Quiet Harbor Cafe

Privacy Policy

Last updated: [insert date]

  1. Introduction Quiet Harbor Cafe ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our cafe, use our website, interact with us on social media, or otherwise communicate with us in England.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

  1. Who we are Quiet Harbor Cafe is a coffee shop located in England. We provide food and beverage services on-site and may offer related services such as online information about our menu, events, and contact options.

  2. Information we may collect We may collect and process the following categories of personal data:

3.1 Information you provide to us

  • Contact details (e.g., name, email address, phone number)
  • Communication details (content of emails, messages sent via contact forms or social media)
  • Reservation or booking details (if applicable)
  • Feedback and reviews
  • Information provided when entering competitions, promotions, or surveys

3.2 Information collected automatically When you visit our website, certain data may be collected automatically, such as:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Date, time, and length of your visit
  • Pages viewed and referring website This information is typically collected using cookies and similar technologies (see Section 8).

3.3 In-person information When you visit our physical cafe, we may collect:

  • CCTV footage for security and safety (where in use and clearly signposted)
  • Information about your purchases (e.g., items bought, payment method – but not full card details)

  1. Legal bases for processing (UK GDPR) We process your personal data under the UK General Data Protection Regulation (UK GDPR) and related UK data protection laws based on one or more of the following legal grounds:

    • Consent: when you have given clear consent (e.g., to receive marketing emails).
    • Contract: when processing is necessary for a contract with you or to take steps at your request before entering into a contract (e.g., reservations or special orders).
    • Legal obligation: when we must comply with a legal or regulatory requirement (e.g., tax, accounting, or health and safety obligations).
    • Legitimate interests: when processing is necessary for our legitimate business interests and your interests and fundamental rights do not override those interests (e.g., security, service improvement).

  2. How we use your information We may use your personal information for the following purposes:

    • To provide our services, including managing reservations, orders, and customer requests.
    • To respond to your enquiries and communicate with you.
    • To manage and improve our website, offerings, and customer experience.
    • To send you marketing communications (where permitted by law and with your consent when required).
    • To manage competitions, promotions, or surveys.
    • For security and fraud prevention, including the use of CCTV (where in use).
    • To comply with legal obligations and respond to requests from public authorities.

  3. Marketing communications We may send you marketing messages about our cafe, products, offers, and events when you have:

    • Subscribed to our mailing list; or
    • Otherwise given your consent; or
    • Where we are otherwise permitted under applicable law (for example, where you are an existing customer and we provide an easy way to opt out).

You can opt out of marketing communications at any time by following the unsubscribe instructions in our emails or by contacting us directly. Opting out does not affect the lawfulness of processing before your withdrawal.

  1. Sharing your information We do not sell your personal data. We may share your personal information with:

    • Service providers who help us operate our business (for example, website hosting, email services, payment processors). These providers are required to protect your data and use it only in accordance with our instructions.
    • Professional advisers (such as lawyers, accountants, or IT consultants) where necessary.
    • Law enforcement agencies, regulators, or other authorities when we are legally required or permitted to do so.
    • Potential buyers or business partners in connection with a business transfer, merger, or reorganisation, subject to appropriate safeguards.

  2. Cookies and similar technologies Our website may use cookies and similar technologies to:

    • Enable core site functionality.
    • Understand how visitors use our site.
    • Improve performance and user experience.

Depending on UK law and best practices, we may display a cookie banner or settings tool when you first visit our site, allowing you to accept or manage your cookie preferences (except for strictly necessary cookies). You can also control cookies through your browser settings, but disabling some cookies may affect how the website functions.

  1. International transfers Where we use service providers or platforms that are located outside the UK (or that store data in other countries), your personal data may be transferred internationally.

In such cases, we will ensure that appropriate safeguards are in place, such as:

  • An adequacy decision by the UK government; or
  • Standard contractual clauses or equivalent legal mechanisms; or
  • Other safeguards as required by UK data protection law.
  1. Data retention We keep your personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to:
    • Provide our services.
    • Comply with legal, accounting, or reporting requirements.
    • Resolve disputes and enforce agreements.

Retention periods may vary depending on the type of data and applicable legal requirements. When data is no longer needed, we will delete it or anonymise it in a secure manner.

  1. Security We take appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

  2. Your rights (under UK data protection law) Subject to certain conditions and exceptions, you have the following rights regarding your personal data:

    • Right of access: to obtain a copy of your personal data we hold about you.
    • Right to rectification: to request correction of inaccurate or incomplete data.
    • Right to erasure: to request deletion of your personal data in certain circumstances.
    • Right to restrict processing: to request limits on how we use your data.
    • Right to data portability: to request your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another organisation.
    • Right to object: to object to certain processing, including direct marketing, based on our legitimate interests.
    • Rights in relation to automated decision-making and profiling: we currently do not use your data for automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the contact details set out below. We may need to verify your identity before responding to your request.

  1. Children’s privacy Our services are primarily intended for adults. We do not knowingly collect personal data from children under 13 years of age. If you believe that a child has provided us with personal information without appropriate consent, please contact us so that we can delete the information.

  2. Third-party links Our website or social media pages may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing any personal data.

  3. Changes to this Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other reasons. The most current version will always be available on our website. Please review this Policy periodically. Your continued use of our services after changes are posted will be deemed acceptance of those changes.

  4. Contact us If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, you can contact us at:

Quiet Harbor Cafe [Insert postal address] [Insert email address] [Insert telephone number]

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data. However, we would appreciate the chance to address your concerns before you approach the ICO, so please contact us first if possible.

We respect your privacy at Quiet Harbor Cafe

Our website uses cookies and similar technologies to provide core functionality, remember your preferences, and understand how visitors use our pages. We collect only the minimum amount of data needed to improve your experience and never sell your information to third parties. You can change or withdraw your consent at any time. For full details about what we collect, how we store it, and your rights under UK data protection law, please read our Privacy Policy. Open full Privacy Policy