We use your Personal Information only for providing and improving the Website. By using the Website, you agree to the collection and use of information in accordance with this policy and with the requirements of the Law, the relevant national and Community legislation and the relevant decisions and acts of the relevant Authority.
Data Protection Framework
Personal Information We collect from you
We collect information when you purchase something or use our services. This includes Store visit, using our website or corresponding with us.
- We keep information you give us directly when you sign up , such as contact information (name, surname, e-mail address and mobile phone number), or ( optional ) birth date and gender
- We record and analyse store, web and app visits, details of your purchases and where you take advantage of our promotions.
- If you report to us an incident, we may need to log information about it.
- If you engage with us online via our websites or app our cookies and similar technologies will capture your IP address, your location, and record how you use the site or app to help improve it and improve your user experience, where your browser settings or permission allows for this.
- If you contact Us directly and complain or give feedback, receive compensation, or enter a competition, we will record details and all related information such as emails, letters and phone calls.
- We use CCTV in our Store for the prevention and detection of crime and for safety and security reasons.
Information we receive from third parties
We may receive your information from other people. This can happen when you participate in market research, such as focus groups or surveys.
Information Collection And Use
Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us. The certain personally identifiable information you may provide to us , could reasonably be used by us as permitted by and in accordance with applicable data protection law, to : (i) identify you and enable you to use our Website ( for the administration and delivery of an order) or in response to any query; (ii) send promotional and marketing communications ( newsletters and e-mails ) to you regarding us and our products and Website; (iii) data share with our affiliates , business partners and market research companies to conduct market research and analysis about our Website on our behalf; (iv) create personalized content, offers, Website, and advertising; (v) support any other intended purpose stated at the time at which your information is collected, subject to any preferences which you may have indicated; (vi) prevent fraudulent transactions and theft; and (vii) comply with applicable law, governmental request, court order, or otherwise protect the rights, property, or safety of us or others.
By participating to our Services you acknowledge and consent to us using your information in those limited circumstances and for the purposes described.
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This Website, and any services available from this Website, do not knowingly collect or process any sensitive personal data
How We Share Your Personal Information
In certain circumstances we may pass your Personal Information to carefully selected third parties. We will never pass your Personal Information for such purposes unless you have allowed us to do so or we have a lawful right to do so.
We use third party providers for the following services:
- Wifi in Store
- Sending promotional offers
- Customer feedback surveys
- Loyalty cards
- IT development, support, maintenance and hosting, including the provision of applications and website hosting
- Payments’ processing to enable you to pay by credit or debit card
- CCTV system provision and maintenance
If after having given us permission to pass your Personal Information to third parties you change your mind you can opt out by contacting us as described below.
In addition, it may be necessary to disclose your Personal Information if we are under a duty to disclose your Personal Information in order to comply with any legal obligation, carry out an internal investigation, enforce our Terms and Conditions and any other agreement, or protect the rights, property, or safety of Us and our customers, directors, employees or other personnel. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention.
Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to Us using this website, we need to make you aware of one organisation that act as Data Processor for us in the provision of our services to you:
Coffee Island London B Ltd, based in the United Kingdom.
Coffee Island is registered with the Information Commissioner’s Office under the UK Data Protection Act 1998.
Cookies are files with small amount of data, which may include an anonymous unique identifier.
Cookies are sent to your browser from a web site and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. For further details, please read our cookies policy.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
The technology that we use and the policies that we have implemented are intended to safeguard your privacy from unauthorised access and improper use.
Where appropriate, we attempt to provide for the secure transmission of information, such as credit card details, from your computer to our server by utilising SSL (Secure Sockets Layer) encryption software. However, due to the inherent open nature of the internet, we cannot guarantee that all data transmitted will be secure since no method of transmission over the Internet, or method of electronic storage, is 100% secure. Use of this Website demonstrates your assumption of this risk.
Customer and Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to Coffee Island using this website. These include your rights to request that Coffee Island :
- confirms to you what personal data it may hold about you, if any, and for what purposes
- changes the consent which you have provided in relation to your personal data
- corrects any inaccurate or incomplete personal data which may be held about you
- provides you with a complete copy of your personal data for you to move elsewhere
- stops processing your personal data, whilst an objection from you is being resolved
- permanently erases all your personal data promptly, and confirms to you that it has done so (there may be reasons why we may be unable to do this)
- transfers of your personal data to another organization
To contact Us, please see our contact details below.
You can always complain to the Information Commissioners Office about what we are doing with your information: https://ico.org.uk/concerns/.
How Long We Keep Your Personal Information
We will not keep any personal information about you for any longer than is necessary. We follow a personal data retention policy which determines how long we keep specific types of personal information for. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary. For further information you can contact Us.
Transferring Personal Information Outside Of The EEA
The Personal Information you provide to us will be transferred to and stored on our servers, which sits within the EEA.
We will not transfer your information outside the European Economic Area ("EEA") unless you are a user located outside the EEA in which case it may need to transfer your information to deliver your goods, process payment/refunds, or to send you promotional information you have subscribed to.
We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Policy and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside the EEA.
For the avoidance of doubt, in the event that the UK is no longer a part of the EEA, references in this paragraph to the EEA shall mean the EEA and the UK.
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our Store and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). The non-provision of the personal data would have the consequence that the contract with you could not be concluded.
Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
Contact Us-Opt out
We treat all complaints about a breach of the privacy laws seriously. Someone from Coffee Island will investigate your complaint and respond to you within a reasonable time.