Cafeology Limited (we) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulation, and any replacement or amending legislation of that legislation (altogether referred to as the “Legislation”), the data controller is Cafeology Limited, a company registered in England and Wales under company number 4969126, with its registered office at 63 Cedar House, Napier Street, Sheffield S11 8HA.
If you have any questions or comments on the information contained in this document, please contact the Customer Service Team using the contact details given in section 7 below.
Personal data we collect from you
Over the course of your interaction with us via our website (cafeology.com) and online shop (store.cafeology.com) (together referred to as the “Sites”), we will collect and process the following categories of data about you:
Personal data you give us. This is data about you that you give us by filling in forms on the Sites or by entering a competition or prize draw (whether via the Sites or otherwise). This will be:
- your name, address and telephone and email contact details;
- (when using the shop) payment details, which vary according to your chosen payment method when purchasing with us; and
- your marketing preferences (if any).
You can access and alter the personal data that you give us in this way at any time via the links given on any emails that we may send or on the functionalities available on the Sites.
We do not require, and you should not send to us, special categories of (sensitive) personal data, such data being that which reveals sensitive information about you, such as your racial or ethnic origin, your political or religious beliefs, your health or other special categories of personal data. Any such sensitive personal data that we receive will be disposed of as soon as it is discovered.
Personal data we collect about you. This is data that we collect automatically about your visit during your time on the Sites, or otherwise through your interaction with us and the Sites. This data helps us to provide you with a good experience when you browse the Sites, including more targeted advertising on the Sites, and also to indicate where the Sites might require improvement. It involves technical information, such as:
- IP address;
- browser preferences and settings;
- details of how you navigate to and around the Sites; and
- (if applicable) details of previous orders of products from us.
We collect this personal data using small data files called “cookies”.
Personal data we receive from other sources. This is data that we receive about you from third parties, such as business partners, providers of technical services (e.g. analytics) or sub‑contractors.
Our business partners that may send us personal data about you include:
- order and payment information made via the online shop is provided by Shopify and PayPal;
- email marketing services are provided by Helson Limited; and
- tracking and analytics services are provided by Facebook, Google and HotJar Limited.
Uses made of the personal data
All personal data about you that we collect or receive, whether of a personal or technical nature, will be used by us in any one or more of the following ways:
- To carry out our obligations arising under any contracts entered into between you and us and to provide you with the information and services that you request from us;
- To enable you to participate in, and to administer, prize draws and competitions or online surveys;
- To contact you, based on the preferences you have selected, regarding information, promotions, or selected third party promotions in which we consider you may be interested. Such contact will only be made by email from which you can opt out at any time;
- To notify you about changes to our services or to your orders;
- To administer the Sites and the delivery of our products and services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve the Sites to ensure that content is presented in the most effective manner for you and for your computer;
- To allow you to participate in interactive features of our service, when you choose to do so;
- As part of our efforts to keep the Sites safe and secure;
- To disclose to our business partners, sub-contractors and other third parties who have a legitimate interest to use your personal data (see section 4 below);
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- To comply with any legal obligations to which we may be subject (e.g. disclosure of suspected fraudulent or other criminal activity); and
- To comply with our record keeping and information storage obligations and policy (please see section 5 below for more details).
Your data will most often be accessed and used by our staff, who are appropriately trained in how to handle personal data correctly and securely. Only those staff involved in sales and marketing, quality control and customer service or order delivery will be granted such access, which shall be limited to that which is strictly necessary for the purposes of that role.
Occasionally, as stated above, selected third parties may also have access to some of your data in order to provide specific services to us as also identified above. These third parties will only have access to such data that is strictly necessary for the purposes of the service in question and are bound by legal and contractual data protection obligations.
Lawful basis for use
Under the Legislation, we can only process personal data where there is a lawful basis for doing so. These bases are set out in the Legislation. Of relevance to the processing identified in section 2 above are the following:
- Where it is necessary to use the personal data in order to perform a contract with you. This covers all processing of your personal data in order to deliver a product to you that you have ordered, to provide you with information that you have requested or to administer a prize draw or competition.
- Where it is necessary to use the personal data in order to comply with a legal obligation. This covers the detection and prevention of crime, reporting to HMRC and processing pursuant to our record keeping obligations.
- Where the use of the personal data is necessary for our legitimate interests or the legitimate interests of a third party, provided that there is not a good reason for that particular data to remain protected that overrides such interest. This covers our use of certain of your personal data in relation to the delivery, monitoring, administering and improvement of the Sites, the carrying out of, and monitoring of the effectiveness of, advertising and disclosures to third parties (in accordance with section 4 below).
