Your Privacy, Our Priority: Hearthwood Roasters' Commitment to Data Protection

At Hearthwood Roasters, trust is at the heart of everything we do – from sourcing exceptional beans to protecting your personal information. This Privacy Policy outlines how we collect, use, store, and safeguard your data, ensuring transparency and adherence to the highest standards, including UK GDPR.

Abstract depiction of digital security with a coffee bean motif, symbolizing data protection — Ensuring the security of your information with every transaction.

We are dedicated to safeguarding your privacy and handling your personal data responsibly. This policy applies to all interactions you have with Hearthwood Roasters, whether through our website, in our café, or via any other services we provide. We encourage you to read it carefully.

Policy Scope & Contact Information (Click to expand)

This policy details the scope of our data practices and your rights under UK GDPR. For any privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer at info@hearthwoodroasters.co.uk or call us at 01892 700445.

Last Updated: 15th August 2023

Information We Collect & How We Use It

To provide you with the best coffee experience, we collect certain information. This section details what data we collect and the legitimate reasons behind its usage, ensuring your privacy remains paramount.

Personal Information: This includes your name, email address, shipping address, and payment details when you make a purchase, subscribe to our coffee club, or register for a workshop. This data is essential for fulfilling your orders and managing your account.
Transaction Data: Details of your purchases and the products you’ve enjoyed, allowing us to process payments, track orders, and improve our product offerings.
Marketing Preferences: If you opt-in, we use your email to send newsletters, special offers, and updates about Hearthwood Roasters, always with an easy option to unsubscribe.
Website Analytics: We use anonymised data from tools like Google Analytics to understand how visitors interact with our website, helping us enhance user experience. This includes pages visited, time spent, and referral sources, but never identifies you personally.
Legal Basis for Processing: We only process your data once we have a legitimate interest, consent, or contractual necessity. For example, processing your order (contract) or sending you a newsletter (consent).

Illustration of a person interacting with a tablet displaying data privacy icons, coffee beans gently integrated — Our data collection practices are designed for transparency and purpose.

We ensure that all data collected is relevant, limited to what is necessary, and processed fairly and lawfully, always respecting your rights and choices.

Data Sharing & Third-Party Disclosures

Hearthwood Roasters does not sell your personal data. We only share information with trusted third-party service providers who assist us in operating our business and delivering our services, always under strict data protection agreements.

Shipping & Delivery Partners: To dispatch your coffee orders, we share necessary shipping details with reputable courier services.
Payment Processors: Secure payment gateways handle all transaction data. We do not store your full credit card details on our servers.
Email Service Providers: For marketing communications, we use trusted platforms that comply with GDPR to manage our email lists.
Analytics Providers: As mentioned, anonymised data is shared with analytics services to help us understand website performance.
Legal Compliance: We may disclose information if required by law or in response to valid requests by public authorities (e.g., a court order).
Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, under strict conditions to ensure continued data protection.

Interconnected secure digital nodes with coffee beans, symbolizing safe data sharing — Our partners are carefully chosen for their commitment to data security.

All third parties are thoroughly vetted to ensure they meet our stringent data protection and security standards.

Your Rights & Data Control Options

Under UK GDPR, you have significant rights regarding your personal data. Hearthwood Roasters is committed to helping you exercise these rights easily and effectively.

Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
Right to Erasure (Right to Be Forgotten): In certain circumstances, you can request that we delete your personal data.

Right to Data Portability: You can request that we provide your data in a machine-readable format to transfer to another service.
Right to Object: You can object to us processing your data, particularly for direct marketing purposes.
Right to Restrict Processing: You can ask us to limit the way we use your data in certain situations.

To exercise any of these rights, please contact us at info@hearthwoodroasters.co.uk. We aim to respond to all legitimate requests within one month.

Illustration of a hand holding a smartphone with privacy settings, surrounded by coffee elements — Your control over your data is our commitment.

Data Security & Protection Measures

Protecting your data is a core responsibility at Hearthwood Roasters. We implement robust technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal information.

Technical Safeguards: We utilise encryption (SSL/TLS) for data in transit, secure servers, and regular software updates to protect against vulnerabilities.
Access Control: Access to personal data is strictly limited to authorised personnel who require it for their duties, and all staff receive regular data protection training.
Breach Procedures: In the unlikely event of a data breach, we have clear protocols for detection, containment, assessment, and notification to affected individuals and regulatory authorities as required by law.
Regular Audits: Our systems undergo regular vulnerability assessments and penetration testing to identify and address potential security weaknesses proactively.
Payment Security: All online payments are processed via PCI DSS compliant payment gateways, ensuring your payment details are handled securely. We do not store sensitive payment card information.

Stylised abstract image representing data encryption with padlock and network lines over a subtle coffee-toned background — Our commitment to security is foundational to your trust.

We are continuously reviewing and enhancing our security measures to adapt to evolving threats and maintain the highest level of protection for your data.

Privacy Questions & Data Protection Officer Contact

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your data rights, please do not hesitate to contact our dedicated team.

Data Protection Officer: Hearthwood Roasters
Email: info@hearthwoodroasters.co.uk
Phone: 01892 700445
Address: 28 Old Coach Drive, Unit 2, Tunbridge Wells, Kent, TN2 5AF, UK

We encourage you to reach out directly with any concerns. If you are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority for data protection, the Information Commissioner's Office (ICO).