudulent transactions associated with the Application.
Email Communications, Push Notifications, and In-App Messages
The Application allows all users to set preferences for receiving promotional email communications from Starbucks Austria, receiving push notifications on your device, and receiving inbox messages. Please note as well that you may opt-out of receiving email communications at any time by adjusting your Starbucks online account settings as described in the Your Choices and Rights section below, or by clicking the “unsubscribe” link included within any commercial email we send you.
7. Your Choices and Rights
You have control over your promotional communications preferences, Application functionality, cookie settings, and interest-based advertising preferences. You also have certain rights under law.
Promotional Communication Choices
You can opt out of receiving promotional emails and mailings by informing us of your preference at the time you sign up for a Starbucks account, by modifying your promotional preferences online in your account’s profile management section, or by following the “unsubscribe” instructions in the promotional emails we send you. Similarly, you may opt in to receive telephone calls and postal mailings. Please note that if you opt out of receiving promotional communications, Starbucks Austria may still send you transactional communications, including emails about your Starbucks accounts or purchases.
Mobile Functionality – As described in the Starbucks Mobile Application section above, location services, push notifications, and voice transmissions may be adjusted or disabled within your device settings.
For more information on our use of cookies, please read the Cookies Notice.
Under certain circumstances, by law you have the right to (legal limitations or exclusions to these rights may apply):
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
- Request rectification of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances (e.g., where there is no good reason for us continuing to process it).
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you.
- Request the transfer of your personal data to another party (right to data portability), when possible.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), or where we are processing your personal data for direct marketing purposes.
You can exercise these rights by visiting your user account at https://www.starbucks.at/, or by contacting us as described in the Contact Us section below and specifying which GDPR privacy right(s) you wish to exercise. We must verify your identity in order to honor your request, which we will respond to within one month.
8. How We Protect Your Data
We protect your data using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure or modification of your data. When you transmit highly sensitive data (such as a credit card number) through the Website or in the Application, we encrypt the transmission of that data using the Secure Sockets Layer (SSL) protocol.
However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including personal data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting your password(s) and maintaining the security of your devices.
9. Retention and Disposal of Your Data
We store personal data as needed to accomplish the purposes identified in this Statement and to meet legal requirements, including record retention, resolving disputes, and enforcing our agreements. Our retention of your personal data is governed by applicable law. This storage period may extend beyond the term of your relationship with us.
As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal, regulatory, accounting or other obligations. E.g., personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 7 years. If applicable, any other personal data will in principle be deleted 3 years after the termination of the respective related contractual relationship between you and us, if applicable). For more detailed information regarding the actual storage periods please refer to the Appendix to the Starbucks Privacy Statement.
When personal data is no longer needed, or in any event, after legal authority to retain it has expired, personal data will be destroyed, in accordance with local law and pursuant to procedures established in relation to the relevant system or process.
10. Children
We do not intend for the Website or online services to be used by children. If you are a parent or guardian and believe we may have collected data about your child, please contact us immediately as described in the "Contact Us" section of this Statement. For more information, please see our Terms of Use.
11. International Transfers
Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected, and outside of the European Economic Area (EEA) including the United States. In such cases, we will take appropriate steps to ensure an adequate level of data protection of the recipient as required under the GDPR, including by putting in place standard contractual clauses that have been approved by the European Commission. You may obtain a copy of these clauses by contacting our Data Protection Officer (see the Contact Us section below).
12. Contact Us
We welcome your questions, comments and concerns about privacy. You can contact Starbucks EMEA Limited via email at [email protected], or post at Building 7, Chiswick Park, 566 Chiswick High Road, London, UK and Starbucks Austria via email [email protected], telephone +43 1 33 66 33 or post Starbucks Coffee Austria GmbH, Theobaldgasse 20, A-1060 Vienna.
You have a right to submit any rights request to Starbucks EMEA and/or Starbucks Austria, which operates Starbucks stores in Austria, and whoever you submit the request to shall be responsible for dealing with the request and responding to you.
If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority (link). We would appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the Contact Us section below. You may also contact the Starbucks EMEA Data Protection Officer (“DPO”) at any time at [email protected]. You can also contact the DPO of Starbucks Austria at [email protected].