loader image

Privacy Policy

1.0       INTRODUCTION

Cafe 21 are what is known as the ‘Data Controller’ of the personal data that you provide to us.

We collect personal data from our Suppliers which includes name, address, email, phone number and bank account details.

We also collect personal data from our customers which include names, email, phone number and credit card information.

2.0       WHY WE NEED YOUR DATA

Cafe 21 collect and process your personal data so that we can create reservations and process payments for materials ordered and purchased & improve user website experience. We will not collect any personal data from you that we do not need and we go to great lengths to keep your personal data secure.

3.0       WHAT WE DO WITH YOUR DATA

All the personal data is processed within the UK, however, for the purposes of IT hosting and maintenance by certain systems and databases that we use, this information may be located on servers within the European Union.

We do not share your personal data with any one, unless we are required by law to do so.

We have a Data Protection Procedure in place to oversee the effective and secure processing of your personal data.  More information on this is available on request.

4.0       ANALYTICS

To continually improve user experience on our website, we use Google Analytics, a service which records website traffic. Google Analytics does not identify individual users. To opt out of google analytics, go here: https://support.google.com/analytics/answer/181881?hl=en

5.0       COOKIES

Please see our Cookie Policy for more information on the cookies we use.

6.0       HOW LONG WE KEEP YOUR DATA

  1. Customer Phone Numbers for creating reservations – 2 years
  2. Customer Direct Personal Emails for creating reservations & general enquiries – 2 years
  3. Contact Forms (name, email & message) for creating reservations & general enquiries through the website (Through gmail 0Auth2.0 or sendgrid SMTP API) – Ongoing – customers have the right to ask for their data to be deleted at any time.
  4. Comments & Reviews (name, email, website & comment) for social interaction with posts and products on the website – Ongoing – customers have the right to ask for their data to be deleted at any time.
  5. Customer Newsletter Personal Emails to send marketing emails through mailchimp – Ongoing – customers have the right to opt out at any given time.
  6. Customer Credit Card Details to make payments – 7 years
  7. CVs for recruitment of vacant positions – Unsuccessful candidates are deleted. Successful Candidates through till the end of employment.
  8. Employee Personal Information for employment records – up till 1 year after end of employment.
  9. Employee Bank Details to pay employee wages – 7 years
  10. Suppliers Contact Information to contact and order materials – Ongoing during contract period
  11. Suppliers Billing Information to pay invoices – 7 years

7.0        WHAT ARE YOUR RIGHTS

Data  Protection  Regulations and  Laws ensure that Cafe 21 process your personal data robustly and appropriately.  You have the following rights:

  • The right to be informed about the personal data that Cafe 21 processes on you.
  • The right of access to the personal data that Cafe 21 processes on you.
  • The right to rectify your personal data, if it is incorrect/inaccurate or changes.
  • The right to erasure of your personal data, in certain circumstances.
  • The right to restrict processing of your personal data.
  • The right to data portability, in certain circumstances.
  • The right to object to the processing of your personal data when it is based on public or legitimate interest.
  • The right not to be subjected to automated decision making and profiling.
  • The right to withdraw consent at any time.

Where you have consented to Cafe 21 processing your personal data, you have the right to withdraw that consent, at any time, by contacting us (see Section 6.0).

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office: https://ico.org.uk/