Privacy Policy
This Privacy Policy describes how Café Mountain Coffee Ltd ("we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from cafemountain.net (the "Website").
We operate as the Data Controller for personal data collected through this Website. We are committed to protecting your privacy in strict compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Data Controller: Café Mountain Coffee Ltd
- Postal Address: Unit 1, Fox Farm, Lambourn, Woodlands, Hungerford, RG17 8TR, United Kingdom
- Email: sales@cafemountain.net
- Telephone: 0800 678 5304
The Personal Data We Collect
When you interact with our online store, we collect distinct categories of information:
- Identity and Contact Data: Includes your first name, last name, billing address, delivery address, email address, and telephone number.
- Transactional Data: Includes details about payments to and from you, and explicit details of coffee products, gift packs, and subscriptions you have purchased from us.
- Financial Data: Payment details are collected directly by our third-party payment processors (e.g., Stripe). We do not store or have direct access to your credit/debit card numbers.
- Technical and Usage Data: Includes your internet protocol (IP) address, login data, browser type and version, time zone setting, operating system, and data regarding how you navigate our store.
Lawful Basis and How We Use Your Data
Under the UK GDPR, we must have a lawful basis to process your personal data. We use your data for the following reasons:
- Performance of a Contract: To process your order, manage payments, arrange shipping via fulfillment couriers, and handle any subsequent returns, refunds, or customer support actions in compliance with the UK Consumer Rights Act 2015.
- Legitimate Interests: To protect our website from malicious behavior or fraudulent transactions, to maintain accurate e-commerce system logs, and to optimize your user experience.
- Compliance with a Legal Obligation: To retain transaction records for UK HMRC tax, accounting, and financial corporate reporting requirements.
- Consent: For any opt-in direct marketing communications (such as our newsletter). You can withdraw this consent at any time via the "unsubscribe" link in our emails.
Data Sharing and Third-Party Processors
We do not sell your personal data. We only share your data with essential third-party service providers (Data Processors) who help us operate our e-commerce business:
Payment Gateways: To process secure checkout payments (e.g., Stripe).
Delivery and Courier Services: To dispatch and deliver your physical orders (e.g., Royal Mail, DPD, DHL).
Technical Infrastructure Providers: Host platforms and local administration backups required to run the website.
Legal and Regulatory Authorities: If required by law, such as sharing transactional historical data with HMRC.
International Data Transfers
Our payment infrastructure or cloud services may store data on servers located outside the UK. Where data is transferred internationally, we ensure that appropriate safeguards (such as UK International Data Transfer Agreements or Standard Contractual Clauses) are in place to guarantee your data receives an equivalent level of protection as mandated by UK law.
Data Retention Periods
We only store your personal information for as long as necessary to fulfill the purposes we collected it for.
- Order History and Financial Transactions: Retained for a minimum of 6 years following the end of the tax year in which the transaction occurred, to satisfy UK tax and accounting laws.
- Account Profiles: Retained for as long as your customer account remains active or until you request its deletion.
- Inquiries and Contact Records: Retained for up to 2 years to ensure consumer queries regarding orders or product quality are completely resolved under distance selling frameworks.
Cookies and Tracking Technologies
Our website uses cookies to function properly. Unlike standard static informational sites, our e-commerce platform relies on:
Essential/Functional Cookies: Necessary to remember the contents of your shopping cart as you navigate the site, store security variables, and manage user login sessions.
Analytical/Performance Cookies: Allow us to count visits, track traffic sources, and monitor overall store performance anonymously using tools like Google Analytics.
You can configure your browser to block cookies, but please note that disabling essential cookies will prevent the shopping cart and checkout systems from functioning.
Your UK GDPR Legal Rights
As a resident of the United Kingdom, you hold comprehensive rights regarding your personal data:
Right of Access (Subject Access Request): You have the right to request a free copy of all personal data we hold about you.
Right to Rectification: You have the right to correct any inaccurate or incomplete personal information.
Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data, subject to restrictions where we have a overriding legal requirement to retain it (e.g., HMRC tax records).
Right to Restrict or Object to Processing: You can object to our processing of your data under certain circumstances, including direct marketing.
Right to Data Portability: You can request that we transfer your structured data to another provider.
To exercise any of these rights, please contact us at sales@cafemountain.net. We will respond to all valid requests within one calendar month.
Right to Lodge a Complaint
If you believe we have not handled your data legally or transparently, you have the right to lodge a formal complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk