This privacy notice will change from time to time – particularly if we change the way we collect or use your personal information, so do check back here every now and then. It was last updated on 22nd May 2018.
At Coco Bean, we fully understand how important privacy is to every one of our visitors and customers. We collect, use, store and retain your personal data in line with data protection legislation. This privacy notice aims to provide as much information as possible to help you understand how we look after your data, what your legal rights are in relation to that information – and how you can contact us if you have any questions or queries about how we look after your personal information.
How is your Personal Information Used – The Basics
There are a number of ways that your personal information will be collected when you make contact with Coco Bean – mostly though it is so that we can respond to queries you send, or to process orders you have made.
You can contact us through
- Coco Bean website (contact page)
- Our Facebook Page/Facebook Messenger
- Letter (Ruth likes letters)
*We do not take orders through Twitter or Instagram – if you contact us there, we will give you our email details, or direct you to the website. Your details will be deleted from the message section of Twitter/Instagram when we receive your message on those other platforms.
When we receive your message, the details you provide will be kept keep them to answer your query or process your order.
If you purchase from us, these systems are used for processing payments:
- You will be sent an invoice via PayPal
- You may purchase through the website.
If you purchase from us, your order will be posted to you via APC. We do have a contract with them, and how they use your information can be found on their website. https://apc-overnight.com/site-information/privacy-policy/
Coco Bean and Marketing Materials
Coco Bean does not currently have a newsletter or send out any kind of marketing materials, but we may do that in future. If and when that happens, this policy will be updated and will only send that information to those who have specifically asked to receive it. Information sent to us via the website contact form – or any of the methods mentioned above – are currently used only to answer the specific query or process order as applicable.
How your Personal Information is Used – The more technical bits
In this section, we try to explain they type of information we will collect or process, why we do that and how it is done. We can only process your information if we have a “legal basis” for doing that. There are 6 of those listed in the General Data Protection Regulation (GDPR). In this notice, we explain which of these apply in each case.
Here we go:
If you visit our website, we may process data about your use of the site (this is technically called “usage” data”). This would include information like what pages you visit, how long you spend on the site, if you got to our website through a link somewhere else– or how often you visit our website. Our website platform is WordPress. This type of information is gathered to help to continuously improve the website and services. We do not currently have any analytic software or plug-ins attached to the website.
Legal Basis – Legitimate Interest: administration of our website and services. Some usage information is also collected by Facebook – to allow us to see where visitors are based and how they found those pages. We do not have access to the personal information gathered by these though – only the statistics.
Contact and Enquiry Information
We may process information about you to answer your query or process an order. This may include your name, address, email address, postal address and telephone number – depending on what information you provide to us. We will receive this either directly from you for example in an email, FB message or through the contact form on our website. In all cases we receive only the information you choose to provide – and it will be used to correspond with you until your query is resolved. (If correspondence leads to a purchase we will require and process further information – please see the section “Ordering and Purchasing Information”.
Legal Basis – Consent OR the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract OR legitimate interests, in particular, managing relationships with our customers.
Feedback and Other Information That You Send to Us
We may process information you send to us for publication on our website – for example, if you email feedback on an order you have received, we may share this on our website and/or social media platforms. We will always ask you if it is OK to use you personal information in this way.
Legal basis – Consent: if you have sent this information by private communication channels (such as email) then we will ask for your consent to publish this. (NOTE – if you have posted the information on any of our public sites (social media channels) we do not require consent as you have chosen to make this public – and it is therefore exempt from data protection provisions. However, we will endeavour to contact you to check if it may be shared on other social media channels)
Ordering and Purchasing Information
You can order from us in two ways – by contacting us directly through one of our social media channels or our email address – or by making a purchase through the website. If you wish to order through our social media channels you will be asked to provide (through a private message) your email address. This is so that we can generate an invoice, which will be sent via Paypal to the email address you provide.
Paypal will ask you for further contact details – such as your address, and for payment information (credit card or account details). If you order through our website, you do this directly through that site – and will be asked for the same type of information.
Coco Bean does not receive any of your payment account details. We only receive the information we need to complete your order – the most important being your address, so that we can send your purchases to you.
Legal Basis – This processing is necessary for the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract and our legitimate interests, in particular, managing our business appropriately.
We may process any of the personal information mentioned in this policy – where necessary – for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out of court procedure. We may process personal information for the purposes of obtaining or maintaining insurance coverage, or obtaining professional advice in relation to business risk – however, this is unlikely.
Legal Basis – Legitimate Interest: The protection and assertion of our legal rights, your legal rights and the rights of others; the protection of our business against business risk.
We may also process personal information where we are required to do so to comply with any legal obligations to which we are subject – or where it is necessary to protect our vital interests or the vital interests of anyone else. (As specified in relevant legislation).
Is your data transferred outside of the UK or EU?
Coco Bean is based in the UK, and only accesses your information on devices in the UK. The Coco Bean website is hosted here in the UK. However, my email system (Gmail for Business) and the social media platforms are not all based in the UK/EU. This means that the data you provide may be held outside of the UK/EU – but I have made checks to make sure those companies comply are safe to use, and that they also comply with all the relevant information. (This means they either have server in the UK/EU – or they are part of an agreement called the “Privacy Shield”. I’ve included links to the privacy information for each of them at the end of this document.
How long do we keep data
How long we keep you data will depend on why we have it. Mostly – it’s not long – we only keep your data as long as we need to answer your query or process your order. If you are a regular customer, we may keep your address or email information longer, so we don’t need to keep asking you every time – but we will ask if that is OK – and you can ask us to remove your details at any time.
We are required to keep our invoices and details of sales etc – which might include your name and address, and sometimes your email address. This is a requirement – should we need to submit information to HMRC. But like everything else we do – that information is kept safe and secure and accessed only by Coco Bean.
Data Protection legislation is in place to help protect your personal information – and give you control over how it is used. It gives you rights associated with your data, the main ones are listed below. They won’t always apply in every circumstance – but we will explain it to you if you choose to exercise any of your rights.
- Right to access – you can request copies of any information we hold about you
- Right to rectification – If you believe we have any of you details wrong, you can ask us to correct them
- Right to Erasure – You can ask us to delete any information we hold about you. This will apply only when we do not have a legal basis to retain that information.
- Right to Restrict or Object to Processing – this is controlling exactly what data we hold – you can ask us to stop using certain data or stop carrying out certain processes with your data.
- The right to complain to a “Supervisory Authority” – an organisation that oversees Data Protection. This could be the Authority where you live, where you work – or the one for the UK, where we are based, which is the Information Commissioners Office.
As I have already mentioned – where we rely on consent to process your data, you can withdraw that consent at any time.
This website is owned and operated by Ruth Campion-Clement – Baker, who can be contacted through firstname.lastname@example.org – or by using the contact form on our website form. (A postal address can be found on the website also). Ruth is also our data protection officer.
LINKS TO EXTERNAL PRIVACY INFORMATION
Google G Suite for Business – G-Suite
Instagram is owned by Facebook, so you can find information on those same links