Privacy Policy

1. Who we are

● Controller: Coffee Kick Collective Ltd (company no. 16706415)

● Owner / data contact: Georgia Rooney

● Website: coffeekickcollective.com

● Contact email for privacy queries: coffeekickco@gmail.com

● Governing law: England & Wales

2. What this policy covers

This policy explains how we collect, use, store and share personal data when you use our website or contact us (for example via the contact form). It also explains your rights and how to exercise them.

3. Personal data we collect

We only collect the information you provide through our contact form, such as:

● name

● email address

● organisation

● any message content you provide

4. We may also collect basic technical information automatically, such as:

● IP address

● browser type and version

● basic website usage data (server logs, pages visited)

5. We do not collect special category data or knowingly collect data from children.

6. How and why we use your data (purposes and legal bases)

● To respond to contact enquiries and communicate with you about potential work: lawful basis, legitimate interests (to run our business and correspond with enquirers), or performance of a contract if you engage our services.

● To keep a record of enquiries and communications: lawful basis, legitimate interests (business records, customer relationship management).

● To administer and secure the website (server logs, basic analytics): lawful basis, legitimate interests (website security, performance).

● If you explicitly opt in to receive marketing (we do not send marketing by default), lawful basis, consent.

7. Cookies and tracking

We use basic cookies required for the site to function and for simple analytics to help improve the site. These are limited and do not track you across unrelated sites. If we add additional tracking or marketing cookies in future we will notify you and obtain consent where required.

8. Sharing and disclosure

We do not sell personal data. We may share personal data with:

● Service providers who help run the website or process communications (e.g., hosting providers, email services). They act as processors and are contractually required to protect your data.

● If required by law or to respond to legal claims.

We do not currently transfer personal data outside the UK. If that changes we will put appropriate safeguards in place.

9. Data retention

We keep contact form data and related correspondence for 12 months from last contact, unless you become a client or we need to retain records for longer for legal reasons. This retention period is reasonable for business and administration purposes; if you prefer we can delete your data sooner - contact us to request that.

10. Security

We use appropriate technical and organisational measures to protect personal data (secure hosting, access controls, backups). No system is guaranteed 100% secure; if a breach affecting your data occurs we will notify you and the ICO where required.

11. Your rights

Depending on the circumstances you have the right to:

● access the personal data we hold about you

● request correction of inaccurate data

● request deletion (right to be forgotten)

● request restriction of processing

● object to processing (including for legitimate interests)

● request portability of data you provided

● withdraw consent (where processing is based on consent)

To exercise any right, contact coffeekickco@gmail.com. We will respond within one month (longer in complex cases, with explanation).

12. Complaints

If you are unhappy with how we handle your data you can complain to us first at coffeekickco@gmail.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.

13. Changes to this policy

We may update this policy from time to time. The latest version will be posted on the website with the “Last updated” date.