Introduction and Purpose
DRUPA BREWERS is a Colombian company dedicated to the cultivation, processing, and export of single-origin green coffee, with clients and partners across multiple countries. This Privacy Policy describes how we collect, use, store, and protect personal information from individuals who interact with our website, commercial forms, agronomic monitoring platforms, and communication channels.
Our commitment is straightforward: to handle your data with transparency, respect, and full compliance with applicable regulations, including the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA/CPRA), Law 1581 of 2012 and Decree 1377 of 2013 of Colombia, and international best practices for data protection.
By using our website or sharing information with us, you confirm that you have read and understood this policy. If you do not agree with any of its terms, we kindly ask that you refrain from using our services and contact us to address any concerns.
Data We Collect
We collect only the information necessary to provide an appropriate service and to fulfill our commercial obligations. The data we process falls into three categories:
Personal Identifiable Data
Information you provide directly when contacting us, requesting samples, subscribing to communications, or initiating a commercial relationship:
- Full name and, where applicable, business name.
- Email address and phone number.
- Country, city, and shipping or billing address.
- Job title, company, and industry sector (B2B buyers).
- Tax or fiscal identification information when a commercial transaction takes place.
- Content of the messages you send through forms or direct channels.
Technical Data
Information automatically collected when you browse our website:
- IP address and approximate geographic location.
- Device type, operating system, and browser.
- Cookie identifiers and similar technologies.
- Pages visited, time spent, and navigation paths.
- Referring site from which you reached our portal.
Usage and Interaction Data
- Products consulted or samples requested.
- Preferences regarding origin, cup profile, or coffee variety.
- Communication history and commercial requests.
- Open and engagement metrics for our emails.
We do not collect sensitive data (racial origin, religious beliefs, political opinions, biometric or health data) unless strictly necessary and supported by your express consent.
Legal Basis for Processing
We collect and process your personal data only when there is a valid legal basis for doing so. Specifically, we rely on the following grounds:
- Consent: when you voluntarily agree to share your information, for example by subscribing to our newsletter or accepting optional cookies.
- Performance of a contract: when processing is necessary to manage a quotation, export, sample shipment, or commercial relationship.
- Legal obligation: when we are required to keep records to comply with tax, customs, or foreign trade regulations.
- Legitimate interest: when we process data to prevent fraud, improve site security, analyze the performance of our campaigns, or develop our commercial activity, always ensuring that your rights take precedence.
How We Use Your Data
We use the information we collect for the following specific purposes:
- To respond to your requests: answering inquiries, sending quotations, managing sample requests, and coordinating exports.
- To fulfill contractual obligations: processing transactions, issuing invoices, and coordinating international logistics.
- Commercial communication: sharing information about harvests, origin updates, coffee profiles, or industry events, provided you have agreed to receive such communications.
- To improve our website: analyzing visitor behavior to optimize the experience, content, and technical performance.
- Security and fraud prevention: detecting unauthorized access, suspicious activity, or impersonation attempts.
- Regulatory compliance: responding to lawful requests from competent authorities in tax, customs, or consumer protection matters.
We never use your data for purposes other than those described here without first informing you and, where applicable, obtaining your consent.
Sharing With Third Parties
DRUPA BREWERS does not sell, rent, or trade your personal information. However, in order to operate effectively, we may share data with the following third parties under strict confidentiality and security obligations:
- Technology providers: hosting, email, marketing automation, CRM, and web analytics services.
- Logistics and customs operators: international shipping companies, customs agents, and certifying bodies required to complete the export.
- Financial institutions: banks and payment processors for managing international transactions.
- Professional advisors: legal, accounting, and audit firms bound by confidentiality duties.
- Competent authorities: when there is a legal obligation or a formal, duly substantiated request.
International Transfers
Since we operate with clients and suppliers in Europe, Asia, and the Americas, some data may be transferred outside Colombia. In all cases, we ensure that adequate legal mechanisms are in place, such as standard contractual clauses approved by the European Commission, adequacy decisions, or the data subject's informed consent where appropriate.
Information Security
We implement reasonable technical and organizational measures to protect your data against loss, unauthorized access, alteration, or improper disclosure. These measures include:
- Encryption of communications through HTTPS/TLS protocols.
- Storage on servers with restricted access controls and reinforced authentication.
- Regular backups and operational continuity plans.
- Confidentiality agreements with all personnel and providers who access personal information.
- Internal training on best practices for data handling and cybersecurity.
- Periodic vulnerability assessments and security updates.
Although we adopt recognized protection standards, no internet transmission is entirely secure. If you detect any situation that could compromise your data, please notify us immediately through our contact channels.
Your Rights
As the owner of your personal data, you have broad rights that we fully respect, known in different jurisdictions as ARCO rights (Access, Rectification, Cancellation, and Opposition), GDPR rights, or consumer rights under the CCPA:
Right of Access
Request confirmation of whether we process your data and obtain a copy of it.
Right of Rectification
Ask us to correct information that is inaccurate, incomplete, or outdated.
Right to Deletion
Request that we delete your data when it is no longer necessary or when you withdraw consent, unless a legal obligation requires us to retain it.
Right to Object
Object to the processing of your data for commercial or direct marketing purposes at any time.
Right to Data Portability
Receive your data in a structured, commonly used format, or request that we transmit it to another data controller.
Right to Restrict Processing
Ask us to limit the use of your data while a request or complaint is being resolved.
Right Not to Be Subject to Automated Decisions
Request human review of decisions made solely by automated systems that produce significant effects on you.
To exercise any of these rights, please write to the email address listed in the contact section. We will respond within the applicable legal timeframes, which generally do not exceed fifteen (15) business days in Colombia or thirty (30) days under the GDPR. If you believe your request has not been adequately addressed, you may file a complaint with the Superintendencia de Industria y Comercio (Colombia) or with the data protection authority of your jurisdiction.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, and gather metrics that help us optimize content.
| Type | Purpose | Consent |
|---|---|---|
| Strictly Necessary | Essential for site operation and security of your session. | Not required |
| Preference | Store choices such as language or region to personalize your experience. | Required |
| Analytics | Help us understand site usage through aggregated, anonymous statistics. | Required |
| Marketing | Used, where applicable, to display relevant content and measure campaign effectiveness. | Required |
You can accept, reject, or configure the use of cookies through the consent banner when you enter the site, or from your browser settings. Please note that disabling certain cookies may affect the functionality of some sections.
Data Retention
We keep your personal information only for the time necessary to fulfill the purposes described in this policy and to comply with applicable legal obligations:
Once the retention period ends, the data is securely deleted or irreversibly anonymized for statistical purposes.
Contact and Data Controller
If you have questions, concerns, or wish to exercise any of your rights, you can contact us directly:
If our response is not satisfactory, you may contact the Superintendencia de Industria y Comercio of Colombia (www.sic.gov.co) or the data protection authority of your country of residence.
Changes to This Policy
This Privacy Policy may be updated to reflect changes in our practices, in applicable legislation, or in the services we offer. When we make substantial modifications:
- We will publish the updated version on this same page, clearly indicating the date of the most recent change.
- In the case of relevant changes affecting your rights, we will notify you by email or by another reasonable means at least fifteen (15) days before they take effect.
- Where legally required, we will request your consent again for the processing of your data.
We recommend reviewing this policy periodically to stay informed about how we protect your information.