This policy explains what personal data Kibco Coffee Limited ("we", "us") collects when you use kibcocoffee.co.uk, why we collect it, and your rights under UK GDPR.
1. Who we are
Kibco Coffee Limited
170 Caledonian Road, London N1 0SQ
Companies House: 14736977 · VAT: GB483780749
Data controller contact: info@kibcocoffee.co.uk
2. What we collect and why
| Data | Purpose | Lawful basis |
|---|---|---|
| Email, name, phone, password (hashed), marketing opt-in | Run your account, send order updates | Contract |
| Shipping & billing address, order items | Fulfil orders, invoicing, returns | Contract |
| Payment metadata (Stripe transaction IDs only — we never see card numbers) | Process payments, refunds | Contract |
| Contact form submissions (name, email, phone, message) | Reply to your enquiry | Legitimate interest |
| Server logs (IP, user agent, request paths) | Security, abuse prevention, debugging | Legitimate interest |
| Marketing preferences (opt-in) | Send you offers and news, only if you ask | Consent |
3. Who we share it with
We share the minimum data needed to run the shop with these processors:
- Stripe — card payments. We never store card numbers; they go directly to Stripe. Stripe privacy policy.
- Brevo (Sendinblue) — transactional and marketing email. Brevo privacy policy.
- Google Maps — embedded map on the contact page. Loading the page sends Google your IP. Google privacy policy.
- Google reCAPTCHA — when enabled, used to verify the contact form is not a bot.
- IONOS — hosts our servers in the EU/UK.
4. Cookies
We use a small number of cookies. The banner that appears on your first visit lets you accept or reject the optional ones.
- Essential:
sessionid,csrftoken,cart_id,cookie_consent. The site won't work without these. - Optional (analytics): we don't currently use analytics cookies. When we add them we'll only fire them after you accept.
5. How long we keep it
- Account data: while your account is active; deleted within 30 days of a deletion request.
- Order data: 7 years from the order date, to meet HMRC record-keeping requirements.
- Contact form messages: 12 months.
- Server logs: 30 days.
- Marketing data: until you unsubscribe.
6. Your rights
Under UK GDPR you can:
- Ask us what data we hold about you (right of access)
- Correct anything that's wrong (rectification)
- Ask us to delete your data (erasure — subject to legal retention rules above)
- Ask us to limit how we use your data (restriction)
- Get a copy in a machine-readable form (portability)
- Object to processing based on legitimate interest
- Withdraw marketing consent at any time
Email info@kibcocoffee.co.uk and we'll respond within one month. If you're signed in, your account dashboard has a button to request account deletion.
7. Complaints
If you think we've handled your data badly, please email us first so we can fix it. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.
8. Changes to this policy
We'll update this page if anything material changes and update the date at the top.