At Cafédirect we are committed to ensuring the lawful collection and management of personal information. We will always keep your information secure and manage it in accordance with the General Data Protection Regulation (GDPR) and our legal responsibilities under privacy and data protection laws where we operate.
INFORMATION WE COLLECT
To do this we need to know your name and address or e-mail address. This allows us to notify you when the information you have requested becomes available. We also ask for your telephone number, which enables us to contact you directly if we have a query about your request. We may collect additional information in connection with your participation in any promotions or competitions offered by us and information you provide when giving us feedback, completing profile and registration forms and responding to surveys that we use for research purposes.
We may also keep a record of any communications we have with you, for instance, when you contact our customer support centre, or interact with us through any contact form on the website/s. We do this in compliance with applicable laws to help monitor and improve the quality of our customer support services.
When you place an online order with Cafédirect, we will collect basic payment information to enable us to process the purchase. This will include your name, address (and delivery address if different), email address and payment card / account details, together with your username and password (should you have registered an account with us)
Cafédirect may also monitor aggregate customer traffic patterns and site use.
Cafédirect may collect details of your visits to the website such as traffic data, location data, country data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources you access.
HOW WE USE YOUR INFORMATION
In addition to the uses outlined above, we also use information collected from users to:
- ensure that content from our site is presented in the most effective manner for you and for your device;
- share with a member of our group;
- provide you with information, products and services that you request from us or which we feel may interest you, where you have agreed to be contacted for such purposes;
- carry out our obligations arising from any contracts entered into between you and us, for example, when signing up to a subscription service via the Cafédirect website;
- allow you to participate in interactive features of our service;
- provide users with information on how others are using our website; and where you choose to use a “tell-a-friend" or similar referral program on the Cafédirect website and unless your friend has asked us not to send them marketing emails already, we will ask for your friend’s contact details to share information about our products and services that might be of interest to them. We will only do this where we have appropriate permissions or you have provided appropriate permissions (for instance, you are reasonably certain that your family and / or friends would consent to receiving the marketing material in question) as are required by privacy and data protection laws.
- COMMUNICATIONS FROM US
- We may use your personal information to provide direct marketing communications [in the form of email alerts, newsletters and marketing communications to tell you about our products and services. We will only do this where you have indicated that you would like to receive updates and you may change your preferences and cease receiving direct marketing from us any time (see below for information on updating your details).
- Where you have indicated that you would like to receive direct marketing communications from us, we will use your contact details and personal preferences which you have told us about, which we have derived from cookies (see our section below on cookies), which we have inferred from your service usage or marketing research about your profile.
You have the right to ask us not to process your personal data for marketing purposes.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
KEEPING YOUR INFORMATION SECURE
We will keep your information secure as required and manage it in accordance with our legal responsibilities under privacy and data protection laws where we operate.
RETAINING YOUR INFORMATION
We will only keep your information for as long as we need to for legal purposes or for as long as you require our services. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
PROVIDING INFORMATION TO OTHERS
We may share information with companies and organisations that process data on our behalf. We may also use and disclose information in aggregate (so that no individual customers are identified) for marketing and strategic development purposes.
We will only share information with other organisations:
- where we believe it is necessary for a legitimate reason connected with the service we offer.
We may disclose your personal information to any member of our group from time to time, which means our parent undertaking and its subsidiary undertakings, as defined in the UK Companies Act 2006. We may also disclose your information to third parties:
- In the event that we sell or buy any business or assets, in which case, we may disclose data to the prospective seller or buyer or such business of assets.
- If we sell all or substantially all of our assets and are acquired by a third party, in which case data held by us about our subscribers and contacts will be one of the transferred assets.
- If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation, valid request from a governmental authority, or in order to enforce or apply our terms and conditions and other agreements; or to protect our rights, our property, or safety of our subscribers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WE PROCESS YOUR PERSONAL AND PAYMENT DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA’). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
We do not store your credit card numbers at any time. All purchases are secured via SSL and the card numbers are tokenised and stored with our payment provider. These tokens will only ever be used for your initial transactions and to renew your subscription with your permission. At any time you cancel your account, all your personal payment data will be entirely removed from all our systems.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we’ve received your information, we will use strict procedures and security features to try to prevent unauthorised access.
PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, in line with our internal retention policy.
The Cafédirect website uses ‘cookies’, including third party cookies to support social media, personalisation and analytics functionality.
‘Cookies’ are small computer files of letters and numbers which are downloaded onto your device and collect information about the way in which you navigate and use the website and internet. We may occasionally use ‘cookies’ to enhance some of the functionality of the website, for example to allow you to share posts on our blog. You can decide to disable your cookies and this will have little impact on your experience of our websites but there may be some limitations – for example you won’t be able to share content. It may also affect your experience on other websites.
ACCESS RIGHTS AND UPDATING YOUR DETAILS
You have the right to request a copy of the information that we hold about you. If you think any of the personal information we hold about you is inaccurate, you may also request a correction. You also have a right, in certain circumstances, to require us to stop processing your personal information. In relation to all of these rights, please email or write to us at the address below. Please note that we may charge a small administrative fee for the provision of a copy of your personal information. We may also request proof of identity. In certain circumstances (for example where required or permitted by law) we might not be able to provide you with access to some of your personal information, and we will notify you of the reason.
THIRD PARTY SITES
LAW AND JURISDICTION
This agreement and any dispute arising out of it will be governed by English Law. Any dispute or claim arising out of or in connection with this agreement or its formation (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the courts of England and Wales.