1. Summary of how we use your data and your rights.
We use your data to provide and improve our products and services, including for marketing, research, feedback, and enquiries, and for safety and security purposes. We also use your data when you enter competitions or awards that we organise.
We will use your data to comply with laws and regulations. We use your data to prevent and detect crime, such as fraud.
You have the right to object to some of the processing HatHats carries out. More information about your rights and how to exercise these is set out in the “Your Rights” section of this notice.
When you give consent, you can withdraw that consent at any time, for instance by emailing firstname.lastname@example.org You can also email email@example.com to exercise any other data rights, such as obtaining a copy of your data, correcting, deleting, or restricting how we use your data. Please see “Your Rights” for more information.
You can unsubscribe from marketing communications at any time. To opt-out of direct marketing, including profiling for direct marketing purposes, you can either email firstname.lastname@example.org or unsubscribe from the bottom of any direct emails we sent you.
If you enable location services on the app, or you access the location finder on our sites and your browser settings allow this, your device may identify and alert you to the nearest HatHats Outlet or other destination we are working with closest to your location.
HatHats Coffee Company is part of the Amelix Group of companies, for details of how personal data is shared with the Amelix group, please see the “Data Sharing’ section below.
2. Information we collect from you.
We collect information when you purchase something or use our services or enter our competitions or awards. This includes store visits, using our websites or app, joining our HatHats Reward scheme, or corresponding with us.
We keep the information you give us directly such as contact details (including name, email, address, and telephone number), comments, date of birth, gender, region, frequency of visits, feedback, marketing opinions and competition entries.
- We record and analyse store, web and app visits, details of your purchases and where you take advantage of our promotions.
When you sign up to in-store Wi-Fi and give your personal details to gain access we and the Wi-Fi provider check this number and keep a record of this.
- If there is an incident, we log information about it.
- If you engage with us online via our websites or app, our cookies and similar technologies will capture your IP address, your location, and record how you use the site or app to help improve it and improve your user experience, where your browser settings or permission allows for this.
- If you post information online about us or provide feedback, we keep a record.
- If you contact us directly and complain or give feedback, receive compensation, or enter a competition, we will record details and all related information (including that you provide to us) such as emails, letters, phone calls, date of birth to our product customer information helplines including those operated by third parties as detailed in Section 5 below.
- We use CCTV in our premises for the prevention and detection of crime and for safety and security reasons, this is held under our CCTV policy.
3. Information we receive from third parties.
We receive your information from other people in certain circumstances.
This can happen when:
- Someone buys you an E-Gift. They give your name and email address, so we can send you the E-Gift.
- You participate in market research, such as focus groups or surveys.
We receive some of your personal details from ZenReach to validate your details for unlimited instore Wi-Fi access.
- Members of the Amelix group may help us operate some of our customer information centre services for HatHats branded products and provide us with information that you supply to them – see section 5 for more details.
4. How we use information and the legal basis
We can use your data only if we have a proper reason to do so such as:
To fulfil a contract, we have with you.
When it is in our legitimate interest.
- When you consent to it; or
- To comply with the law.
A legitimate interest is when we have a business or commercial reason to use your data. This involves us assessing when we can rely on our legitimate interests. For more information on this assessment please contact email@example.com
We have set out below how and why we use your personal information and the legal basis we rely on. This is also where we tell you what our legitimate interests are.
When you buy something from us, join our HatHats Rewards scheme, or enter a competition we run, we use your information to fulfil our contract with you.
We take information to communicate with you, check your identity, take payment, and provide products and services, including awarding loyalty points if you are a HatHats Rewards member.
To run our business and pursue our legitimate interests, we use your information.
Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our products and services may interest you, improving our site and apps, and services, developing new products and services, and telling you about them and conducting market research.
Further details of our legitimate interests:
- To run and promote our business, we use your information:
To provide and improve our products and services, including in-store Wi-Fi, HatHats Rewards scheme and HatHats Gift Cards and promotional products, and to respond to you if you contact us.
- To record contact centre communications, including incoming and outgoing calls and emails, for staff training, quality improvement purposes and establishing facts and to deal with concerns or complaints that you may raise.
- When we monitor HatHats websites, social media platforms such as Facebook, Instagram and Twitter and online services including responses to email marketing. If you post comments online or in other media, we capture this information, use it to contact you, and use it to improve our products and services.
- To run competitions and promotions and track which offers seem of interest to you.
- To understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us.
- To send you emails including offers tailored to your perceived preferences where you are a HatHats Rewards member and your preference settings permit this. We record which emails seem to be of interest to you. Based on your purchase history and membership card usage, some HatHats Rewards members may be offered additional loyalty points.
To contact you where you provide us with market research feedback or pass this data to a third-party business partner of ours for panel market research analysis.
To administer and run our organised events, including the Beach Clean for Ice Cream, School holiday activities and clubs as well as school competitions and awards and to promote the awards through the publishing of winner’s details.
To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, including where we are required to do so by law, we:
- Monitor HatHats Rewards accounts and review CCTV, record call centre communications and emails.
- Use other organisations to check the validity of the credit or debit card details you use to pay (for further details see “Data sharing” below).
To comply with law, assess and uphold legal or contractual rights and claims, and for monitoring, auditing, and training on compliance matters:
- We monitor, and record contact centre communications, including incoming and outgoing calls and emails.
- We verify your identity in certain circumstances.
We keep records to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents. If you give us consent, we send you electronic marketing, including promotions and offers, in relation to our products and services if you are a member of our HatHats Rewards scheme and inform you of other outlets that award HatHats Rewards points. HatHats Rewards members can subscribe or unsubscribe from our marketing communications at any time. For instance, preferences can be adjusted in account settings online.
