Privacy Policy for Kestrel Cafe
Welcome to Kestrel Cafe. This Privacy Policy describes how Kestrel Cafe collects, uses, and discloses information when you visit our website (our site), use our services, or interact with us. Your privacy is of paramount importance to us, and we are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Information We Collect
We collect various types of information in connection with the services we provide, which include freshly brewed artisan coffees, speciality teas, homemade pastries and cakes, light lunches, catering services, coffee bean sales, and barista workshops:
- Personal Data You Provide Directly: This includes information you provide when you make a purchase, sign up for a barista workshop, subscribe to our newsletter, request catering services, or contact us. This may include your name, email address, phone number, and payment information.
- Transaction Data: Information related to your purchases of products and services from our site, such as details of products/services you have purchased and the date and time of transactions.
- Communication Data: Information from any communication you send to us, whether through the contact form on our website, email, text, social media messaging, or any other communication that you send us.
- Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.
- Usage Data: Information about how you use our website, products, and services. This helps us understand which parts of our site are most interesting and how we can improve our services.
2. How We Use Your Information
We use the information we collect for various purposes, primarily to provide and improve our services, communicate with you, and comply with legal obligations.
- To Provide and Manage Our Services: Fulfilling orders for coffee, teas, pastries, light lunches, facilitating catering services, managing coffee bean sales, and processing registrations for barista workshops.
- To Communicate With You: Responding to your inquiries, providing customer support, sending order confirmations, and providing updates about our services or changes to our policies.
- For Marketing and Promotional Purposes: With your consent, sending you newsletters, special offers, and information about new products or workshops we think you might find interesting. You can opt out of these communications at any time.
- For Internal Business Operations: Analyzing website usage, improving our website and services, conducting market research, and for security and fraud prevention.
- To Comply with Legal Obligations: Including tax, accounting, and anti-money laundering requirements, and to respond to lawful requests by public authorities.
3. Legal Basis for Processing Personal Data
We will only process your personal data where we have a lawful basis to do so under GDPR. This includes:
- Performance of a Contract: When processing is necessary for the performance of a contract to which you are a party (e.g., fulfilling your order for coffee beans or a barista workshop registration).
- Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., improving our services, preventing fraud, direct marketing). We conduct a legitimate interests assessment for any data processing operations relying on this basis.
- Consent: When you have given explicit consent for us to process your personal data for a specific purpose (e.g., subscribing to our marketing emails). You have the right to withdraw your consent at any time.
- Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject (e.g., retaining records for tax purposes).
4. Sharing Your Information
We do not sell your personal data to third parties. We may share your information with:
- Service Providers: Third-party vendors and other service providers that perform services on our behalf, such as payment processing, website analytics, and email delivery. These providers are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.
- Legal Compliance and Protection: When required by law or in response to valid requests by public authorities (e.g., a court order or government agency). Also, to protect our rights, privacy, safety, or property, and that of our employees, customers, or the public.
- Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. Your personal data may be among the assets transferred.
5. International Data Transfers
As Kestrel Cafe operates solely within the UK, we primarily store and process your personal data within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA. In such cases, we ensure that appropriate safeguards are in place (e.g., standard contractual clauses, adequacy decisions) to protect your personal data in accordance with GDPR.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7. Your Data Protection Rights under GDPR
Under GDPR, you have the following rights pertaining to your personal data:
- The right to access: You have the right to request copies of your personal data.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.
If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us using the details provided below.
8. Cookies
Our site uses cookies to enhance your experience. Cookies are small data files placed on your device to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org. We use cookies to understand how you use our website, remember your preferences, and tailor content to your interests. You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
9. Security of Your Data
We have implemented appropriate technical and organizational measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any changes.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your data protection rights, please do not hesitate to contact us at:
Kestrel Cafe
72 Falcon Mews,
Canary Wharf,
London, Greater London,
E14 5AL,
UK
12. Complaints
Should you wish to report a complaint or if you feel that Kestrel Cafe has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.