1 Policy Statement
will handle your personal data securely and in accordance with your rights.
- Espresso Warehouse Limited, a trading division of Matthew Algie & Company Limited
(we, us, our) is a registered data controller
under the terms of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR)
once in force. Details of Matthew Algie & Company Limited's notification to the data protection
regulator may be found in the Information Commissioner’s Office Public Register of Data Controllers
at https://ico.org.uk/ under registration number Z9139291. Our
registered office address is at 16/18 Lawmoor Road, Glasgow, G5 0UL. For details on how to contact
2 General Information
order our products and how we handle your information to ensure that we protect your rights. Please
of espressowarehouse.com (our sites) and/or as a purchaser of our products
your use of our sites and our services.
- By using our sites, registering to use our services, and placing an order for any of our products
3 What information do we collect?
- When you register to use our services and/or our sites or order our products we may ask you to
provide certain contact and payment information such as; your name, address, email address, and
contact number. This may vary depending on whether you are purchasing products from our site for
your personal use, or whether you are purchasing products on behalf of a business customer for use
by a business.
- We may also collect personal information when you contact us to make an enquiry or complaint. If you
purchase with us on a regular basis, we will keep records of your order history (which will also be
available to you).
- We may collect technical information on an ongoing basis about what pages you access or visit, and
information about your use of our sites, for example the pages viewed, the website from which you
- When purchasing products or services on our sites, you will be required to submit your payment
details to Worldpay to complete your transaction. More information about this process can be found
in our terms and conditions. Your personal data will be processed by Worldpay for this purpose and
- We are active on various social media outlets (including Facebook, LinkedIn, Instagram, Pinterest
and Twitter) and we may collect information in any comments or posts that you submit on our social
media pages. Your personal information will be processed by the applicable social media outlet for
information on our social media pages.
- We will not collect any sensitive personal data or special categories of data about you in
connection with your use of our services and/or our sites.
- We may record telephone calls both to and from operation departments. Recorded calls are used for
the purposes of staff training.
4 What do we use your information for?
- We may use your information for the following purposes:
- in the normal course of our business, to allow us to register you to receive our services
and to provide you with our products on the basis that processing is necessary in order to
perform our contract with you to provide our services;
- to allow us to manage your account on the basis that processing is necessary in order to
perform our contract with you to provide our services;
- to allow us to analyse your personal preferences and personalise our services to you on the
basis that processing is in our legitimate interests to optimise our sites;
- to store your data to pre-populate fields to make it easier for you to provide information
when you return to our sites on the basis that processing is in our legitimate interests to
optimize user experiences of our sites;
- whether you are acting on behalf of a business customer or in a personal capacity, we will
use your contact details to get in touch with you about our products and services, on the
basis that processing is in our legitimate interests to promote our products and services.
Where you are acting on behalf of a business customer, such contact may be by way of a
telephone call from one of our sales team and regular email updates, and if you are acting
in a personal capacity, such contact will be by regular email updates. You will be able to
opt-out of such communications at any time by following the unsubscribe link in any of the
emails which we send you;
- to validate your information (and, in some cases, match it against information that has been
collected by a third party) to check that the data we hold about you is accurate, consistent
and up to date on the basis that processing is necessary in order to perform our contract
with you to provide our services;
- to comply with any legal obligations to which we are subject on the basis that processing is
necessary to comply with a legal obligation to which we are subject;
- we may share personal information with other divisions within the Matthew Algie group on the
basis that processing is in our legitimate interests to cross-sell other products and
services provided by other divisions within our corporate group, and to ensure a consistent
- when you contact us via telephone, your call may be recorded, on the basis that processing
is in our legitimate interests to monitor the resolution of queries and to ensure a
consistent customer services approach; and
- where you are acting on behalf of a business customer that is looking to open a credit
account with us, we may run a credit check against the business on the basis that such
processing is in our legitimate interests to ensure that we are not offering credit to a
business that cannot afford such credit. This may involve the processing of personal
information of the individuals in control of the business.
