Privacy policy

1. Introduction

At Nektar, legally incorporated as NEKTAR COFFEE ROASTERS INC. ("we," "our," or "us"), we place great importance on your privacy and the protection of your personal data. As part of this commitment, we have implemented processes on our website to obtain your informed and explicit consent whenever you share personal data with us.

 

This Privacy Policy ("Policy") outlines our privacy practices for the activities described below. In accordance with your rights, we inform you of how we collect, store, access, and otherwise process information relating to individuals. In this Policy, "Personal Data" refers to any information that, alone or in combination with other available information, can identify an individual.

 

We are committed to protecting your privacy in compliance with the highest levels of regulation. As such, we adhere to the obligations outlined in the following regulations:

  • Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and applicable provincial laws;
  • Act Respecting the Protection of Personal Information in the Private Sector (Loi 25) of Quebec;
  • California's Consumer Protection Act (CCPA) / California Privacy Rights Act (CPRA) and California Online Privacy Protection Act (CalOPPA);
  • Colorado Privacy Act (CPA);
  • Utah Consumer Privacy Act (UCPA);
  • Connecticut Data Privacy Act (CTDPA);
  • Virginia Consumer Data Protection Act (VCDPA).

 

Scope

This Policy applies to the websites, domains, applications, services, and products of Nektar.

This Policy does not apply to third-party applications, websites, products, services, or platforms that may be accessed via links not hosted by Nektar that we provide for your convenience. These sites are independently owned and operated and have their own distinct privacy and data collection practices. Any Personal Data you provide to these sites will be governed by the third party's privacy policy. We cannot accept responsibility for the actions or policies of these independent sites, nor are we responsible for their content or privacy practices.

 

Processing activities

This Policy applies when you interact with us by performing any of the following actions:

  • Using our applications and services as an authorized user;
  • Visiting any of our websites that refer to this Privacy Policy;
  • Receiving communications from us, including newsletters, emails, calls, or texts/SMS.

 

2. Personal Data we collect

Types of Personal Data we collect

When you make a purchase or attempt to make a purchase, we collect the following types of Personal Data:

  • Account information such as your name, email address, and password;
  • Payment information such as your billing address, phone number, credit/debit card details, or other payment methods;
  • Purchase details, including customization or unique purchase information;
  • Location data.

When you use our products and/or features, including our website, we collect the following types of Personal Data:

  • Account information such as your name, email address, and password;
  • Information about past purchases, including customized or unique items;
  • Mobile device identifiers such as brand, model, IMEI, and phone number;
  • Location data;
  • Feedback, such as customer support or product reviews;
  • Content such as messages, comments, audio files, or documents.

 

How we collect your Personal Data

We collect Personal Data from various sources:

-          From you. You may provide us with your account information, payment details, financial information, demographic data, purchase details, content, feedback, and product-related information. These data may be shared with us in various situations, including but not limited to:

  • Create an account or purchase products on our website;
  • Use our products or services;
  • Create content through our products or services;
  • Express interest in our products or services;
  • Subscribe to our newsletter;
  • Complete a voluntary market survey;
  • Contact us with inquiries or to report a problem (via phone, email, social media, or messaging services);
  • Connect to our website through social media platforms;
  • Fill out forms.

 

-          Through automated technologies or interactions. When you interact with our website, we may automatically collect the following types of data. These data are collected using cookies, server logs, and other similar technologies. Please refer to our Cookies section (below) for more details.

  • Device data regarding your equipment;
  • Usage data related to your actions and browsing habits;
  • Contact data when tasks performed on our website remain incomplete, such as unfinished orders or abandoned carts. These data are collected using cookies, server logs, and other similar technologies. Please refer to our Cookies section (below) for more details.

 

-          Through third parties. We may receive Personal Data about you from various third parties, including:

  • Account and payment information from another person when they purchase a gift for you on our website;
  • Device and usage data from third parties, including analytics service providers such as Google;
  • Account information and payment data from social media platforms when you log into our website using these platforms;
  • Content from communication services, including email providers and social media platforms, when you grant us permission to access your data on these services or networks;
  • Account information and payment data from third parties, including organizations (such as law enforcement agencies), associations, and groups, which share data for fraud prevention, detection, and credit risk reduction purposes; and
  • Account information, payment data, and financial data from technical, payment, and delivery service providers.

