Privacy Policy

HOW WE USE YOUR DATA

General

Coffee Real uses your personal data:

- to provide goods and services to you;

- to make a tailored website available to you;

- to manage any registered account(s) that you hold with us;

- to verify your identity;

- for crime and fraud prevention, detection and related purposes;

- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;

- for market research purposes - to better understand your needs;

- to enable Coffee Real to manage customer service interactions with you; and

- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

WHAT PERSONAL DATA DO WE COLLECT?

We may collect the following information about you:

- your name;

- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;

- purchases and orders made by you;

- your on-line browsing activities on the Coffee Real website;

- your communication and marketing preferences;

- your preferences, feedback and survey responses;

- your location;

- your correspondence and communications with Coffee Real Ltd; and

- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

Our website is not intended for children and we do not knowingly collect data relating to children.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

HOW WE PROTECT YOUR DATA

Our controls

Coffee Real is committed to keeping your personal data safe and secure. 

Our security measures include: -

- encryption of data;

- regular cyber security assessments of all service providers who may handle your personal data;

- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;

- daily penetration testing of systems;

- security controls which protect the entire Coffee Real IT infrastructure from external attack and unauthorised access; and

- internal policies setting out our data security approach and training for employees.

You have the following rights:

- the right to ask for a copy of personal data that we hold about you (the right of access);

- the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);

- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);

- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);

- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and

- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Just Decaf, including:-

- selling and supplying goods and services to our customers;

- protecting customers, employees and other individuals and maintaining their safety, health and welfare;

- understanding our customers’ behaviour, activities, preferences, and needs;

- improving existing products and services and developing new products and services;

- complying with our legal and regulatory obligations;

- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;

- handling customer contacts, queries, complaints or disputes;

- managing insurance claims by customers;

- protecting M&S, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Coffee Real;

- effectively handling any legal claims or regulatory enforcement actions taken against Coffee Real; and

- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

Updates

This policy was last updated in May 2018.