Security & Privacy
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. We appreciate there’s a lot of information here, but we want you to be fully informed about your rights, and how the The Kent & Sussex Tea & Coffee Company uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
2. Defining personal data:
For the purposes of this Privacy Notice, ‘personal data’ means any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether or not the information or opinion is recorded in a material form.
3. Explaining legal bases:
The most recent law on data protection specifies a number of different reasons for which a company may collect and process your personal data, including:
3.1 Consent We can collect and process your data with your consent, such as when you tick a box to sign up to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
3.2 Contractual obligations:
In some cases, we need your personal data to comply with our contractual obligations, such as collecting your address details to pass onto whoever is delivering your order.
3.3 Legal compliance:
We may also need to collect and process your data where the law requires, such as passing on details of people involved in fraud or other criminal activity affecting our business to law enforcement.
3.4 Legitimate interest:
We may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we can combine the shopping history of many customers to identify trends and ensure we can keep up with demand in certain types of product, which is important where specific tea or coffee crops are subject to availability.
4. When we collect data:
- When you visit our website.
- When you create an account with us.
- When you register for an online account and use that to buy products online.
- When you make an online purchase and check out as a guest (where we just collect transaction-based data).
- When you contact us with queries, complaints etc.
- When you enter prize draws or competitions.
- When you engage with us on social media.
- When you choose to complete any surveys we send you.
- When you review our products and service, this is done using an independent company called Feefo.
- When you’ve given a third party permission to share with us the information they hold about you.
- We collect data from publicly-available sources (E.g. Land Registry) when you have given your consent to share information, or where the information is made public as a matter of law.
5. Kinds of data collected:
- For your security, we also employ an SSL Certificate from the world’s leading provider, Geotrust.
- This is what makes the site the more secure ‘https’ rather than ‘http’. In the top left of your browser you’ll often notice a padlock or ‘secure’ marker to indicate this is active.
- This is what secures the login to your account, as well as keeping an encrypted record of your login password if you choose to.
- If you have a web account with us: your name, (title), billing/delivery address, orders and receipts, email and telephone number.
- Details of your visits to our websites, and which site you came from to ours.
- Payment card information, with the last 4 digits held by our acquirer Braintree or PayPal.
- Your comments and product reviews.
- Your image may be recorded on CCTV when you visit our factory shop.
- Your social media username, if you interact with us through those channels, enabling us to respond to your feedback and questions.
6. Cookies: Cookies are tiny text files stored on your computer when you visit certain web pages, which enable us to keep track of what you have in your basket, and to remember you when you return to our site. So what are they and why do we use them? Please note that cookies can't harm your computer, but do help us make any purchases made on our website quicker and easier.
- We require cookies to be enabled to make a purchase from the website, however you can still browse it with them disabled.
- Cookies cannot read any other information stored on your hard drive, or access any other information about you or people who may use your computer; and we don't store personally identifiable information such as credit card details in cookies we create, however we do use encrypted information gathered from them to help improve your experience of the site.
- For example, we can use them to help us to identify and resolve errors and make improvements to our website.
6.1 HOW TO CHECK COOKIES ARE ENABLED ON IOS SAFARI:
- Tap on the 'Settings' application from your home screen.
- Find and tap on the 'Safari' menu item.
- Under the 'Privacy & Security' section tap on the 'Block cookies' menu item.
- Select any option other than 'Always block'.
6.2 HOW TO CHECK COOKIES ARE ENABLED ON ANDROID INTERNET BROWSERS
- Tap on the 'Settings' application from your home screen or under 'Apps'.
- Under the 'Device' section tap on the 'Applications' menu item.
- Find and tap the 'Internet' menu item.
- Find and tap the 'Privacy' menu item. Enable 'Accept cookies'.
7. How do we use data:
We wish for you to have the best possible customer experience, and one way to achieve that is to get the fullest picture we can of who you are by combining the data we have about you.
- The data privacy law allows this as part of our legitimate interest in understanding our customers and providing high levels of service.
- Of course, if you wish to change how we use your data, you’ll find details in the ‘Your rights’ section below.
- It's important to note that if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Here’s how we’ll use your personal data and why:
To process any orders that you make by using our website, if we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
- Your details may need to be passed to a third party to deliver the product that you ordered, where Braintree and/or Paypal may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds.
- To enable us to respond to your queries, refund requests and complaints. We may keep a record of these to inform future communication with us and to demonstrate our communications with you throughout. We do this for both our contractual and legal obligations; plus legitimate interests in providing you with the best service and understanding of how we can improve our service based on your experience.
- To protect both our business and your account from illegal activities. This includes using your personal data to safeguard and maintain your account, and monitoring your browsing activity with us; so as to quickly identify and resolve any problems and protect the integrity of our websites. This is all part of our legitimate interest.
- In payment processing and to prevent any fraudulent transactions. If we discover alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect those we interact with from criminal activity.
- With your consent, we will use your personal data and transaction details to keep you informed by email about relevant products and services including tailored special offers, discounts, promotions, and so on. Of course, you are free to opt out from receiving updates from us such as our newsletter at any time.
