Privacy policy

PRIVACY POLICY

Ozone Coffee Roasters UK Ltd operates ozonecoffee.co.uk. We are the data controller and we are registered with the Information Commissioner's Office (ICO). We are committed to upholding our obligations under applicable data protection laws, including the UK GDPR and the Data Protection Act 2018. This policy sets out how we collect and use the personal data we collect from you, either online through our website or when you visit any of our cafes.

By using our website, you accept this policy and the terms on which we use your personal data. If you do not agree to the terms on which we process your personal data, you must not use our website or order goods from us.

We may update this policy from time to time. The date at the bottom of this policy shows when it was last revised. Please check back regularly to ensure you are aware of how your personal data is being processed at the relevant time.

What data we collect

When you make an online purchase from us, or enter into a subscription with us, we collect your name, billing and delivery address, telephone number and email address in connection with the items you have ordered. If you set up an online account with us, we will also store your password (in encrypted form). If you sign up to receive our email newsletter, we collect your name and email address using third-party software hosted within the UK; access to this database is limited to our staff.

When you visit any of our cafes, we process images of you through our CCTV cameras for the purposes of crime prevention and safety, to protect our staff and property, and to ensure your safety and wellbeing while you are on our premises.

We also collect personal data in connection with your use of our loyalty and rewards/referral schemes, to enable us to administer the scheme and to allow you to use it.

When you correspond with us we collect the contents of your correspondence and any contact details you provide. Where we correspond with you in connection with your order, details of that correspondence will be stored within our help desk software, Zendesk.

Lawful bases for processing

We rely on the following lawful bases under the UK GDPR for processing your personal data:

  • Performance of a contract – to process and fulfil your orders and subscriptions, manage your online account, deliver products to you, handle returns and refunds, and respond to order-related correspondence.
  • Legal obligation – to comply with our obligations under tax, accounting, consumer protection and other applicable laws (for example, retaining order records for HMRC).
  • Legitimate interests – to operate and improve our website, to administer our loyalty and referral schemes, to keep our premises and staff secure (including via CCTV), to detect and prevent fraud, and to send service-related communications. We have considered your rights and interests and are satisfied that these activities do not override them.
  • Consent – to send you marketing communications by email, and to set non-essential cookies (such as analytics and advertising cookies) on your device. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

How we collect your data

We primarily collect your data when you provide it to us – for example when you visit our website or one of our cafes, place an order, sign up for an account, or join our newsletter or loyalty scheme.

Where you buy our products, you provide us with personal data on checkout. All credit and debit card information and other financial information needed to process your order is handled through Shopify, PayPal or Stripe (as shown on the payment page on checkout). Each of these providers processes limited amounts of your personal data, are PCI DSS Level 1 compliant (ensuring encryption of all data they process) and have privacy policies available online. We do not store any credit or debit card details at any time, other than the last 4 digits of your card.

Third parties and data sharing

Our database is hosted in the UK by Shopify (UK) Limited. More information about Shopify's processing is available at https://help.shopify.com/en/manual/your-account/privacy/subprocessors.

In 2024 our database was migrated to our affiliated company, Ozone Coffee Roasters UK Ltd (formerly named "Hasbean"), for technical and operational reasons. Affected customers were notified at the time.

In using our website, your personal data may also be processed by sub-processors of Klaviyo, our email marketing platform, some of which are based in the US. Klaviyo's sub-processor list is available at https://www.klaviyo.com/legal/subprocessors. Any personal data shared with these sub-processors is subject to written, compliant data processing terms and appropriate safeguards.

Personal data such as your name, address, email address and telephone number is provided to our third-party couriers so they can deliver our products to you.

We will never sell your personal information to third parties. Where you have given consent to non-essential cookies (see "Cookies" below), information about your use of our website may be shared with analytics and advertising providers including Google, Microsoft, Meta (Facebook and Instagram) and similar platforms, for the purposes of analytics and targeted advertising.

