Privacy Statement, 200 Degrees Holdings Ltd
Last Updated 20/04/2018
We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never sell, share, or use your personal information other than as described here.
This policy sets out how we will use and share the information that you give us or allow us to obtain from third parties. This policy describes your relationship with 200 Degrees Holdings Ltd (“us”), and in no way represents any agreement between you and us other than as described here.
WHO WE ARE AND HOW TO CONTACT US:
200 Degrees Holdings Ltd is the parent company of 200 Degrees Coffee Shops Ltd and 200 Degrees Coffee Roasters Ltd, and is registered in England and is registered with the Information Commissioner’s Office under the Data Protection Act 1998. The Data Controller is: Tom Vincent. You can get in touch with us in any of the following ways:
By email: email@example.com; by phone: 0115 837 4849 (office hours); by post: Tom Vincent, 200 Degrees, Heston House, Meadow Lane, Nottingham, NG2 3HN
HOW TO CHANGE YOUR PREFERENCES:
You can contact us at any time to change your preferences. This includes requests to object to processing, to be forgotten (right to be deleted), for your data to be corrected, or to transfer your data to another platform. We take your rights seriously and will always reply promptly and professionally.
HOW WE OPERATE:
We operate in line with the EU GDPR (May 2018) Data Protection guidelines. We are committed to maintaining your personal rights and allow all users to change or withdraw their consent options at any time. We will also advise you on how to complain to the relevant authorities, namely the Information Commissioners Office.
HOW WE USE YOUR DATA:
- When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
- When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
- Email marketing (if applicable): With your permission, we may send you emails about our business, new products, offers and other updates.
THIRD PARTY SERVICES:
We use recognised third parties to take payment, manage our company accounts, and provide banking services. In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
Where valid, appropriate, verified, and subject to legal obligations, third parties are also expected to complete rectification or erasure requests within 72 hours of receipt.
HOW WE STORE YOUR DATA:
We will store transaction, payment, and order data for up to 7 years or for as long as required by UK financial and company regulations. These third parties may operate outside the EU.
Our email database is hosted by Mailchimp. They provide us with the platform that allows us to send out our newsletters and general updates via email. Your data is stored securely on Mailchimp’s servers. For more insight, you may also want to read Mailchimp’s Privacy Statement (https://mailchimp.com/legal/privacy)
Our store and subscription service is hosted on Stripe. They provide us with the online e-commerce platform that allows us to sell our products and services to you. For more insight, you may also want to read Stripe’s Privacy Statement (https://stripe.com/gb/privacy).
If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
CHANGING YOUR PREFERENCES AND OPTING OUT AT A LATER DATE:
Once you have given your data and/or explicit consent, you can however still control whether or not you continue to receive communications or see such advertisements from us. The simplest way to remove amend your preferences and withdraw consent is to contact us directly, however you can also unsubscribe from receiving e-mail communications from us by using the instructions in any email communication we send you (usually an 'unsubscribe' or 'STOP' link).
You can opt out at any time from communications by e-mailing us at: firstname.lastname@example.org
Social media: You can configure your advertising preferences on social media by accessing your settings or preference options on the relevant platform.
We are a data controller in relation to the information that you provide us with. As a result, we are legally responsible for how that information is handled.
We will always endeavor to comply with the Data Protection Act 1998, the GDPR (2018) and PECR in the way we use and share your personal data. Among other things, this means that we will only use your personal data:
- fairly and lawfully,
- as set out in the legislation and this policy,
- to the extent necessary for these purposes.
We will report any breaches or potential breaches to the appropriate authorities within 24 hours, and to anyone affected by a breach within 72 hours. If you have any queries or concerns about the data usage please contact us.
Under the Data Protection Act, we are also permitted to share some information with third parties who use such data for non-marketing purposes (including credit and risk assessment and management, identification and fraud prevention, debt collection and returning assets to you). This would include the data you provide to us today, at any time in the past and in the future.
CONTACTING US, EXERCISING YOUR INFORMATION RIGHTS, AND COMPLAINTS:
This policy may be updated from time to time – where material changes occur we will contact you on the email address provided. You have the right to remove consent at any time.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
Most browsers allow you to refuse to accept cookies.