- Where you have consented to such use. This covers our use of your personal data to deliver advertising and other promotional or marketing material directly to you (where you have consented to receive such communications). Please note that you may withdraw your consent at any time.
Disclosure of your personal data
Pursuant to one of the lawful bases set out in section 3 above, we may share your personal data as follows:
- Internally among appropriate staff members, as necessary and as set out in section 2 above.
- With Shopify Inc. and PayPal Inc., and their affiliated companies, in order to perform any contract we have with you. These companies have their own privacy policies, available to view via their websites.
- Externally with other service providers (acting as processors) who provide support and assistance with the administration of the Sites and/or the fulfilment of orders.
- With HotJar Limited, Facebook Inc. and Google Inc., and their affiliated companies, in order to provide analytics, tracking and search engine services that assist us in the improvement and optimisation of the Sites. These companies have their own privacy policies, available to view via their websites.
- Externally with governmental or regulatory organisations or with our professional advisors, as may be necessary from time to time.
In such circumstances, we will only share the minimum personal data necessary to achieve the purpose and only on terms that ensure the security and confidentiality of that data, and which comply with the Legislation generally.
Save for as set out above, we will not disclose any of your personal data to third parties without your consent, except that we may:
- In the event that we sell or buy any business or assets, disclose your anonymised personal data to the prospective seller or buyer of such business or assets;
- In the event that we, or substantially all of our assets, are acquired by a third party, transfer the personal data held by us about our customers to the buyer as one of the transferred assets;
- Disclose or share your personal data in order to protect our rights, property or safety, or those of our customers or others.
All third parties to whom we may disclose personal data are legally and contractually obliged to comply with the Legislation, to keep that personal data confidential and only to use it as we may direct.
Some of the disclosures mentioned in this section 4 may involve transferring part of your personal data outside of the European Economic Area. We will seek your consent to such transfers only if the transfer is not:
- to a country that is the subject of an adequacy decision by the EU Commission;
- protected by Binding Corporate Rules approved by the EU Commission or other competent regulatory body;
- to an organisation that is a member of the EU-US Privacy Shield Framework; or
- subject to contractual clauses that impose obligations at least equivalent to those contained in the Legislation.
Where we store your personal data
Most personal data that we collect is disclosed to specific third parties (see section 4 above for more detail on this). Once disclosed, the personal data is securely deleted from our servers, but these third parties may retain your data for a period of time – please view their respective privacy policies for more information on this.
Personal data that we do not disclose is securely stored on our servers only for as long as required – e.g. if the data was collected as part of a competition, for as long as that competition is open and then until prize is claimed or expires. After this time, the data is securely deleted from our servers.
We take appropriate technical and organisational measures in accordance with standard practice within the industry to protect your personal data while it is on our servers, including (without limitation) the following measures:
- Installing a secure firewall;
- Using anti-virus protection software;
- Encrypting data; and
- Carrying out regular back-ups.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site at all times, and any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
Should we, or one of our processors, suffer a data breach (i.e. unauthorised access to, or loss or corruption of, personal data), and that data breach is likely to result in a high risk of harm to your rights and freedoms, we will inform you and/or the Information Commissioner’s Office without delay, and in any event within 72 hours of becoming aware of it..
You have the following rights under the Legislation in respect of your personal data – please contact us or see the website of the Information Commissioner’s Office (ico.org.uk) for more information on any of these rights and how they apply to your personal data:
- The right to be informed about the collection and use of your personal data;
- The right of access to your personal data to verify the legality of our use of it;
- The right to request that inaccurate or incomplete personal data about you is rectified;
- The right to request the deletion or removal of your personal data where there is no further reason for us to use it (such as you have withdrawn your consent);
- The right to restrict our use of your personal data in certain circumstances;
- The right to obtain and reuse the personal data that we have about you for your own purposes;
- The right to object to certain uses (such as for marketing purposes); and
- The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given in section 7 below. We will endeavour to respond to you as quickly as possible, and in any event within one month.
If you feel that your rights have been breached in any way, you should contact the Customer Service Team using the contact details given below, or lodge an official complaint with the Information Commissioner’s Office.
The Sites may contain links to and from the websites of third parties, which may or may not be affiliated with us. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for personal data collected and processed by these third parties. You should check the privacy policies of these websites before you submit any personal data via them.