At Starbucks, we approach data and privacy as we approach everything we do: we put people first. We believe that taking care of you includes taking care of your personal data and privacy. Grab a cup of coffee and learn more below.
Last Revised: 15 February 2021
This Starbucks Privacy Statement describes the types of personal data that we collect, how we use it, how and when it is shared, and the choices and rights you have with respect to your personal data. It also explains how we communicate with you and how you can make requests or submit inquiries to us about your personal data. Thank you for taking the time to read and understand our data and privacy related practices.
1. Applicability and Scope
This Privacy Statement ("Statement") applies to the website located at www.starbucks.com.bh and operated by Starbucks EMEA Limited ("Starbucks EMEA") ("Website").
Starbucks EMEA) is the controller in relation to data collected on the Website. In this Statement, the terms "we," "our," or "us" refers to Starbucks EMEA.
2. Updates to this Privacy Statement
This Statement went into effect on the "Last Revised" date noted near the top of this page. This Statement may be updated from time to time. When this is the case, you will be notified of any modifications to this Statement that might materially affect your rights or the way that we use or disclose your personal data prior to the change becoming effective by means of a message e.g., on the Website. We encourage you to look for updates and changes to this Statement by checking the "Last Revised" date when you access the Website and Application.
3. Data We Collect
As you use the Website , we collect data about you and the services you use. The data we collect falls into three main categories: (1) data you voluntarily provide us; (2) data we collect automatically; and (3) data we collect from other sources.
Some examples of when we collect this data include when you browse the Website; or participate in a survey or promotion.
Here you can find a general description which data we collect.
(a) Data You Voluntarily Provide Us
Some data we collect is provided when you use our services, such as when you submit online forms through the Website (where applicable).
You are generally free to provide your personal data and the provision of such data is not necessary to enter into and/or perform a contract,where the provision is necessary.
(b) Data We Collect Automatically
Some data is collected automatically by us or by service providers performing business functions at our direction, including when you access the Website and use the Application (where applicable), open emails we send or click certain links within them, or otherwise interact with our services. For example:
Device Usage and Location Data – We collect certain data using cookies to enable our systems to recognize your browser or device and to provide our services to you. For more information about cookies and how we use them, please refer to the Cookie Notice.
(c) Data We Collect from Other Sources
Some data we collect is from unaffiliated sources, including in some cases data that is publicly available, provided by or purchased from marketing business partners, or present on social media platforms.
4. How We Use Your Personal Data
We use your personal data for business and commercial purposes, including to provide the products and services you may request, to perform customer service functions, for security and fraud prevention, for marketing and promotional purposes, and to perform website analytics.
(a) For our Legitimate Business Purposes. We process certain personal data in our legitimate business interests and in your legitimate interests, for example:
To Communicate With You. We process certain data in order to communicate with you in relation to your accounts, our services, our marketing, and your requests, including to:
- allow users to access and browse the Website
- respond to your customer service inquiries and requests for information;
- post your comments or statements on the Website;
- provide important product safety information and notice of product recalls.
For Research, Development, and Improvement of Our Services. We want to ensure that the Website, and services are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we process certain personal data, including to:
- maintain, improve, and analyze our Website, ads, and the products and services we offer; and
- detect, prevent, or investigate suspicious activity or fraud.
To Enforce our Terms, Agreements, or Policies. To maintain a safe, secure, and trusted environment for you when you use the Website, and other services, we use your personal data to ensure our terms, policies, and agreements with you and any third parties are enforced.
(b) To Comply with Applicable Laws. We are required to process certain personal data under certain laws and regulations as well as to:
- maintain appropriate records for internal administrative purposes as required by applicable law; and
- comply with applicable legal and regulatory obligations such as to provide important product safety information and notice of product recalls), and to respond to lawful governmental requests, as needed.
5. How We Share Your Personal Data
We share your personal data as needed to fulfill the purposes described in this Statement and as permitted by applicable law. This includes sharing between Starbucks EMEA and Alshaya, among affiliated entities for internal business purposes, sharing with service providers to help perform business functions at our direction, sharing with your consent, sharing for marketing purposes, sharing as part of corporate transactions, and sharing to protect lawful interests.