International transfers

Some of our service providers (including certain Klaviyo sub-processors and analytics/advertising providers) are based outside the UK, including in the US. Where personal data is transferred outside the UK, we ensure that an appropriate safeguard is in place under UK GDPR Article 46 – for example, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to a country covered by UK adequacy regulations.

How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements. The general retention periods we apply are:

  • Order and transaction records: 7 years for tax purposes.
  • Customer accounts: retained while the account is active.
  • Marketing data: until you withdraw consent or, if not used, for 24 months (2 years) of inactivity.
  • Loyalty scheme data: while you are enrolled in the scheme and for a reasonable period afterwards.
  • CCTV footage: 30 days unless required for an investigation.
  • Customer service correspondence (Zendesk): As long as necessary.

Where personal data is no longer needed, we will securely delete or anonymise it.

Keeping your data updated

We provide you with the means to alter and update your personal information at any time through your account, and it is your responsibility to ensure that this information is kept up to date and accurate.

Account security

You are responsible for keeping your account password confidential and for taking reasonable steps to update your password or disable your account if you become aware of any likely security breach. Please contact us as soon as possible if you suspect any unauthorised access to your account, and contact your card provider in parallel where relevant. We use a range of technical and organisational measures to help protect personal data transmitted to or via our website.

We use the following categories of cookies:

  • Strictly necessary cookies – required for the website to function. These include Shopify's operational cookies (such as _shopify_essential, cart_currency, localization and _shopify_test) which remember your basket, your selected currency and region, and allow you to progress to checkout, as well as the cookie that records your cookie consent choices. These do not require consent.
  • Analytics cookies – including Google Analytics (_ga, _ga_*, _gid, _gat_UA-*) and Microsoft Clarity, which help us understand how visitors use the site so we can improve it. These are only set with your consent.
  • Marketing and advertising cookies – including Google Ads (_gcl_au, _gcl_ls) and cookies set by Klaviyo (our email marketing platform), Octane AI (our on-site assistant), Recharge (our subscriptions platform) and Conversion Bear, which help us provide you with relevant offers and personalised content. We may also share information about your use of our website with Meta (Facebook and Instagram) and similar advertising platforms to provide you with targeted advertising of our products. These are only set with your consent.

When you first visit our website you will be shown a cookie banner, allowing you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings link on our website. You can also manage cookies through your browser settings; the ICO provides further guidance at https://ico.org.uk/your-data-matters/online/cookies/.

You can additionally opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

Marketing communications

We will only send you marketing communications by email where you have given your consent. You can withdraw your consent at any time by clicking the "Unsubscribe" link in any marketing email you receive from us, or by contacting us at support@ozonecoffee.co.uk. Withdrawing your consent to marketing will not affect any service-related communications we need to send you about your orders, account or subscriptions.

Children's data

Our website and products are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected personal data from a child, please contact us and we will take steps to delete it.

Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") – to ask us to delete personal data we hold about you, subject to certain exceptions.
  • Right to restrict processing – to ask us to limit how we use your personal data.
  • Right to data portability – to receive a copy of personal data you have provided to us in a structured, commonly used and machine-readable format.
  • Right to object – to object to processing carried out on the basis of legitimate interests, or to direct marketing.
  • Right to withdraw consent – where we rely on your consent to process your personal data, you can withdraw that consent at any time.

To exercise any of these rights, please contact us at support@ozonecoffee.co.uk. We may need to verify your identity before responding. We will respond to your request within one month, although this may be extended by up to two further months for complex or numerous requests, in which case we will let you know within the first month.

Complaints

If you have a concern about how we handle your personal data, please contact us first at support@ozonecoffee.co.uk so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113.

More information about us

ozonecoffee.co.uk is a site operated by Ozone Coffee Roasters UK Ltd. We are a limited company registered in England and Wales with company number 05528500. VAT number GB 833 4134 50. Our trading and registered address is 8 Pritchards Road, London, E2 9AP, United Kingdom (wholesale visitors and cafe customers welcome). Tel: 0207 490 1039.

If you have any concerns about material that appears on our site or how we use your personal data, please contact us at support@ozonecoffee.co.uk.

Date last revised: April 2026