Cloud Gate Coffee
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Union Hand-Roasted Coffee. By means of this data protection declaration, our business would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Cloud Gate Coffee
ADDRESS: Justine McNichol, Cloud Gate Coffee, Hawkcliffe Works, Hebden Bridge Road, Oxenhope, BD22 9SY
Any data subject may, at any time, contact us with any questions and suggestions concerning data protection.
• your IP address, and details of which version of web browser you used
• information on how you use the site, using cookies and page tagging techniques
• information for the facilitation of order processing and delivery such as delivery addresses
This data can be viewed by authorised people within our business to:
• Fulfil orders placed on this website or repeat orders via our coffee subscription service
• Improve the form and function of our website
• Understand our customers for improvement to delivery of marketing activity
Contact possibility via the website
The websites www.cloudgatecom and www.cloudgatewholesale.com contain information that enables a quick electronic contact to our business, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
Legal basis for the processing
Contract – Where Cloud Gate Coffee need to process someone’s personal data to fulfil contractual obligations to you or because you have asked Cloud Gate Coffee to do something before entering into a contract(eg provide a quote), contract is used as a legal basis.
Legitimate interests – if processing is necessary for your interests, for example keeping customers appraised of new product lines relevant to their business, this is done using legitimate interests as a legal basis.
Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, in line with our internal retention policy.
Disclosing your information
We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we don’t pass on your details to other websites.
Any other organisations who access your information in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your information and keep to data-protection and privacy laws which apply. We may use service providers to help us run these sites (or services available on the sites).
You can find out what information we hold about you, and ask us not to use any of the information we collect.
Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
GDPR and our business customers
A new piece of legislation regarding Data Protection became law In May 2018. General Data Protection Regulations (GDPR) replaced the dated Data Protection previously operated by the ICO.
We shall use appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. We shall not sub-contract any processing of personal data unless that personal data continues to be subject to an appropriate level of protection. To the extent that we as data processor for you, we shall only process personal data in accordance with your instructions.
We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, whilst we are working with you and past this point. This includes using information to enable us to comply with our customer contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
The criteria used to determine the period of retention of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, in line with our internal data retention policy, as long as it is no longer necessary for the fulfilment of or initiation of the services being provided or is no longer necessary for the specific purpose for which it was obtained.
Under the GDPR data subjects have a number of rights:
• The right to be informed about whether their personal data is being processed by us;
• The right of access to the personal data that we store about them;
• The right to rectification of their personal data should it prove to be inaccurate;
• The right to erasure of their personal data under specified circumstances;
• The right to restrict the processing or their personal data under specified circumstances;
• The right to data portability – the ability to have their personal data transferred to another data controller;
• The right to object to having their personal data processed by us (under specified circumstances); and
• The right not to be subject to automated decision-making, including profiling. ([entity name] does not use automated decision-making or profiling).
More detailed information on data subjects’ rights can be obtained by contacting the Data Protection Team using the contact details at the top of this privacy notice.
As a data subject, if you are not satisfied with the action we have taken in relation to exercising your rights, or if you believe that your data has been misused or that we have not kept it secure, you may complain to the Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate). https://ico.org.uk/concerns
Cloud Gate Coffee is committed to protecting your privacy and promises not to share any information we collect with any third party.
However, as our online shop is mail order, it is necessary for us to gather certain pieces of personal information in order to fulfil our service and make your shopping experience as simple and easy as possible.
Immediately below is a brief summary of how we collect info and use it.
Further down the page is a detailed explanation.
The information we do collect - and how it is collected:
When you place an order, we need to know certain information. To fulfil orders we need to know your name, e-mail address, telephone number and full delivery address and billing address. We store this information securely so that it makes your online shopping quick, and effective. It also allows us to contact you should anything untoward happen with your order.
At our checkout, we ask for your credit or debit card number, expiry and start date, issue number (if applicable) and security code. We ask for this each time and do not retain in accordance with current data protection legislation. We also ask for a despatch address if you require your order to be sent as a gift, or to a place of work.
We may also use the information we collect to occasionally notify you of site updates and also seasonal offerings through the year.
Protecting our customers' financial information:
When you place an order with your credit or debit card, it is done using a secure connection to our payment provider. We do not take or hold your credit card details unless you choose to do so by storing details in the ‘My Wallet’ section of your account.
We strongly recommend that you do not email an order to us containing credit card information, because most email is sent un-encrypted and so is not secure. All our customer data held online is encrypted and held in a secure environment.
If for whatever reason you feel that Cloud Gate Coffee has not adhered to the principles as stated above, please contact us.
This Policy applies as between you, the User of this Website and Cloud Gate Coffee the owner and provider of this Website. This Policy applies to our use of any and all Data collected by us in relation to your use of the Website.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
means collectively all information that you submit to the Website. This definition shall, where applicable, incorporate the definitions provided in the General Data Protection Regulation 2016;
means Union Hand-Roasted Coffee of 29 The Green, Winchmore Hill, London, N21 1HS;
“UK and EU Cookie Law”
means the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
means any third party that accesses the Website and is not employed by Union and acting in the course of their employment; and
means the website that you are currently using (www.unionroasted.com) and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. Scope of this Policy
This Policy applies only to the actions of Cloud Gate Coffee and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.
3. Data Collected
Without limitation, any of the following Data may be collected by this Website from time to time without user submission:
3.1 [IP address (automatically collected);]
3.2 [web browser type and version (automatically collected);]
3.3 [operating system (automatically collected);]
3.4 [a list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected)]
4. Our Use of Data
4.1 Any personal Data you submit will be retained by Union for 5 years.
4.2 Unless we are obliged or permitted by law to do so, and subject to Clause 5, your Data will not be disclosed to third parties. This includes any affiliates and / or other companies within our group.
4.3 All personal Data is stored securely in accordance with the principles of the General Data Protection Regulation 2016. Fore more details on security see Clause 11 below.
4.4 Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
4.4.1 [internal record keeping;]
4.4.2 [improvement of our products / services;]
4.4.3 [transmission by email of promotional materials that may be of interest to you;]
4.4.4 [contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website.]
5. Third Party Websites and Services
5.1 Cloud Gate Coffee may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment processing, delivery of purchased items, search engine facilities, advertising and marketing. The providers of such services do have access to certain personal Data provided by Users of this Website.
5.2 [Any Data used by such parties is used only to the extent required by them to perform the services that Cloud Gate Coffee requests. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties shall be processed within the terms of this Policy and in accordance with the General Data Protection Regulation 2016.]
6. Links to Other Websites
7. Changes of Business Ownership and Control
7.1 Cloud Gate Coffee may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Cloud Gate Coffee. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was originally supplied to us.
7.1 In the event that any Data submitted by Users is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
8. Controlling Use of Your Data
8.1 Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
8.1.1 use of Data for direct marketing purposes; and
8.1.2 sharing Data with third parties.
9. Your Right to Withhold Information
9.1 You may access the Website without providing any Data at all. However, to use all features and functions available on the Website you may be required to submit certain Data.
10. Accessing your own Data
You have the right to ask for a copy of any of your personal Data held by Cloud Gate Coffee (where such data is held). Contact us at firstname.lastname@example.org
11.1 Data security is of great importance to Cloud Gate Coffee and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.
12. Changes to this Policy
Cloud Gate Coffee reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.
For any further information or to discuss anything covered within this policy please contact email@example.com