Privacy Policy for Umbra Bean

This Privacy Policy describes how Umbra Bean collects, uses, and protects your personal data when you visit our site, use our online platform, or interact with us in connection with our coffee shop services. We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Who We Are

Umbra Bean is a coffee shop offering freshly brewed coffee, artisanal pastries, light snacks, evening drinks, and live soft music. We are located at Millbank Road, UK, BT36 7PG, UK. Our website serves to showcase our offerings, provide menu details, and facilitate online orders and reservations. We are the data controller responsible for your personal data.

2. Information We Collect

We may collect and process various types of personal data about you, depending on your interactions with our site and services:

• Identity Data: Includes first name, last name, title.
• Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.
• Usage Data: Includes information about how you use our site, products, and services.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

3. How We Collect Your Data

We use different methods to collect data from and about you, including through:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
  • Apply for our products or services;
  • Create an account on our site;
  • Subscribe to our service or publications;
  • Request marketing to be sent to you;
  • Enter a competition, promotion, or survey; or
  • Give us feedback or contact us.
• Automated technologies or interactions: As you interact with our site, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy for details.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources.

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To perform the contract we are about to enter into or have entered into with you (e.g., processing your online orders or reservations).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our services, marketing).
• Where we need to comply with a legal or regulatory obligation.
• Where you have given your explicit consent.

We use your personal data for purposes including:

• Processing and delivering your orders and reservations.
• Managing our relationship with you, including notifying you about changes to our terms or privacy policy.
• Enabling you to participate in promotions, competitions, or surveys.
• Administering and protecting our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
• Delivering relevant website content and advertisements to you and measuring or understanding the effectiveness of the advertising we serve to you.
• Using data analytics to improve our website, products/services, marketing, customer relationships, and experiences.

5. Marketing Communications

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.

6. Disclosure of Your Personal Data

We may share your personal data with the parties set out below for the purposes stated above:

• Internal Third Parties: Other companies within our group acting as joint controllers or processors.
• External Third Parties: Service providers acting as processors who provide IT and system administration services, payment processing, delivery services, etc.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers.
• HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. International Transfers

We do not typically transfer your personal data outside the European Economic Area (EEA). If we do, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax purposes.

10. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at our postal address.

11. Contact Details

If you have any questions about this privacy policy or our privacy practices, please contact us at:

Umbra Bean

Millbank Road,

UK, BT36 7PG, UK

Phone: +447700159846

12. Changes to the Privacy Policy

We keep our privacy policy under regular review. This version was last updated on 20th January 2024. Please check back regularly for updates.