 

If you provide us, or our service providers, with Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that such data will be used in accordance with this Policy. If you believe that your Personal Data has been provided to us inappropriately, or to otherwise exercise your rights regarding your Personal Data, please contact us using the information provided in the "Contact Us" section below.

 

Device and usage data

When you visit a Nektar website, we automatically collect and store information about your visit using browser cookies (files we send to your computer) or similar technology. We use the Axeptio tool to ensure that cookies are launched only after obtaining your consent. You can click on "Click here to modify your cookie preferences" at the bottom of the page to change your cookie consent settings. You can also configure your browser to refuse all cookies or notify you when a cookie is sent. The help function of most browsers provides information on how to accept cookies, disable them, or be alerted when a new cookie is received. If you do not accept cookies, you may not be able to use certain features of our Service, and we recommend keeping them enabled.

We also process information when you use our services and products. This information may include:

  • Login information
  • IP address
  • Timestamps
  • Location information
  • Individual products you view
  • Web terms or searches that led you to the site
  • Time zone

 

Data we collect from third parties

We may receive your Personal Data from third parties such as companies subscribing to Nektar services, partners, and other sources. These Personal Data are not collected by us but by a third party and are subject to the third party's separate privacy and data collection policies. We have no control over or influence on how your Personal Data is processed by these third parties. As always, you have the right to review and rectify this information. If you have questions, you should first contact the relevant third party for further information about your Personal Data. If the third party does not address your rights, you may contact the Data Protection Officer at Nektar (contact details provided at the end of this Policy).

Our websites and services may contain links to other websites, applications, and services operated by third parties. The information practices of these other services or the social media networks hosting our branded social media pages are governed by the third parties' privacy statements, which you should review to better understand their privacy practices.

 

Purpose and legal basis for processing your Personal Data

We collect and use your Personal Data with your consent to provide, maintain, and develop our products and services and to understand how to improve them.

These purposes include:

  • To deliver your product or service;
  • To fulfill orders, including electronic and non-electronic deliveries;
  • To create a safe and secure environment;
  • To verify or authenticate your identity;
  • To investigate and prevent security incidents such as breaches, attacks, and hacks;
  • To provide, develop, and improve our products and services;
  • To deliver, maintain, debug, and optimize our products and services;
  • To allow you to access Nektar services and create accounts.

When we process your Personal Data to provide a product or service, we do so because it is necessary to fulfill contractual obligations. All of the aforementioned processing activities are required as part of our legitimate interests to provide products and services, maintain our relationship with you, and protect our business, for example, against fraud. Consent will be required to initiate services with you. New consent will be required if there are changes to the type of data collected. Under the terms of our contract, if you do not provide your consent, certain services may not be available to you.

 

We also use your Personal Data for the following secondary purposes, provided that you have given us your explicit consent beforehand:

  • To organize and deliver advertising and marketing;
  • To send you newsletters and other marketing communications about current and future products, programs, and services, as well as events, contests, surveys, and promotions that we organize or host on our behalf;
  • To organize events, register participants, and schedule meetings for events;
  • To communicate with you about Products and Services.

 

Third Parties

We use the following third-party tools to store your information:

  • Easy Reports
  • Funnel.io
  • Klaviyo
  • Recharge Subscriptions
  • ShipStation
  • Shopify
  • Simplio
  • Tidio
  • ViralSweep Giveaways Contests
  • Zapier

 

International Data Transfer and Storage

Where possible, we store and process data on servers located in the general geographic region where you reside (note: this may not be in the country where you reside). Your Personal Data may also be transferred to and stored on servers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. We will take appropriate measures to ensure that your Personal Data is processed securely and in accordance with this Policy as well as applicable data protection laws. You can find more information about these clauses here: https://eur-lex.europa.eu/legal-content/fr/TXT/?uri=CELEX%3A32021D0914

 

Sharing and disclosure

We will only share your Personal Data with third parties as described in this Policy or as defined at the time of data collection.