We share personal data in the following circumstances:
(a) When We Work Together – We share data with subsidiaries and affiliated companies for business purposes.
(b) When We Work with Service Providers – We share your personal data with service providers that provide us with support services, such as: Website hosting and management; customer care services (such as assistance with responding to data subject access requests); analytics services; and conducting academic research. We contractually limit these service providers from retaining, using, or disclosing your personal data for any purpose other than performing agreed upon services for us.
(c) When We Work on Business Transactions – If we become involved with a merger, corporate transaction or another situation involving the transfer of some or all of our business assets, we may share your personal data with business entities or people involved in the negotiation or transfer.
(d) When Sharing Helps Us Protect Safety and Lawful Interests – We disclose personal data if we believe that the disclosure is required by law or legal process, if we believe that the disclosure is necessary to enforce our agreements or policies, or if we believe that the disclosure will help us protect our rights, property, health or safety or our customers or partners.
(e) When We Work with Marketing Service Providers – We share data with marketing service providers to assess, develop and provide you with promotions and special offers that may interest you, administer contests, sweepstakes and events or for other promotional purposes.
(f) When You Give Consent – We share data about you with other companies if you give us permission or direct us to share the data, such as in relation to resolution of Website related customer care matters.
(g) When You Post on the Website – If you post data on a blog or another part of the Website (where applicable), the data that you post may be seen by other visitors to the Website, including your user name.
We also share data in a way that does not directly identify you. For example, in some cases we share data about your use of the Website in a manner that does not identify you, for example aggregated data for statistical analysis and other business purposes.
6. Your Choices and Rights
You have control over your Application functionality, cookie settings, and interest-based advertising preferences. You also have certain rights under law.
Under certain circumstances, by law you have the right to (legal limitations or exclusions to these rights may apply):
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.
- Request rectification of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances (e.g., where there is no good reason for us continuing to process it).
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you.
- Request the transfer of your personal data to another party (right to data portability), when possible.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), or where we are processing your personal data for direct marketing purposes.
You can exercise these rights by contacting us as described in the Contact Us section below and specifying which privacy right(s) you wish to exercise. We must verify your identity in order to honor your request, which we will respond to within the local law.
7. How We Protect Your Personal Data
We protect your personal data using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure or modification of your personal data. When you transmit highly sensitive data (such as a credit card number) through the Website or in the Application, we encrypt the transmission of that data using the Secure Sockets Layer (SSL) protocol.
However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including personal data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting any relevant password(s) and maintaining the security of your devices.
8. Retention and Disposal of Your Personal
We store personal data as needed to accomplish the purposes identified in this Statement and to meet legal requirements, including record retention, resolving disputes, and enforcing our agreements. Our retention of your personal data is governed by applicable law. This storage period may extend beyond the term of your relationship with us.
As a general rule, we keep your personal data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your personal data for longer than our specified retention periods to honor your requests or to comply with legal, regulatory, accounting or other obligations. E.g., personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 10 years. If applicable, any other personal data will in principle be deleted 6 years after the termination of the respective related contractual relationship between you and us, if applicable).
When personal data is no longer needed, or in any event, after legal authority to retain it has expired, personal data will be destroyed, in accordance with local law and pursuant to procedures established in relation to the relevant system or process.
10. International Transfers
Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected, In such cases, we will take appropriate steps to ensure an adequate level of data protection of the recipient
11. Contact Us
We welcome your questions, comments and concerns about privacy. You can contact Starbucks EMEA Limited via email at [email protected], or post at Building 7, Chiswick Park, 566 Chiswick High Road, London, UK.
If you have any issues with our compliance, you have the right to lodge a complaint with Starbucks EMEA & Starbucks MENA. We would appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the Contact Us section below. You may also contact the Starbucks EMEA Data Protection Officer ("DPO") at any time at [email protected].