- Please ensure that the personal information associated with your account (whether as a business
customer or a consumer) is kept accurate and up to date. You will have the ability to update your
account online, or alternative you can contact us at the details in section 13 below with your
- The provision of the information marked with an asterisk in the order form is mandatory if you are
to receive our services. Examples include your contact details (so that we can complete and send you
your order) and also confirmation as to whether you are acting on behalf of a business customer or
as a consumer (as different contractual terms will apply). If you fail to provide such data we shall
be unable to provide our services.
- The provision of information in the order form which is not marked with an asterisk is voluntary and
you do not need to provide such information to receive our services if you do not wish too. For
example, if you are acting on behalf of a business customer, we may ask for certain information
about the type of business operated. While the provision of such information is not essential, if
this type of information is not provided, we may not be able to offer you tailored products and
will have the ability to opt-out of the use of these cookies by clicking the appropriate option on
functionality of our site and may make using our sites and purchasing products from our site more
burdensome as, for example, your information will not be pre-populated on certain order forms.
- We strive to provide you with choices regarding certain personal data uses, particularly around
marketing and advertising. We have established the following personal data control mechanisms:
- Promotional offers from us. We may use your Identity, Contact, Technical, Usage and Profile
Data to form a view on what we think you may want or need, or what may be of interest to
you. This is how we decide which products, services and offers may be relevant for you (we
call this marketing).
- You may receive marketing communications from us if you have requested information from us
or purchased goods or services from us or if you provided us with your details when you
attended an event, entered a competition or registered for a promotion and, in each case,
you have not opted out of receiving that marketing
- Third-party marketing. We will obtain your express opt-in consent before we share your
personal data with any company outside the Matthew Algie group of companies for marketing
- Opting out. You can ask us or third parties to stop sending you marketing messages at any
time by logging into your online account and checking or unchecking relevant boxes to adjust
your marketing preferences or by following the opt-out links on any marketing message sent
to you or by contacting us at any time. Where you opt out of
receiving these marketing messages, this will not apply to personal data provided to us as a
result of a product/service purchase, warranty registration, product/service experience or
5 Change of purpose
- We will only use your personal data for the purposes for which we collected it, unless we reasonably
consider that we need to use it for another reason and that reason is compatible with the original
purpose. If you wish to get an explanation as to how the processing for the new purpose is
compatible with the original purpose, please contact us.
- If we need to use your personal data for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to do so.
- Please note that we may process your personal data without your knowledge or consent, in compliance
with the above rules, where this is required or permitted by law.
6 Who do we share your information with?
- As part of using our services, we will share your personal information with the following parties:
- we appoint various service providers and third party partners, who process and store data on
our behalf, for example:
- Our online payment service providers (Worldpay and Heidelpay)
- Our email marketing campaign provider (Campaign Monitor)
- Our CRM provider and database manager (Goldmine and eLeader)
- Microsoft (our IT systems use various Microsoft applications);
- our mailing house service providers, who process personal data on our behalf for
running mail marketing campaigns;
- professional advisors acting as processors including lawyers, bankers, auditors and insurers
who provide consultancy, banking, legal, insurance and accounting services;
- We may also disclose your personal data to our supply and delivery partners, repair and
service providers, insurance company for the purpose of processing and fulfilling your
order. Where such disclosures are made, this will be under contractual arrangements with us
and carried out in accordance with the requirements of the GDPR.
- if you opt in the marketing consent statement to receive information about third party
products and services, trusted third parties whose products, services and other offers we
believe may be of interest to you. You will be able to opt-out of
such communications at any time by following the unsubscribe hyperlink in any of the emails
which we send to you;
- any member of our group, which means Matthew Algie & Company Limited and other companies
which may be added to our group from time to time.
- We may also share your personal information with third parties:
- in the event that we, our business, or substantially all of its assets are acquired by a
third party (in which case personal information about customers will be one of the
- if we are under a duty to disclose or share your personal data in order to comply with any
legal obligation, or in order to enforce or apply any contract with you; or to protect our
rights, property, or safety of our employees, customers, or others. This includes exchanging
information with other companies and organisations for the purposes of fraud protection and
credit risk reduction.
