Privacy Policy

Privacy Policy

Effective Date: [Insert Date]

At Coffeeplaza.co (“we”, “us”, or “our”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and services.

1. Who We Are

Coffeeplaza.co is an online marketplace facilitating the sale of specialty coffee and related products. Our operations are based in the United Kingdom, but we also serve customers across the European Union.

We act as the Data Controller of your personal data unless otherwise specified.

2. What Personal Data We Collect

We collect and process the following types of personal data:

When You Create an Account or Place an Order:

  • Full name
  • Email address
  • Delivery address
  • Billing address
  • Phone number
  • Payment details (via secure payment processors – not stored by us)

Automatically Through Website Use:

  • IP address
  • Browser type
  • Pages visited and time spent
  • Device information
  • Referring site
  • Cookies and analytics data (see section 6)

For Vendors and Cafés:

  • Business name
  • Contact person
  • VAT or registration number (if applicable)
  • Bank/payment details (for payouts)

3. How We Use Your Information

We use your personal data to:

  • Process and fulfill your orders
  • Communicate with you regarding your order or account
  • Respond to customer service requests
  • Provide a personalized shopping experience
  • Comply with legal and tax obligations
  • Analyze website usage and improve our services
  • Notify you about product updates, blog posts, or marketing offers (only with your consent)

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity – to fulfill your order and manage your account
  • Consent – for email marketing and cookie tracking (where required)
  • Legitimate interests – such as fraud prevention, IT security, and improving our platform
  • Legal obligations – e.g., tax and regulatory compliance

5. How We Share Your Data

We only share your data when necessary and with appropriate safeguards. We may share personal information with:

  • Vendors/Fulfillment Partners: Your name, address, and contact information to ensure delivery of your order.
  • Payment Providers: (e.g., Stripe, PayPal) to securely process your payments.
  • Analytics Providers: Google Analytics to understand website usage (see section 6).
  • Hosting Provider: OVHcloud (servers located in the EU or UK, depending on your location).
  • Legal or Regulatory Authorities: When required to comply with the law or protect our rights.

We do not sell your data to third parties.

6. Cookies and Analytics

We use cookies and similar tracking technologies to enhance your browsing experience.

Google Analytics

We use Google Analytics to collect anonymized data about your interactions with our website. This data helps us improve user experience and monitor performance. Google may store this data on servers in the U.S. or the EU, but is contractually obliged to comply with relevant data protection laws (standard contractual clauses in place).

You may opt out of Google Analytics using tools such as Google Analytics Opt-Out Browser Add-on.

Cookie Consent

Upon first visit, you will be prompted to accept or manage cookie settings in accordance with UK and EU cookie laws.

7. International Data Transfers

Where data is transferred outside the UK or EU (e.g., to Google servers), we ensure such transfers are subject to:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Appropriate safeguards as required by law

8. Data Retention

We retain your data for as long as necessary to fulfill the purposes outlined in this policy:

  • Customer account: until deleted by the user or 5 years of inactivity
  • Order records: 7 years (legal compliance)
  • Marketing consent: until withdrawn

You can request deletion of your data at any time (see section 10).

9. Your Rights (UK & EU Residents)

You have the following rights under UK and EU GDPR:

  • Access – Request a copy of the personal data we hold
  • Rectification – Correct inaccurate data
  • Erasure – Request deletion of your data (“right to be forgotten”)
  • Restriction – Limit how we use your data
  • Portability – Request transfer of your data
  • Objection – Object to certain processing (e.g., direct marketing)
  • Withdraw consent – For any processing based on consent

To exercise these rights, email us at privacy@coffeeplaza.co

10. Security Measures

We implement technical and organizational measures to protect your data, including:

  • HTTPS encryption
  • Access control on admin panels
  • Secure hosting via OVHcloud with GDPR-compliant data centers
  • Regular security audits

11. Third-Party Links

Our site may link to third-party sites (e.g., blog sources, roaster websites). We are not responsible for the privacy practices of those websites.

12. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Effective Date”. We encourage you to review this policy regularly.

13. Contact Us

For any questions or concerns regarding this policy or your data, please contact:

Data Protection Officer

Coffeeplaza.co

Email: info@coffeeplaza.co

Address: 128 City Road, EC1V 2NX, London, UK

United Kingdom