We collect and process only the data that is required to allow us to provide our services to you. Your payment data is collected securely by our payment providers, PayPal, Sage Pay and Amazon Pay, we do not have access to any of this information on the Beach Cafe website.
We collect and process your personal data for the following purposes:
1. We process the personal data required to complete and despatch your purchase, including;
- your name
- billing address
- delivery address
- payment details
- contact telephone number
- email address.
In addition, we forward your payment details to the payment service provider selected by you.
We forward your address details to the shipping logistics service provider to carry out shipping.
We collect your email address in order to send you confirmation of your order; we collect your contact telephone number so that we can contact you if there are any issues with your order.
2. For marketing purposes such as product information, competitions, promotions, or marketing events, etc. We also collect your email address when you sign up to receive our newsletter. You can unsubscribe to our newsletter by emailing email@example.com or clicking the unsubscribe button in the email.
3. To enhance your experience of our website, including placing and holding items in your shopping bag and using services such as Wish Lists;
4. To improve the performance of our website. For more information see the information listed under ‘Cookies’ below.
5. To allow our Customer Service Team to help you with queries. If you contact our Customer Services Team, you may be asked for additional information in order for them to help with any queries you have relating to your order.
COOKIES & SOCIAL MEDIA
After activation, the plugins also collect personal data such as your IP address and send it to the servers of the respective provider where it is stored. In addition, activated social plugins set a cookie with a unique identifier when loading the relevant website. This also allows providers to create profiles of your usage behaviour. The data will be used to show you personalized advertising, as well as for market and opinion research purposes.
Data transfer is independent of whether you have an account with the plugin provider and are logged in there. If you are logged in with the plugin provider, your data collected with us will be assigned to your existing account with the plugin provider.
We have integrated the plugins of the following providers on our website:
- Facebook (Facebook Inc., USA, Data protection declaration: http://www.facebook.com/policy.php)
- Pinterest (Pinterest Inc., USA; Data protection declaration: http://de.about.pinterest.com/privacy/)
Will my usage data be processed for website optimization and usage-based online advertising?
Cookies are small text files that are placed on your computer when you visit our website and allow your browser to be reassigned. Cookies store information such as your language setting, the duration of your visit to our website or the information you enter there. This avoids the need to re-enter all necessary data for each use. Cookies also enable us to recognize your preferences and to tailor our website to your interests.
Most browsers automatically accept cookies. If you want to prevent cookies from being saved, select “do not accept cookies” in the browser settings. You can find out how this works in detail from your browser provider’s instructions. You can delete cookies that are already stored on your computer at any time. However, we would like to point out that our website may only be of limited use without cookies. Alternatively, you can prevent the collection and forwarding of your data (particularly your IP address) and the processing of this data by deactivating the execution of Java Script in your browser or by installing a tool such as “NoScript.”
We would like to explain some of the services in more detail below:
Our website uses Google Analytics, a service of Google Inc., USA (“Google”). Google Analytics enables us to evaluate your website use in order to compile analyses of website activity and make use of other services associated with website and Internet use.
In addition, you can prevent Google from collecting data by downloading and installing the browser add-on. By clicking the following link, an opt-out cookie is set that will prevent the future collection of your data when you visit this website: Disabling Google Analytics.
We also use the Google Conversion Tracking service as part of Google Analytics. This enables us to record the behavior of our website visitors. For example, we are shown how often the contact form has been filled in. We also see how many clicks on advertisements from external sources (AdWords, LinkedIn, Xing, Bing) have led to our website.
Facebook Custom Audience Pixel
This website uses Custom Audience Pixel, a service of Facebook Inc., USA. Custom Audience Pixel is a Java script code that we have integrated into each of our web pages. We use custom audience pixels to collect information about the way visitors use our website. This pixel collects and reports Facebook information about the user’s browser session, a hashed version of the Facebook ID and the URL being viewed. Each Facebook user has a unique and device-independent Facebook ID that enables us to address and recognize users across multiple devices on the social network Facebook so that we can reach our visitors again for advertising purposes through Facebook ads. After 180 days, the user information will be deleted until the user returns to our website. Therefore, no personal information about the individual website visitors is disclosed to Beach Cafe and website customer target audiences can only be specifically advertised to as soon as they have reached a significant mass in terms of numbers.
Facebook Audience Building
This activity is carried out on the basis that marketing Beach Cafe is a legitimate interest of our business and you have the right to object to this activity as outlined above.
Will my data be transmitted to third parties?
In order for Beach Cafe to process your data according to the purposes described above, it may be necessary for other recipients to also be able to view and process your data.
Will my data be processed outside the EU/EEA and how is data protection ensured?
It is important to us to process your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA, for example, Experian use a data sub-processor in India. In these cases, we ensure that an appropriate level of data protection is established prior to the transfer of your personal data. This means that a level of data protection comparable to the standards within the EU is achieved using EU standard contracts or an adequacy resolution such as the EU Privacy Shield. If you would like a copy of the EU standard contracts used, please contact us using the contact details above.
How long will my data be stored?
We delete personal data as soon as the purpose of storage no longer applies and legal retention periods do not preclude deletion.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
At Beach Cafe, we usually delete data as follows:
- Job applicant data: no later than six months after receipt of application
- Contact requests: after processing the request
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What rights do I have and how can I assert them?
Every customer or any other person affected by data processing has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art.18 GDPR, the right to objection according to Art. 21 GDPR and the right to data transferability according to Art. 20 GDPR.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that revocation will only take effect for the future. Processing that took place before the revocation is not affected.
You can submit your objection by email (firstname.lastname@example.org), or in writing (Data Protection, Beach Café, 332 Ladbroke Grove, London, W10 5AD.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us under www.beachcafe.com in the first instance.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
You can ask us or third parties to stop sending you marketing messages by contacting us at any time, or by adjusting your communication preferences via Account Settings on our website. If you no longer wish to receive our email communications, you can unsubscribe at any time by clicking on the unsubscribe link at the end of each newsletter.
WEBSITE PAYMENT SECURITY
All payment details are held securely with your chosen payment provider, Beach Cafe do not have any direct access to payment details. We accept payments securely through Sage Pay using Visa, MasterCard, Maestro and American Express cards. Payments can also be made through PayPal & Amazon Pay, who collect payment data on our behalf.
To ensure your shopping experience with us is simple and safe, Beach Cafe uses multiple measures to safeguard encrypted transmission of personal data.
Secure Socket Layer (SSL) technology, provides a safe transmission of personal data, including card and account information. You will see a padlock in the address bar at the top of your browser and by clicking this you can find out more.
3-D Secure Programs are security systems developed by Visa and Mastercard to ensure that only the registered card holder and the registered online retailer are involved in the transaction. If you are a member of the 3-D Secure Program, a pop-up will appear on your screen asking you to enter your password when making a purchase online. This window is linked to your bank and requires you to enter your SecureCode (a password that you have previously selected). Transactions can only be made by entering the correct password. Please contact your bank for more information and to inquire whether your credit card is registered for a 3-D Secure Program.
Beach Cafe is registered with Trust Wave as an authentic and safe site, confirming that we comply with their quality standards and ensure your information is safe and private whilst in transit from your web browser to our web server.