The Coffee Room Head Quarter is located at 2b Grove Road, E3 5AX London.

Our Data Protection representative can be contacted by email on info@coffeeroom.co.uk

This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the General Data Protection Regulation (EU 2016/679) (GDPR).

The Coffee Room London is a “data controller”. This means that we are responsible for deciding how we hold and use and store personal information about you. We are required under the GDPR to notify you of the information contained in this privacy notice.

We may update this notice at any time. If relevant (and feasible), we will notify you.

It is important that you read this notice, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you so that you are aware of how and why we are using your personal information.

Data Protection Principles

We will comply with all relevant data protection law (including the GDPR). This requires that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

The Kind of Information We Collect and Hold About You

Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data).

We collect personal data across the business relevant to the department – including, full name, address, telephone number, email address, employment history, bank details, social media handles and emergency contact details.

We also collect, store and use the following “special categories” of personal data, however, this is restricted to our employees and is accessed by HR only: health and medical records and ethnicity information.

This personal data is collected through the registration forms on the following websites and through internal documentation completed by employees.

• https://www.coffeeroom.co.uk

Personal data is also be received from third-party providers such as Google, Super Metrics, LinkedIn, Social Media.

Please see our Cookie Notice for details of how cookies are used.

How We Will Use Information About You

We will only use your personal information in the ways the law allows. Most commonly, we will use your personal information in the following circumstances:

1. Where you have given us consent for the processing of your data in relation to a landing page form-fill

2. Where the processing is required for the performance of a contract either party have entered

3. Where the processing is necessary for compliance with a legal obligation

4. Where processing is necessary for the purposes of legitimate interests by us as a data controller. If personal data is used in this instance, we will document our considerations in a legitimate interest assessment (LIA).

Situations In Which We Will Use Your Personal Information

We need all the categories of information detailed above primarily to allow us to contact you following your enquiry on one of our landing pages.

If you are a client or supplier, then we will need to process your data in line with our legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.

• Administration of a contract we have entered with you and providing our products and services to you

• Business management and planning, including accounting and auditing.

• Planning for the termination of our contracting relationship.

• Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of our various retention periods are in our retention policy and are available upon request.

Rights Of Access, Correction, Erasure & Restriction

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your Rights:

Subject Access Request – this enables you to receive a copy of the personal information we hold about you. To action this request, please email the data protection contact: info@coffeeroom.co.uk

We require a suitable form of identification and under normal circumstances, we will supply this to you within 30 days of your request and identification being received.

No fee is usually payable; however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive.

Request Correction – this enables you to have any incomplete or inaccurate information we hold about you corrected.

Request Erasure – this enables you to delete or remove personal information when there is no good reason for us to continue processing it.

Object to processing – in certain circumstances, you have the right to request we suspend the processing of your data. Please contact us if you require more information on this.

Request the Transfer – you have the right to request the transfer of your personal data to a third party. Please contact us if you require more information on this.

Right to Withdraw Consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact the data protection officer. Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.

Right to Complain – you have the right to complain at any time to the Information Commissioners’ Office (ICO) regarding data protection issues – https://ico.org.uk

We reserve the right to update this privacy notice at any time. If you have any questions about this privacy notice, please contact us at info@coffeeroom.co.uk

Payment Security

Our website utilizes SSL to protect web browsing, email, messaging, and financial transactions. SSL encryption increases the difficulty of hacking or data theft. SLL (Secure Sockets Layer) is a set of cryptographic protocols that provide security during digital communications for eCommerce payment systems.

We have fully implemented the Payment Card Industry (PCI) Compliance. The payment card industry security standard council was formed in the year 2006. It ensures that the companies who deal with the accepting, processing, storing and transmitting credit card information have to maintain a secure environment. PCI DSS is not a law in itself but a standard made by a collaboration of various branded card company like Visa, Mastercard, JCB, AMEX and Discover. If your company is not PCI compliant has to face some serious consequences like fines, card replacement cost, costly forensic audits and off-course lost to brand image.

PCI Compliance

Secure Network - maintain a firewall to protect customer data

Data Protection - protect and encrypt cardholder data transmissions

Risk Management - maintain secure systems by targeting vulnerabilities

Access Control - restrict access to cardholder data by a need-to-know basis

Monitoring - regularly monitoring networks and track access to resources

Maintenance - maintain a policy that addresses security

Alcohol Premises License - Terms & Conditions

The Licensing Act 20031 requires premises at which the retail sale of alcohol takes place to have a premises licence. We are holding an Alcohol premises license for each our branch. During your purchase online or in the physical shop a customer will be asked every time to prove age over 18 by showing a valid ID. Our divers will ask every customer to provide valid ID during the delivery process. Any alcoholic product will not be sold if the customer’s ID is not valid or the customer’s age is under 18. Our policy also doesn’t allow to sell alcohol a customer that is already drunk.

Please drink responsibly. For the facts, visit www.drinkaware.co.uk.

1  Covers England and Wales: Scotland and Northern Ireland have their own licensing regimes, which differ in some ways.

Do you experiencing the 'AVS mismatch' error message?​

An AVS mismatch is when the billing address provided at checkout does not match the billing address or payment credentials on file with the card issuer. The Billing Address doesn’t have to be necessarily the same as the Shipping Address. Please ensure that you inserting the correct Billing and Shipping Address.

Payment Cancellation & Refund Policy

There is no cancellation fee applied in our shops or eCommerce. The customer will receive a coupon of the value of the cancelled purchase if a customer’s purchase is cancelled for any reason. The coupon will be sent to the customer’s email within 30 days. The coupon can be applied only once and within 30 days after receiving. We apologize for any inconvenience that may cause you.

Please, don’t hesitate to contact us for further information.