We take your privacy seriously and comply with the General Data Protection (/) Regulation.
This policy explains how any personal data we are provided by or collected from you will be processed by Two Chimps Coffee Limited.
Data Protection Officer
Two Chimps Coffee
8b Oakham Enterprise Park
Rutland LE15 7TU firstname.lastname@example.org
Please get in touch using the information above.
The personal data we collect will be the information you provide including your name, email address, billing address and delivery address
When signing up to purchase from us, you will fill in a form to include your name and contact details along with a delivery address if this is different. At the end of the shopping experience, we ask you to pay for your purchases. Payments are taken by Stripe or Paypal. As a result, we never store or have access to your payment details.
Upon opening an account or as a guest user, we keep a record of all purchases and shipments. This is kept with information about the products and specifications you have purchased. This is so we can replicate lost orders if needed and helps us to recommend new coffees (if asked) based on your previous purchases.
The information that we hold as mentioned in the paragraphs above will be held for as long as is required by law, other relevant bodies or is necessary for us to provide you with our services.
In certain circumstances, we may collect information about others. This would arise if you have purchased a gift for someone and have filled out their contact details instead of your own.
By doing so, you express that you have obtained the consent from whose contact information you provide us with.
Through a contact us form on our website, we collect email addresses and telephone numbers. This information is used to follow up on the individual enquiry.
We collect email addresses when an email is sent to us. This is used to respond to the email and to follow up if necessary.
Email information is stored on our exchange server before it is archived locally.
The basis for processing your personal data in these cases is to fulfil our contract with you.
The basis for processing your personal data in these cases is your consent which you give by completing our form(s) whether online or in paper.
You also give your consent to us contacting you from time to time with information about our products and services which we believe will be of interest to you – for example changes in our products or services and offers that we may be running.
We use ticking the ‘receive newsletter’ box upon sign up as consent to be added to our newsletter which is sent by email.
If you would prefer that we did not process your personal data in this manner or wish to restrict our processing of it, you have the right to request this. Please contact us at email@example.com to inform us.
To make sure our website looks at its best on any chosen device
Third party cookies, such as Google Analytics will collect device-specific information, such as your operating system along with others. With this information, we can further develop the user experience of this website to suit the methods it is being viewed from. This information is statistical only and does not identify any individual. This is not uncommon with online businesses.
Storing your personal information
We will never disclose personal information to anyone unless we are required by law to do so.
Information sent between your selected browser and our website is sent using a 2048 bit encrypted SSL (Secure Socket Layer.) We suggest that your browser can always validate our SSL certificate.
Sharing your personal information
We will never share your personal information with third parties for the purpose of remarketing. To fulfil our contract with you we will share your details where it is necessary (for example delivery companies will need your delivery address details).
As an exception to this rule, we may do so if we are required by law, for purposes of fraud protection, or in the event that we sell our business.
The General Data Protection Regulation (GDPR) gives you the following rights:
The right of access to personal data held about you
To access your personal data with the GDPR requests should be sent to firstname.lastname@example.org. We will reply in a timely fashion, as set out by the GDPR. Currently, this is up to one month.
If you wish to obtain confirmation that your data is being processed, please contact us at email@example.com. We will provide this information free of charge within a reasonable time period as set by the GDPR. Currently, this is up to one month from the date of the request. If your request is unfounded or excessive, we can charge a reasonable fee for the above to cover administration costs or refuse to respond. If we refuse to respond, we will explain why and inform you of your right to complain to the GDPR. This can take up to one month to process.
If you wish to access your personal data, please log in to your account.
The right to have this corrected if it is wrong
To update your details held by us, please log in to your account. Alternatively, contact us at firstname.lastname@example.org. We will update your details for you. This can take up to one month.
The right to stop personal data being used for direct marketing
If, after signing up to our newsletter, you decide to change your mind, please unsubscribe using the link in the email itself. Removal from our newsletter can take up to 2 working days.
Your right to withdraw consent
If you wish to withdraw your consent at any time, please do one, or both of the following:
- To stop us contacting you through our newsletter, please use the unsubscribe link at the bottom of every page.
- Close your account.
If you wish to stop using your account at any time, your account will be marked as un-active. If you would prefer us to remove your account completely, please contact us at email@example.com
Payments on our website are handled by a third-party payment gateway. We use Stripe or Paypal for this service. As a result, we never store your card details. When you update your card information on our website, Stripe handles everything for us.
Your right to complain
If you feel that there is a problem in the way we handle your data please contact the Information Commissioners Office.
Automated Decision Making
We do not use any data for automated decision making.
Your right to data portability
If you wish for us to share your information with you in a way that is suitable for data portability, this will be done via a CSV file.
Your right to object
You have the right to object to your data being processed for legitimate interests including profiling, direct marketing or for purposes of scientific/historical research and statistics. Your right to object will be reviewed on a case by case basis, following the guidelines set out by the GDPR. To object, please contact us at firstname.lastname@example.org
If this policy is amended at any time, the amendments will be added to this page.