Your Grind Limited (trading as Pact Coffee) (“Pact”, “us” or “we”) is committed to respecting your privacy and the privacy of every visitor to our website. The information we collect about you will be used to fulfil the required services and enable us to improve how, as a company, we deal with you.
Pact is a “data controller”, this means that we are responsible for deciding what personal information we obtain from you and how we use it. We are registered as a data controller with the Information Commissioner’s Office (ICO) under registration number ZA021349. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Pact.
Should you have a question about the data we store, our contact details are:
A403, The Biscuit Factory, 100 Clement’s Road
London, United Kingdom SE16 4DG
Information we collect about you
The information that we collect about you will only be used lawfully (in accordance with the Data Protection Act 2018 and the General Data Protection Regulation). All data is retained within the United Kingdom or the European Economic Area (EEA) and transferred only to countries outside the EEA where that country has an adequate level of legal protection for personal data or where we use an appropriate safeguard (as provided for by data protection laws) for protecting your personal data when it is transferred. You have the right to ask us for the details of any such safeguard that we use to transfer your personal data to a destination outside the EEA.
Our legal basis for processing your personal data depends on our reasons for processing your data in a particular situation. We use information held about you (and information about others) in the following ways:
- To provide you with our services and to carry out our obligations arising from any contracts entered into between you and us (i.e. for the performance of a contract between us);
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or otherwise where you are an existing customer and you have not opted out of receiving marketing messages about similar products to those you have purchased. Unless you ask us not to, we will provide you with direct marketing by way of email or social media message (i.e. on the basis that you have provided your consent or because it is in our legitimate interests).
- To ensure the content on our website is presented in the most effective manner for you and your computer or mobile device (legitimate interests); and
- To notify you about changes to our service (performance of a contact and/or legitimate interests).
We may collect and process the following data about you:
|Type of information we collect||Reason we collect it||Lawful basis for processing|
|Information that you provide by filling in forms on our website www.pactcoffee.com. This includes information you provide at the time of registering or at any subsequent point. As part of the sign-up process, we’ll ask for you to fill in a form that will tell us your name, email address and phone number. We’ll also ask for your coffee preferences, delivery/billing address and debit/credit card details; Once you’ve signed up, we keep a record of all billings and shipments made to you including the types and grinds of coffee you’ve received.||This helps us troubleshoot if, for example, the coffee gets lost in the post and also helps us recommend new ways for you to enjoy coffee.||We process your personal data for these purposes on the basis that it is necessary for the performance of our contract (information about your order, billing and shipping) with you and also on the basis of legitimate interests i.e. because it is in our legitimate interests as a business to ensure that you receive your order and to let you know about similar products that we think you might be interested in (direct marketing) unless you tell us that you don’t want to receive any marketing messages.|
|Information about Orders, purchases, subscriptions, product queries, complaints (about products, our website, and marketing), career opportunities and partnership opportunities.||If you contact us, we may keep a record of that correspondence.||We process this data on the basis that it is necessary for performance of our contract with you and/or because it is within our legitimate interests to consider and respond to communications from our customers, website visitors and prospective employees/partners.|
|Customer Satisfaction Surveys||We sometimes send Customer Satisfaction Surveys. We use these for our own research purposes although you do not have to respond to them.||We process the data from Customer Satsifaction Surveys because it is within the legitimate interests of our business to monitor our performance, improve our products and services and help to further improve our customer service etc.|
Who we share your personal data with
We may disclose your personal information to any partner of Pact and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets;
- if Pact or substantially all of its assets are acquired by a third party; or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Pact, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
|Who we share your data with||Why we share your data with them||Lawful basis for processing|
|Facebook, other social media websites & Google||Our website uses retargeting services from advertising networks such as Facebook. These networks collect certain information via cookies to determine which web pages are visited. This data is then used to associate your browser with interest and demographic categories, and serve social media and internet ads based on your past visits to this website. Please note that any information collected by Facebook, other social media and advertising networks via cookies is not linked to any personal information that we collect about our customers. We process personal data in this way for the purposes of improving and optimising our advertising campaigns. We upload lists of email addresses to Facebook and Google which are then used by them to find “look-alike” audiences or remove current customers from our advertising campaigns.||Legitimate interests and/or consent|