Our online store is powered by Shopify. You can learn more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy

We also use Google Analytics to help us understand how our customers use the site. You can learn more about how Google uses your Personal Data here: https://www.google.com/intl/en/policies/privacy/

You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=en

We may also use your Personal Data to provide you with targeted marketing through advertisements or communications (such as newsletters).

For more information about how targeted advertising works, you can visit the educational page of the Network Advertising Initiative (NAI) at: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work

Additionally, you can opt out of certain services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/

 

Legal requirements

We may use or disclose your Personal Data to comply with a legal obligation, in response to a request from a public or governmental authority, or in connection with a judicial or court proceeding, to prevent any loss of life or injury, or to protect our rights or property. When possible and practical, we will notify you in advance of such disclosure.

 

Service providers and other third parties

We may engage third-party service providers, independent contractors, agencies, or consultants to deliver and help us improve our products and services. We may share your Personal Data with marketing agencies, database service providers, backup and disaster recovery providers, email service providers, and others, but only to maintain and enhance our products and services. For more information about the recipients of your Personal Data, please contact us using the information provided in the "Contact Us" section below.

 

 

3. Cookies

What are cookies?

A cookie is a small file containing information that your browser stores on your device. The information in this file is typically shared with the website owner as well as potential partners and third parties associated with the business. Collecting this information may be used for the operation of the website and/or to enhance your experience.

 

How we use cookies

We use cookies to provide you with the best possible experience. Our cookies are divided into different categories to allow you to easily select your preferences. Using Axeptio, you can explicitly consent to all our cookies, only certain categories, or only specific cookies within each category. To make your selection, you can click on "Click here to modify your cookie preferences" at the bottom of the page to change your cookie consent settings. Cookies will not be activated until you have explicitly given your consent for them. You can refuse all non-essential cookies (everything except Strictly Necessary cookies) without affecting access to the essential functions of Nektar's website. Below are the different categories of cookies:

·         Strictly Necessary – As a web application, we require certain essential cookies to operate our service. These are purely technical and functional cookies that cannot be disabled.

·         Emailing Tools – Our site hosts subscription forms for email services to send marketing emails. These email services use pixels to track visitors and analyze the performance of sent emails, as well as to identify viewed products.

·         Social Media – Our site hosts social media cookies to share interesting and relevant content on social media platforms.

·         Statistics and Audience – Our site hosts analytical cookies that allow us to track visitor activities and build advertising audiences.

·         Experience and Relationship – Our site hosts cookies that save user preferences to display relevant content on the site.

·         Personalized Ads – Our site hosts cookies that tailor ads to user profiles and actions taken on our site after leaving it.

·         Chat & Support – Our site hosts cookies that enable smoother discussions via live chat by identifying customer profiles and products purchased or viewed, making it easier for our team to process requests.

·         Customer Relationship – Our site hosts cookies that allow us to qualify received leads more precisely and efficiently within our CRM tools.

·         Marketing – Our site hosts cookies that help deliver interesting and relevant content through marketing actions directed at users after leaving our site.

·         Performance & Monitoring – Our site hosts third-party cookies to monitor site performance and errors, allowing us to correct them more efficiently.

·         A/B Testing – Our site tests different configurations to improve performance. To do this, it hosts cookies that ensure consistency across visits to derive better insights from these tests.

 

How to control your cookies

As long as the cookie is not strictly necessary, you can accept or refuse the use of cookies at any time. To modify how we collect information about you, visit our Cookie Manager by clicking on the icon in the bottom left corner of each page.

 

We will retain your Personal Data only for as long as necessary to achieve the purpose for which it was collected and as required by applicable law. Once we no longer need the Personal Data, we will delete it from our systems and/or take measures to anonymize it.

 

Here are some examples of typical retention periods before Personal Data is deleted:

 

·         Transaction Data (purchases, payments) – 7 years, in compliance with tax and accounting obligations in Canada and Quebec.

