_edited.jpg)
Privacy Policy
Last Updated: 12 March 2025
1. Introduction
Cafetière & Co ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we process your personal data when you use our website (cafetièreandco.co.uk) to purchase our Cafetière ground coffee products. We are a UK-based company serving mainland UK customers only.
2. Data Controller
Cafetière & Co acts as the data controller of your personal information.
3. Legal Bases for Processing
We process your personal data under the following legal bases:
- Contract: To fulfill our contractual obligations for your coffee orders
- Legal Obligation: To comply with UK tax and business laws
- Legitimate Interests: To improve our services and prevent fraud
- Consent: For marketing communications and cookies
4. Information We Collect & Why
a) Order Processing (Legal Basis: Contract)
- Full name
- Delivery address (mainland UK residential addresses only)
- Billing address
- Email address
- Phone number
- Payment information
- Order history
b) Website Usage (Legal Basis: Legitimate Interests)
- IP address
- Browser type
- Device information
- Shopping cart data
- Website interaction patterns
c) Marketing (Legal Basis: Consent)
- Email preferences
- Shopping preferences
- Marketing response data
5. How We Use Your Information
Specific purposes include:
- Processing your coffee orders
- Delivering to mainland UK addresses
- Handling returns and refunds
- Verifying payment methods
- Preventing fraud through order pattern monitoring
- Sending order confirmations
- Marketing communications (with explicit consent)
- Website improvement
- Customer support
6. Data Retention
We keep your data for:
- Order information: 6 years (tax compliance)
- Marketing preferences: Until consent withdrawal
- Payment information: As required by payment processors
- Returns documentation: 2 years
7. Your GDPR Rights
You have the right to:
- Access your data
- Correct your data
- Erase your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
- Lodge a complaint with the ICO
Response time: Within one month of request
8. Data Sharing
We share data with:
- Payment processors (for transactions)
- Delivery services (for mainland UK delivery)
- Fraud prevention services
- Website hosting provider
- Email service provider
All providers are GDPR-compliant and based in the UK/EEA or covered by adequate safeguards.
9. Cookies
Essential Cookies:
- Shopping cart functionality
- Security features
- Session management
Optional Cookies (require consent):
- Analytics
- Marketing
- Preference storage
10. Marketing Communications
We only send marketing emails with explicit consent. Each email includes an unsubscribe option. You can withdraw consent by:
- Using unsubscribe links
- Emailing us
- Updating account preferences
11. Security Measures
We implement:
- SSL encryption
- Regular security updates
- Access controls
- Payment data encryption
- Order verification procedures
- Photo documentation for returns
12. International Transfers
We primarily process data within the UK. Any necessary transfers outside the UK comply with UK GDPR requirements and adequacy decisions.
3. Changes to This Policy
We'll notify you of significant changes via email and website notice, giving you time to review before changes take effect.
14. Contact Us
For privacy matters:
Email: privacy@cafetiereandco.co.uk
15. Complaints
If you're unsatisfied, contact:
Information Commissioner's Office (ICO)
Tel: 0303 123 1113
16. Special Categories of Data
We don't collect or process any special category data under GDPR Article 9.