7 How long do we store your personal data for?
- We only store your personal information for as long as necessary for the purposes listed in
- To determine the appropriate retention period for personal data, we consider the amount,
nature, and sensitivity of the personal data, the potential risk of harm from unauthorised
use or disclosure of your personal data, the purposes for which we process your personal
data and whether we can achieve those purposes through other means, and the applicable legal
- We may, instead of destroying or erasing your personal information, make it anonymous such
that it cannot be associated with or tracked back to you. Once you are no longer an
employee, worker or contractor of the company we will retain and securely destroy your
personal information in accordance with applicable laws and regulations.
- If you do not want us to retain your data for this period, please contact us at the details
in section 13 below.
8 What are your rights?
- Access to your personal data: You may request access to a copy of your personal data by
requesting it from us using the contact details below. If you make a request please include
details of any relevant time periods to help us to locate the data which you are requesting.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw your
consent at any time. You can do this by, for example, following the unsubscribe link in any
marketing emails we send you or contact us using the details below.
- Rectification: You may ask us to rectify inaccurate information held about you. If you would
like to update the data we hold about you, please contact us on using the details below and
provide the updated information.
- Erasure: You may ask us to delete your personal data. If you would like us to delete the
personal data we hold about you, please contact us using the details below, specifying which
information you would like us to delete and why.
- Portability: You may ask us to provide you with the personal information that we hold about
you in a structured, commonly used, machine readable form, or ask for us to send such
personal data to another data controller.
- Right to object: You may object to our processing of your personal data pursuant to this
- Make a complaint: You may make a complaint about our data processing activities to a
supervisory authority, for the UK this is the Information Commissioner's Office, at
us at the details in section 13 below.
- No fee usually required
- You will not have to pay a fee to access your personal data (or to exercise any of
the other rights). However, we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply
with your request in these circumstances.
- What we may need from you
- We may need to request specific information from you to help us confirm your
identity and ensure your right to access your personal data (or to exercise any of
your other rights). This is a security measure to ensure that personal data is not
disclosed to any person who has no right to receive it. We may also contact you to
ask you for further information in relation to your request to speed up our
- Time limit to respond
- We try to respond to all legitimate requests within one month. Occasionally it may
take us longer than a month if your request is particularly complex or you have made
a number of requests. In this case, we will notify you and keep you updated.
9 Cookies policy
- A cookie is a small file of letters and numbers that we store on your browser or the hard
drive of your computer if you agree. Cookies contain information that is transferred to your
computer's hard drive.
provide you with a good experience when you browse our site and also allows us to improve
impact on the functionality of our site.
- You can find more information about the individual cookies we use and the purposes for which
we use them in our Cookies Policy.
- Please note that third parties (including, for example, advertising networks and providers
have no control. These cookies are likely to be analytical/performance cookies or targeting
- You can block cookies by activating the setting on your browser that allows you to refuse
the setting of all or some cookies. However, if you use your browser settings to block all
cookies (including essential cookies) you may not be able to access all or parts of our
10 Transfers out of the EEA
- We may transfer your personal data outside of the European Economic Area
(EEA). We shall ensure that any such transfers and processing of personal
data outside the EEA is lawful (for example, we will ensure that any such transfers would
governed by standard contractual clauses approved by the European Commission) and that your
personal data is kept secure in accordance with the GDPR.
11 Security and Data Storage
- We will treat all of your information in the strictest confidence and we will endeavour to
take all reasonable steps to keep your personal information secure once it has been
transferred to our systems. We adopt appropriate data collection, storage and processing
practices and security measures to protect against unauthorised access, alteration,
disclosure or destruction of your personal information, and data stored on the website and
- Your personal data may be stored in the cloud by our IT service providers listed in section
6 above. We take steps to ensure that these third parties implement appropriate technical
and security measures to ensure this information is kept securely.
- Please note that the internet is not a secure medium and we cannot guarantee the security of
any data you disclose online. You accept the inherent security risks of providing
information and dealing online over the internet and will not be held liable for this.
please contact firstname.lastname@example.org