Privacy Policy
We are committed to ensuring your privacy is protected. This Privacy Policy sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Privacy Policy carefully. When using our website, this Privacy Policy should be read alongside the website terms and conditions.
1. About Us
This Privacy Policy describes how Trading Post Coffee Roasters (Sussex) Ltd ("we" or "us" or "our") collect and process data about individuals.
For the purpose of the General Data Protection Regulation (2016/679) and the Data Protection Act 2018 (the “Legislation”), the data controller is Trading Post Coffee Roasters (Sussex) Ltd, a company registered in England and Wales with number 10916710. The registered address is The Roastery, 13-14 Sydney Street, Brighton, BN1 4EN.
Our Data Protection Officer can be contacted by emailing accounts@tradingpostcoffee.co.uk, as further detailed below.
2. What Information We Collect and When
We only collect information that we know we will genuinely use and in accordance with the data protection regulations. Throughout this document we refer to Data Protection Legislation means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
We may collect information you provide us. This is information about you that you give us by filling in forms on our website www.tradingpostcoffee.co.uk (our “Site”) or by corresponding with us by phone, e-mail, in our venues or otherwise. It includes information you provide when you register to use our Site, subscribe to our newsletter, register to use our Order & Pay Platform, register to use our Click & Collect Platform, make a reservation at one of our venues, enter a competition, promotion or survey, make a purchase in one of our venues, make a purchase on our Site, apply for a job with us, register for Wi-Fi in our venues and when you report a problem with our website. The information you give us may include your name, address, e-mail address postcode, phone number and birthday.
Information we Collect About You on Our Site
With regard to each of your visits to our Site we automatically collect the following information:
- Information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, date and time zone setting, browser plug-in types and versions, operating system and platform.
- Information collected in accordance with our Cookie Policy.
In addition, we use Google Analytics to help us understand how you use our Site.
Their Privacy Policy can be found here: https://www.google.com/intl/en/policies/privacy
Information we Collect When You Make a Reservation
Our reservation platform is provided by DesignMyNight, part of The Access Group. If you make a reservation, the DesignMyNight terms and conditions will apply. They will send you an automated email message to confirm your reservation details and may send further service emails if there is a change to your reservation. They may also send a service email giving you the opportunity to review your experience so that we can make any necessary improvements.
Their Privacy Policy can be found here: https://www.designmynight.com/privacy-notice
Information we Collect When You Use WIFI in Our Venues
Our guest WIFI service is provided by My Place Connect. If you sign up to use the WIFI in our venues, the My Place Connect terms and conditions will apply.
Their Privacy Policy can be found here: https://myplaceconnect.com/privacy-policy
Information we Collect When You Visit Our Online Shop
Our Online Shop service is provided by Shopify. We will use your data solely for the purposes of processing your order. We will share this information with limited approved suppliers for this purpose, subject to contract.
Their Privacy Policy can be found here: https://www.shopify.com/uk/legal/privacy/customers
Information we Collect When You Use Our Order & Pay Platform (our “O&P Platform”) and our Click & Collect Platform (our “C&C Platform”)
Our O&P Platform and C&C Platform is provided by Goodeats by SumUp POS. When using our O&P Platform and C&C Platform, you may provide us with the following information:
- Your name, contact details (email address and mobile telephone number) and birthday
- Your physical location where you have agreed to it being used for the locator feature on the Platform, or where you allow the Platform to access your location settings.
Payment processing services are provided by Stripe. The Platform will transfer payment detail directly from Stripe to our electronic point of sale system. We will not store your card details on our systems. Your personal and card details will be securely stored by Stripe and used only to administer payment, verification of transactions, refunds, and ease of use in future transactions using the service.
Their Privacy Policy can be found here: https://stripe.com/gb/privacy
Information we Collect When You Use Our Rewards Platform on the Trading Post Coffee Roasters App (our “App”)
Our Rewards Platform is provided by SumUp POS. When using our Rewards Platform and App you may provide us with the following information:
- Your name, contact details (email address and mobile telephone number) and birthday
- Your physical location where a purchase is made against our Rewards Platform.
Information we Receive from Other Sources
This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combined your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
Photography and Video Recordings
As part of our marketing activities, from time to time we may be filming or taking photographs of happy guests enjoying their visits to our venues. When filming or taking photos for a particular campaign, the venue will display a prominent poster to confirm that filming and photos will be taken in the venue. We will ensure that consent is obtained expressly in every case.
Information we Need to Verify your Age and ID
In order to comply with our legal obligations and the terms of our premises licences, we may request a copy of your identification (ID) to verify your age, using ID scanners provided by an approved third party. In which case an image of your ID may be stored and retained securely, in each case for no longer than is necessary, in line with our retention policy.
3. Cookies
Cookies are very useful tools to improve your experience and use of our Site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
Our Site uses cookies to distinguish you from other users of our website. This helps us to provide you with a more personal experience when you browse our website and allows us to resolve any problems and to improve our site.
