Privacy Policy

Last updated: [Insert Date]

1. Introduction

This Privacy Policy explains how Evergreen Coffee Lab ("we", "us", or "our"), a coffee shop located in England, collects, uses, discloses, and protects your personal information when you visit our premises, use our website, interact with us on social media, or otherwise engage with our services.

We are committed to protecting your privacy and handling your personal information in accordance with applicable data protection laws in England and the United Kingdom, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Controller: Evergreen Coffee Lab Business type: Coffee shop Region: England, United Kingdom

Evergreen Coffee Lab is the controller of your personal data. This means we decide how and why your data is processed.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information you provide directly

• Contact details: name, email address, phone number.
• Order information: items ordered, preferences (e.g., milk type, syrups), collection time.
• Payment information: limited payment details (e.g., last four digits of card, transaction ID) when processed through our payment providers. We do not store full card numbers.
• Account details (if applicable): username, password (stored in encrypted form), profile preferences.
• Communications: content of emails, messages, or other communications you send to us (e.g., feedback, complaints, enquiries, job applications).

3.2 Information collected automatically When you visit our website or interact with our digital services, we may automatically collect:

• Technical data: IP address, browser type and version, device identifiers, operating system, time zone setting.
• Usage data: pages visited, time spent on pages, clickstream data, access times, referring website addresses.
• Cookies and similar technologies: information collected through cookies, web beacons, and similar tools. (For more information, please see our Cookies section below.)

3.3 Information from third parties We may receive personal data about you from:

• Online ordering and delivery platforms.
• Payment service providers.
• Social media platforms, if you interact with our profiles (e.g., likes, comments, messages).
• Marketing and analytics providers, where permitted by law.

4. Legal Bases for Processing

We process your personal data only where we have a lawful basis to do so under UK data protection law. These bases include:

• Contract: to perform a contract with you or to take steps at your request before entering into a contract (e.g., processing your coffee order).
• Legitimate interests: for our legitimate business interests, provided your interests and fundamental rights do not override these (e.g., improving our services, preventing fraud, securing our premises).
• Consent: where you have given clear consent for a specific purpose (e.g., receiving marketing emails).
• Legal obligation: to comply with legal and regulatory requirements (e.g., accounting, tax, or health and safety obligations).

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 To provide our products and services

• Processing and fulfilling your orders.
• Managing reservations or event bookings.
• Communicating with you about your order or booking.
• Providing customer support and responding to enquiries.

5.2 To manage your relationship with us

• Creating and managing any online account or loyalty programme you choose to join.
• Notifying you about changes to our terms, services, or this Privacy Policy.

5.3 Marketing and promotions

• Sending you newsletters, offers, and promotions by email, SMS, or other channels, where permitted and where you have not opted out.
• Personalising marketing content based on your previous interactions with us. You can opt out of marketing communications at any time by following the unsubscribe link in our emails or contacting us directly.

5.4 Website operation and improvement

• Operating, maintaining, and improving our website and online services.
• Analysing usage patterns to enhance user experience and our offerings.
• Measuring the effectiveness of advertising and promotional campaigns.

5.5 Security, safety, and legal compliance

• Protecting our premises, customers, employees, and property.
• Detecting, preventing, and addressing fraud, abuse, or security incidents.
• Complying with legal obligations and responding to lawful requests from authorities.

6. Cookies and Similar Technologies

We use cookies and similar technologies on our website to:

• Enable core site functionality.
• Remember your preferences (e.g., language, cookie choices).
• Understand how visitors use our site and improve performance.
• Support marketing and analytics.

You can control cookies through your browser settings, and in some cases via cookie banners or tools provided on our website. Disabling certain cookies may affect the functionality of the website.

7. Sharing Your Personal Data

We may share your personal data with:

• Service providers: Third-party companies that provide services on our behalf, such as payment processors, IT and hosting providers, marketing and analytics services, booking systems, and delivery partners. These providers are contractually required to protect your data and may only use it in accordance with our instructions.
• Professional advisers: Lawyers, accountants, auditors, insurers, and other professional advisers, where necessary for our legitimate interests and legal compliance.
• Authorities and regulators: Law enforcement, courts, regulatory bodies, or government agencies where required by law or necessary to protect our rights or the rights of others.
• Business transfers: In the event of a merger, acquisition, financing, sale of assets, or similar transaction involving Evergreen Coffee Lab, your data may be transferred as part of that transaction, subject to appropriate safeguards.

We do not sell your personal data.

8. International Data Transfers

Where we work with service providers or partners located outside the United Kingdom, your personal data may be transferred to and processed in other countries. In such cases, we will ensure that appropriate safeguards are in place, such as:

• An adequacy decision by the UK government for the destination country; or
• Standard contractual clauses or equivalent legal mechanisms approved by the UK data protection authorities.

9. Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including for:

• Providing our services to you.
• Meeting legal, accounting, and reporting requirements.
• Resolving disputes and enforcing our agreements.

The specific retention period will depend on the type of data and the context of the processing. When data is no longer required, we will securely delete or anonymise it.

10. Your Rights

Under UK data protection law, you have the following rights (subject to certain conditions and exemptions):

• Right of access: to obtain a copy of your personal data and information about how we process it.
• Right to rectification: to have inaccurate or incomplete data corrected.
• Right to erasure: to request deletion of your personal data in certain circumstances.
• Right to restriction: to request restriction of processing in certain circumstances.
• Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where feasible.
• Right to object: to object to processing based on our legitimate interests or for direct marketing.
• Rights related to automated decision-making: to not be subject to decisions based solely on automated processing, including profiling, where such decisions have legal or similarly significant effects on you, unless specific conditions are met.

If you have given consent for specific processing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing carried out before your withdrawal.

To exercise your rights, please contact us using the contact details described in the "Contact Us" section below. We may need to verify your identity before responding to your request.

11. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures may include:

• Access controls and authentication.
• Encryption and secure transmission where appropriate.
• Regular review of our security practices and policies.

However, no system can be completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

12. Children’s Privacy

Our services are not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us so that we can take appropriate steps to delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make significant changes, we will take appropriate steps to notify you, such as posting a prominent notice on our website or contacting you directly where appropriate.

The "Last updated" date at the top of this Policy indicates when it was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:

Evergreen Coffee Lab [Insert Postal Address] [Insert Email Address] [Insert Phone Number]

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data. Further information is available at www.ico.org.uk.