- To send you communications required by law or which are necessary to inform you about changes to the services we provide you. Examples include updates to this Privacy Notice and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email. Without your personal data for these purposes, we would be unable to comply with our legal obligations.
- To develop and improve the systems and products we provide for our customers. We’ll do this on the basis of our legitimate business interests.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you feedback requests or surveys by email. Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
8. How we protect data:
- We appreciate how much data security matters to customers. We treat your data very carefully, taking all appropriate steps to protect it.
- We secure access to the transactional areas of our website using ‘https’ technology.
- Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
9. How long do we keep it?
- Whenever we collect or process personal data, we keep it for the minimal time necessary for the purpose for which it was collected.
- At the end of that retention period, your data is either deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
- An example of a customer data retention period is when an order is placed, we’ll keep the personal data you give us for five years; so we can comply with our legal and contractual obligations.
10. Who do we share your data with?⦁ We sometimes share your data with trusted third parties such as delivery couriers, independent review company or to handle cases of fraud or a complaint.
10.1 Here our policy for them to keep your data safe on our behalf:
1. Provide them the minimal data required to complete their specific service.
2. If we stop using their services, have them delete or anonymize any personal data held.
- A suitable example of the type of company we might share data with is an IT support company, to manage our website and business systems.
- We may be required to disclose information to the police or other enforcement, regulatory and governmental bodies upon a valid request to do so, and are carefully considered on a case to case basis to maximise privacy.
- We currently have to distribute and have data processed by: Mailchimp, Feefo, Royal Mail, Yodel and DHL. None of these companies share any information beyond the minimal amount required to complete our specifically requested services.
11. Where is data processed:
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as the USA. 11.1 International orders
- If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to the the UK for storage.
11.2 Protecting your data outside the EEA:
- The EEA includes all EU Member countries plus Iceland, Liechtenstein and Norway. We may transfer personal data collected from you to third-party data processors in countries that are outside the EEA.
- This may be required in order to fulfil your order, process your payment details or provide additional support services
- If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our third party partner contracts stipulate the standards they must follow at all times. If you wish for more information please email our customer service.
- Any transfer of your personal data will take place under the guidelines of applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
12. You have the right to request:
- Access to the personal data we hold about you.
- Any correction of your personal data when incorrect, incomplete or out of date.
- For example, if you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- That we stop using your personal data for direct marketing (via specific, or all channels).
- That we stop any consent-based processing of your personal data, after you withdraw that consent.
- You have the right to request a copy of any information that we hold about you at any time, and also to have that information corrected if inaccurate. To ask for your information, please email or call our customer services.
- To ask for your information to be amended, please update your online account, or contact customer services as above.
- If we choose not to action your request we will explain to you any reasons for our refusal.
12.1 Your right to withdraw consent:
- Whenever you have given us your consent to use your personal data, you have a right to change your mind at any time and withdraw that consent.
12.2 Where we rely on our legitimate interest:
- In cases where we are processing your personal data on the basis of our legitimate interest, you can request us to stop for reasons connected to your individual situation. We must then do so, unless we believe we have a legitimate overriding reason to continue processing your personal data.
12.3 Direct marketing You have the right to stop the use of your personal data for direct marketing activity via selected, or all channels. We must always comply with your request.
12.4 Checking your identity To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. Where a third party has been authorised to submit a request on your behalf, we will ask them to prove they have your permission to act.
13. How can you stop the use of your data for direct marketing? There are several ways you can stop direct marketing communications from us: Click the ‘unsubscribe’ link in any email communication that we send you.
14. Write to: The Kent & Sussex Tea & Coffee Company Pivington Mill, Egerton Road Pluckley Ashford Kent TN27 0PG UK Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
15. Contacting the Regulator: If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
- Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites)
- If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.
16. If you live outside the UK 1
6.1 For all non-UK customers:
- Using our services or providing your personal data to us equates to express consent to the processing of your personal data by us, or on our behalf. You have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
- Sometimes we’ll need to transfer your personal data between countries, to enable us to supply the goods requested. We may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.
- In dealing with us you give your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence; for our ordinary business purposes.
- We’ll ensure that reasonable steps are taken in order to prevent third parties outside your country of residence from using your personal data in any way not set out in this Privacy Notice; and make sure we adequately protect the confidentiality and privacy of your personal data.
- If you are in Australia you may submit any queries to our UK-based customer services, who will come back to you within 30 days.
- If we have not come back to you within 30 days, or you are not happy with the response that you’ve received, you may submit a complaint to the Office of the Australian Information Commissioner.
- (https://www.oaic.gov.au/) (opens in a new window; please note we can't be responsible for the content of external websites.)
- If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada, ) or in some Canadian provinces, your local Privacy Commissioner.
- (https://www.priv.gc.ca/en/) (opens in a new window; please note we can't be responsible for the content of external websites.)
16.4 South Korea, Malaysia, Singapore, Qatar:
- Terms used in this Privacy Notice shall have the meanings assigned to them by the Personal Data Protection Act 2010 (also known as the PDPA).
17. Liability We are committed to keeping your personal information secure and will take all reasonable precautions to protect it from loss, misuse or unauthorised access or alteration. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information. Nothing in this Privacy Notice restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Competition and Consumer Act 2010 (Cth)