We use the following cookies:
- Necessary Cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Performance Cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Targeting Cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to remember your preferences and to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Please note that third-parties may also use cookies on our website, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third-party cookies are likely to be performance cookies or targeting cookies.
If you disable cookies, that will mean that your experience of using our Site won’t be to its full potential, as some of the cookies help us to identify and resolve errors or display relevant content.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our Site.
If you have any questions regarding cookies, please email info@tradingpostcoffee.co.uk.
4. Purposes for Which We Will Use Your Personal Data
We will only process your personal data in line with that which is permitted by the Legislation. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data. Typically we will process your data on one of the following bases:
- Consent given (e.g. for obtaining feedback, photos and video recordings for marketing purpose)
- Performance of a contract or an agreement with you (e.g. entry in a competition)
- Necessary for our legitimate interests (e.g use of CCTV)
- Necessary to comply with a legal obligation (e.g. if requested by authority for investigation)
5. How We Use Your Information
We use information held about you in the following ways:
Information you give to us, we will use this information:
- To provide you with the information, products and services that you request from us.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- To provide you with information about goods or services we feel may interest you, where you have consented to us contacting you for the purposes of marketing or other promotional purposes.
- To validate discounts and verify your identify.
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and others.
- To notify you about changes to our service;
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
Photography and video recordings, we will use this information:
- For use on social media and in our marketing. We will ensure that consent is obtained expressly.
Information we collect about you, we will use this information:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure.
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and others.
- To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources, we will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
6. Who We May Share Your Information With
Any member of our group, which means our subsidiaries, holding company and its subsidiaries including, but not limited to, Beachfront Leisure Ltd.
Selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them. Our site may, from time to time, contain links to and from the Sites of our partner networks, advertisers and affiliates. If you follow a link to any of these Sites, please note that these Sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Sites.
Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We may make use of the personal data we have collected from you to enable us to display relevant advertisements. Search engine providers assist us in the improvement and optimisation of our site through the use of analytics. You can opt out of targeted advertising using the following links:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
We will disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may be required to disclose your personal data to the prospective seller or buyer of such business or assets
If Trading Post Coffee Roasters (Sussex) Ltd, or its direct or indirect parent companies, or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies, organisations and law enforcement agencies for the purposes of fraud protection, prevention or detection and credit risk reduction.
7. Keeping Your Data Secure
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we believe are entitled to be there.
- Implementing access controls to our information technology.
- Using appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and venues.
- Carrying out appropriate risk-based diligence and penetration testing on third party processors.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8. Sending Information Outside the UK
Where any transfer outside of the UK occurs, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.
9. How Long We Will Store Your Data
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. For more information, you may contact our DPO.
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept.
10. Your Rights
Under the Legislation you have the right to make certain requests in relation to the personal information that we hold about you. We will not usually make a charge for dealing with these requests. If you wish to exercise these rights at any time, please contact us using the details set out in the "Contact " section.
- You have the right to be informed about the collection and use of your personal data.
- The right of access: You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- The right to rectification: If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
- The right to object: You have the right to ask us not to process your personal data for marketing purposes, in particular where we have used consent as the lawful basis for processing. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by emailing accounts@tradingpostcoffee.co.uk.
- The right to erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons. Right to erasure does not apply in the following scenarios (i) when the lawful basis for processing the data is 'legal obligation'; (ii) For the establishment, exercise or defence of legal claims'.
- The right to restrict processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if our use of the data is unlawful but you do not want us to erase it, (ii) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it, or (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right may only apply to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data for direct marketing purposes: However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. All marketing communications will contain information about how to opt-out and electronic communications will have a direct link to unsubscribe. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Where possible we will endeavour to respond to notifications of withdrawn consent for use of image or film prior to publishing the image or film. It may not be possible to do so after publication.
You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner’s Office website: www.ico.org.uk.
11. Children
Our websites and services are not designed to target children under the age of 16. In compliance with the Children’s Online Privacy Protection Act, we require all children under age thirteen (13) to obtain parental consent to join any of our lists. By accepting this privacy policy you are confirming that you are over 13 years old. All terms of our privacy policy apply to children under 13.
Our venue WIFI services are not designed to be accessed by children under the age of 18. Where children under the age of 18 access our venue WIFI services, personal identifiable information will not be stored, subject to the user selecting that they are under the age of 18.
12. What Happens if Our Business Changes Hands
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the purposes for which it was originally collected by us.
13. Changes to Our Privacy Policy
We will make changes to this privacy policy from time to time. Any updates to the privacy policy in the future will be posted on this page. Please check back to see any updates or changes to our privacy policy.
14. Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to the Data Protection Officer by emailing accounts@tradingpostcoffee.co.uk or by post to The Roastery, 13-14 Sydney Street, Brighton, BN1 4EN.
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they can help you address any concerns. You can access them here: www.ico.org.uk.
CLICK HERE FOR: EMPLOYEE DATA PRIVACY NOTICE