Privacy Policy for Tiki Tonga

This Privacy Policy explains how Tiki Tonga Coffee Limited ("Tiki Tonga Coffee", "we", "us", or "our") collects, uses, stores, and protects your personal information when you visit www.tikitonga.co.uk, make a purchase, or interact with us in any way.

We are committed to complying fully with the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and the Data Protection Act 2018.

By using our website, you agree to the practices described in this Privacy Policy.

1. Who We Are (Data Controller)

Tiki Tonga Coffee Limited is the "data controller," meaning we are responsible for deciding how personal data is processed.

2. What Personal Data We Collect

We collect information to provide our services, improve your experience, fulfil orders, and comply with legal obligations.

2.1 Information You Provide Directly

• Name
• Billing address and delivery address
• Email address
• Phone number
• Payment information (processed securely by third-party payment providers; we do not store full card details)
• Account login details (if you create an account)
• Communication history (emails, enquiries, support requests)

2.2 Information We Automatically Collect

• IP address
• Device and browser type
• Cookies and tracking technologies
• Shopping behaviour (pages viewed, products added to cart, duration of session)

2.3 Information from Third Parties

• Payment processors (e.g., Stripe, PayPal, Shopify Payments)
• Analytics providers
• Delivery companies

3. How We Use Your Personal Data

We process personal data only when allowed under the GDPR. This includes:

To fulfil your orders (Contractual necessity)

• Processing payments
• Delivering products
• Sending order confirmations and delivery updates

To manage your account (Contractual necessity)

• Allowing logins
• Saving preferences

For customer support (Legitimate interest)

• Responding to enquiries
• Resolving issues

For marketing communications (Consent or legitimate interest)

• Sending updates, special offers, and newsletters
• You can unsubscribe at any time

To improve website performance (Legitimate interest)

• Analytics
• Personalised content

To comply with legal obligations (Legal requirement)

• Tax, accounting, fraud prevention

4. Legal Bases for Processing (GDPR)

We rely on the following lawful grounds:

• Contractual necessity
• Legal obligation
• Legitimate interests
• Consent (for marketing cookies and newsletter signup)

5. How We Share Your Data

We only share personal data with trusted third parties when necessary. These include:

Service Providers

• Payment processors
• Shopify (e-commerce platform)
• Delivery and fulfilment partners
• Email marketing platforms
• IT and security providers

Legal & Regulatory Authorities

• When required by law or to protect our rights

We never sell personal data.

6. International Data Transfers

Because our systems and partners (including Shopify) may operate globally, your data may be transferred outside the UK/EU.

When we transfer data internationally, we ensure GDPR compliance by using:

• Adequacy decisions
• Standard Contractual Clauses (SCCs)
• Additional safeguards recommended by regulators

7. Data Retention

We keep personal data only as long as needed for the purposes described above.

Typical retention periods:

• Orders: 6 years (for tax/legal requirements)
• Account data: As long as your account remains active
• Marketing data: Until you unsubscribe or request deletion
• Analytics data: As per cookie settings

8. Your Data Protection Rights

Under the UK and EU GDPR, you have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your data ("right to be forgotten")
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the UK ICO

To exercise your rights, contact us at:
Email: brad@tikitonga.co.uk

9. Cookies & Tracking

We use cookies for:

• Essential site functions
• Analytics
• Performance
• Personalisation
• Advertising (with consent)

You can manage cookie preferences through our cookie banner.

10. Marketing Communications

We only send marketing emails if:

• You have opted in, or
• You are an existing customer and it is permitted under UK law

You can unsubscribe at any time using the link in the email.

11. How We Protect Your Data

We use appropriate technical and organisational measures, including:

• Encryption
• Secure access controls
• Firewalls
• Regular security audits
• Staff confidentiality training

While no system is 100% secure, we work continuously to maintain high levels of protection.

12. Children's Privacy

Our website is not intended for individuals under 13. We do not knowingly collect data about children.

13. Changes to This Privacy Policy

We may update this policy from time to time. Changes will be posted on our website with a new "Last Updated" date.

14. Contact Us