|Epsilon Abacus||Epsilon Abacus are a business who aggregate data from several other retailers and then find people who will likely be interested in our products. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. We send them our customers’ names, postal addresses and order details, i.e. the date and value of each transaction) so that they can provide us with a list of people who are eligible to receive direct marketing mail by post. We do this because it assists us in the improvement and optimisation of our advertising campaigns.||Legitimate interests and/or consent|
|Royal Mail/parcel delivery partners/operational companies||We use these companies to deliver our orders.||Performance of a contract|
|Reviews.io and Delighted||We use these companies to collect feedback about our service so that we can improve it.||Legitimate interests|
|Affiliate Window||We use this company to assign commission to affiliates. We only pass order id back to Affiliate Window.||Legitimate interests|
|Dotmailer, MailChimp and Mandrill||These companies enable us to send email communications.||Legitimate interests and/or Consent|
|Zendesk||This is our customer service platform which allows us to receive and respond to customer enquiries.||Consent, Performance of a contract and/or Legitimate interests|
|Rais||This is our customer data management platform where we analyse customer shopping behaviour (how many orders they place, total spent with us, marketing permissions, etc).||Legitimate interests|
|YariLabs||This is an IT company who support our website and other business systems.||Legitimate interests|
|Stripe||Online payment processor||Performance of a contract|
|Mention Me||Processing customer email addresses and certain order data for the purposes of:
• Enrolling customers onto our refer-a-friend programme
• Monitoring the programme and safeguarding against gaming or fraudulent use of the programme
• Communicating with customers in connection with operation of the programme and delivery of rewards
• Reporting to Pact on the performance of the programme
|PaperPlanes||help us send direct mail communications to our customers.||Legitimate interests|
|Programmai||Programmai help us analyse customer purchase patterns and upload lists of email addresses to Facebook and Google which are then used by Facebook and Google to find “look-alike” audiences for our advertising campaigns.||Legitimate interests|
How long do we hold your information for?
We will hold the above information for as long as is necessary in order to provide you with our services, deal with any specific issues that may raise or otherwise as is required by law or any relevant regulatory body. Unless otherwise required by law, your data will be stored for a period of 7 years after our last contact with you at which point it will be deleted. Personal data that we process on the basis of your consent will be deleted upon your request unless there is an alternative lawful basis upon which we rely to continue processing the data.
Where we store your personal information
The data we collect from you is stored in the EEA but may be transferred to and stored at a destination outside of the EEA. It may also be processed by staff operating outside of the EEA. However, we will only transfer personal data to a destination outside the EEA if we have a lawful basis for doing so and where we have implemented an appropriate safeguard recognised by the General Data Protection Regulation (GDPR). Your passwords are stored on Pact servers in encrypted form. We do not disclose your account details, postal or email addresses to anyone except when legally required to do so.
Protection of Personal Information
When placing an order, information (such as your name, address and payment card details) that is exchanged between your browser and our website is transferred in encrypted form using Secure Socket Layer (“SSL”) to our payment provider, Stripe.
It is your responsibility to keep your password secure. Once we have received your information, we will use strict procedures and security features to try and prevent any unauthorised access.
We use industry-standard efforts to safeguard the confidentiality of data, including encryption, firewalls and SSL. We have implemented reasonable administrative, technical, and physical security controls to protect against the loss, misuse, or alteration of your data.
We expect the information we hold to be accurate and up to date. You have the right as an individual to find out what information we hold about you and make changes if necessary; you also have the right, assuming we are not obligated or entitled by law to refuse, to ask us to stop using the information. To have your information erased or rectified, please contact firstname.lastname@example.org.
You have the right to object to our processing of your data at any time either via the unsubscribe link included on all emails we send or by contacting us and requesting that processing of your details be restricted or your personal data be erased. Please note however that there may be circumstances where we are unable to agree to such a request because the law prevents us from doing so.
You also have the right to request the transfer of your information to another party in certain circumstances.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that Pact have not complied with the requirements of the GDPR with regard to your personal data. If you have a concern about how we handle your data or you would like to lodge a complaint, you can contact the ICO by the following methods:
Tel: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Changes to this policy