- Through the settings on your device, send you push notifications through the app.
- If you use the store locator in the app or site and enable location services, it may notify you of the nearest HatHats Coffee Outlet or an outlet or business serving HatHats Coffee or an event or promotion we are involved with.
- Use data for other purposes where we explain that purpose when we ask for your consent.
When you give consent, you can withdraw that consent at any time by contacting us, for instance by emailing firstname.lastname@example.org If you do so we can only continue to use your data if another legal basis applies, such as when we are required to do something by law.
Nevertheless, you have an absolute right to opt-out of direct marketing, including profiling for direct marketing purposes, at any time. You can opt-out of marketing by selecting “unsubscribe” in emails or emailing email@example.com
When the law requires us to process your data we will do so.
This can include:
- Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
- When you exercise your rights under data protection legislation, including when you ask to unsubscribe from our marketing communications.
5. Data Sharing
HatHats Coffee is part of the Amelix group of companies. Amelix group companies may process your personal data while assisting us with customer information services, for instance, Amelix Group Services.
Amelix Limited operates the HatHats Coffee Coastal Classroom and event booking customer care line and will handle enquiries and concerns regarding the events we partner with. Details of such enquiries and concerns will be shared with HatHats if there is a specific complaint relating to HatHats that Amelix Limited cannot handle.
For some activities HatHats uses third-party service providers, for instance, Amelix Telecom Limited provides Wi-Fi in our stores. When these service providers need customer data from you, we share information with them, such as whether a correct email address has been entered to access Wi-Fi.
In addition to using the companies as described above, we use third-party providers for the following services:
Wi-Fi(Amelix Telecom/ZenReach Technology)
- Sending promotional offers
- Customer feedback surveys
- Data analysis to enable us to optimise our services (including locations and products) Gift cards (including E-Gifts)
- Loyalty scheme platform
- Payments’ processing to enable you to pay by credit or debit card
- CCTV system provision and maintenance
- Administration of our competitions and awards, for example, our work with the schools and colleges for use of our Coastal Classroom spaces.
If our business is to be integrated with another business or sold, your details would be shared with our advisers and any prospective purchaser’s advisers. Your information could be passed to the new owners. (You will be notified if this happens).
Personal data may be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
6. International transfers
Sometimes we send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein, and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services.
If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards: Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are like what is used within the EEA.
For our service provider in the US, who helps us with internet authentication in some sites and sends some of our visitor feedback surveys, we rely on Privacy Shield. For further details on the mechanisms used please contact firstname.lastname@example.org
7. Cookies and similar technologies
8. Data retention
We keep your data to enable us to fulfil our contract with you or to provide services, whilst you are an active user of our site, app provided by us or a third party with our profile on or HatHats Rewards Scheme, to administer and promote our awards and competitions or where required by law or to protect legal rights.
We always look to keep your data for the minimum time in line with data protection principles and our processes. For example, we keep:
Information on HatHats Rewards members as follows. If you register but do not collect and/or use any points using your card or app within 12 months, your registration points will expire, and we may delete your HatHats Rewards account information at that point. If you do not collect and/or use points for 3 years, we will delete your HatHats Rewards account information.
Personal information related to products and services purchased historically in our online shop for as long as the personal data is required for us to fulfil our contract with you, if required to service any related warranty and for 6 years from performance of our contract with you.
- Records of payment information in line with tax law and audit requirements.
- Customer feedback and correspondence with our customer services teams for up to 2 years afterwards, depending on the nature of the interaction and any applicable law, such as health and safety. This enables us to respond to any questions or complaints.
- Information to maintain records according to rules that apply to us.
If you unsubscribe from marketing communications, we keep a record of this request indefinitely to ensure we do not send you direct marketing again.
We may keep your data for longer if we cannot delete it for legal, regulatory, or technical reasons.
9. Your rights
You have rights over your personal data.
ask for a copy of your information.
ask for information to be corrected.
ask for information to be erased or deleted.
ask for us to limit or restrict processing.
object to us processing your data where we do not have to process the data to meet a contractual or other legal requirement and in relation to processing for direct marketing purposes, including profiling for direct marketing purposes.
- ask us to send you a copy in a structured digital format or ask for us to send it to another party.
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please see Contact Details below. To process a request from you, we may need to confirm your identity to ensure we are accessing the right data. You have a right to complain to an EU data protection authority. This can be where you live, work or where the matter occurred. In the UK, the authority is the Information Commissioner’s Office (the “ICO”).
10. Contact details.
To exercise any of your rights or to withdraw consent you can email: email@example.com
To discuss or change your HatHats Rewards details, including preference settings, please contact Customer Services on 01227 282 902 or email firstname.lastname@example.org
For any queries relating to data protection, please contact HatHats Data Protection Officer by email at email@example.com or write to them at Data Protection Officer, HatHats Coffee Company Limited, 67 John Wilson Business Park, Whitstable, Kent, CT5 3QT We may change or update this notice from time to time. We will communicate these as appropriate – for example, by updating our website or, where legally required, by actively telling you about the changes.
11. Which HatHats Coffee entity is the controller?
The controller for your information is HatHats Coffee Company Limited, 67 John Wilson Business Park, Whitstable, Kent CT5 3QT
HatHats Coffee Company Limited runs the HatHats Rewards scheme within Great Britain.
Some stores using the HatHats brand are licenced venues such as those in some colleges. Licenced venues are all committed to protecting your privacy but, just to be clear, each HatHats licenced venue is an independent business and is responsible for the operation of its own stores and compliance with data protection law.