·         Customer Account Data – 3 years after account closure, to allow for follow-up on the customer relationship or in case of claims.

·         Marketing Data – Until consent is withdrawn or 2 years after the user’s last interaction.

·         HR Application Data – Immediately after the decision, or up to 1 year after the decision if retained for future opportunities.

·         Browsing Data and Cookies – Between the end of the session (temporary cookies) and 6 months (persistent cookies) after the session.

 

5. Merger or acquisition

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will notify you before your personal information is transferred and subject to a different privacy policy. In certain circumstances, we may be required to disclose your personal information if the law demands it or in response to valid requests from public authorities (e.g., a court or government agency).

 

6. How we ensure the security of your Personal Data

We have implemented organizational safeguards and appropriate security measures to protect your personal data from accidental loss, unauthorized use or access, modification, or disclosure.

 

Communication between your browser and our website uses a secure encrypted connection whenever your personal data is involved.

 

We require any third party contracted to process your personal data on our behalf to implement security measures to protect your data and to handle it in compliance with the law.

 

In the unfortunate event of a data breach compromising your personal data, you will be informed within a maximum of 72 hours, in accordance with Loi 25. We will also notify any applicable regulatory bodies when legally required to do so.

 

7. Your rights regarding your Personal Data

All our users have the following rights concerning their Personal Data, regardless of their geographic location or citizenship. These rights are equal to or exceed those provided under the regulations listed in Article 1 of this Policy.

  • Right of Access – You have the right to know whether we process your Personal Data and to request a copy of the Personal Data we process about you.
  • Right to Rectification – You have the right to have incomplete or inaccurate Personal Data we process about you corrected.
  • Right to Erasure / Right to Be Forgotten – You have the right to request that we erase the Personal Data we process about you, except where we must retain this data to comply with a legal obligation or to establish, exercise, or defend legal claims.
  • Right to Data Portability – You have the right to obtain the Personal Data we hold about you in a structured electronic format and to transfer this Personal Data to another data controller, where this concerns (a) Personal Data you have provided to us, and (b) if we process this data based on your consent or to perform a contract with you or the third party subscribing to the services. We may require identity verification before providing a copy of the Personal Data we hold.
  • Right to Opt-Out – You have the right to opt-out of the processing of your Personal Data for: (1) targeted advertising; (2) the sale of Personal Data; and/or (3) profiling for decisions that produce legal effects or similarly significant impacts on you. Under the CPRA, you also have the right to opt-out of the sharing of your Personal Data with third parties and our use and disclosure of your sensitive Personal Data for purposes beyond what is reasonably expected for providing products and services. To exercise this right, please use the Axeptio banner to manage your consent. To access this banner, click on "Click here to modify your cookie preferences" at the bottom of the page.
  • Right to Non-Discrimination and Non-Retaliation – You have the right not to be denied a service or experience adverse effects for exercising your rights.
  • Right to Appeal – You have the right to file an appeal based on our response to the exercise of any of these rights. If you disagree with how we resolve the appeal, you have the right to contact the Attorney General at the following location:
    • If you are based in Colorado, please visit this website to file a complaint.

    • If you are based in Virginia, please visit this website to file a complaint.

    • If you are based in Connecticut, please visit this website to file a complaint.

 

Withdrawal of consent

If you have consented to the processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge, for example, if you wish to opt out of receiving marketing messages from us. If you wish to withdraw your consent, please contact us using the information provided at the bottom of this page.

 

How to exercise your rights

You can request to exercise any of these rights concerning your personal data by submitting your request to our privacy team using the form provided below.

For your privacy and security, we may, at our discretion, require you to verify your identity before providing the requested information.

 

8. Changes

We may update this Policy at any time. If we make changes to this Policy, we will publish an updated version on this website. When you use our services, you will be prompted to review and accept our Privacy Policy. This allows us to record your acceptance and inform you of any future changes to this Policy.

 

9. Contact us

In accordance with the Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (Loi 25), Nektar has appointed a Data Protection Officer (DPO). You may contact them for any questions regarding this Policy or to exercise your rights at the following address:

 

Last updated: December 30, 2024