Privacy Policy

Effective date: 25th May 2018

First Person Ltd, trading as Ecoffee Cup is a retail business specialising in the creation and sale of eco-friendly drinking cups.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you.  You may opt out of receiving any, or all, of these communications by following the unsubscribe link or instructions provided in any email we send.

Use of Data

Ecoffee Cup uses the collected data for various purposes:

  • To provide and maintain our business
  • To notify you about changes to our business
  • To allow you to participate in interactive features of our business when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our website
  • To monitor the usage of our website
  • To detect, prevent and address technical issues
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Lawful Basis for Processing Customers’ Personal Data Under General Data Protection Regulation (GDPR)

Our lawful basis for processing your personal data is under Article 6(1)(f): legitimate interests: the processing is necessary for ECoffee Cup’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

Retention of Data

Ecoffee Cup will retain your data only for as long as is necessary for the purposes set out in this privacy policy, in line with our internal retention policy.  We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Who we share information with:

We will not share your information with any third parties UNLESS

  • it is necessary in the performance of our contractual obligation to you;
  • they are a third party data processor acting on our instruction;
  • Under certain circumstances, Ecoffee Cup may be required to disclose your data if required to do so by law or in response to verified requests by public authorities (e.g. a court or a government agency).

Security of Data

Ecoffee Cup stores your data in servers based in the UK.  We take all precautions to ensure that your data is treated securely and in accordance with this privacy policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Employees

Ecoffee Cup is the data controller for the information you provide during the employment and application process unless otherwise stated.  If you have any queries about the process or how we handle your information please contact us.

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.  The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application.  We will use the other information you provide to assess your suitability for the role you have applied for.

Speculative Applications

We sometimes receive speculative applications.  When these are received, if there is no suitable vacancy at that time we keep them in our system for 24 months at which point we will redact the information but keep the contact information on our database until such time as you opt out.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment.  You don’t have to provide what we ask for but it might affect your application if you don’t.

Advertised positions

We ask you to send us a current CV and a covering letter which will include your personal details including name and contact details, as well as your previous experience, education, referees and any other information relevant to the role you have applied for.

Shortlisting

Senior members of staff will shortlist applications for interview.  They will receive all information supplied at that time.

You may be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you may be asked to attend our office with original documents, we will take copies.
  • You may be asked to complete a criminal records declaration to declare any unspent convictions.
  • We may contact your referees, using the details you provide in your application, directly to obtain references.
  • We may ask you to complete a questionnaire about your health. This is to establish your fitness to work as well as for your well-being whilst on our premises.
  • If we make a final offer, we will also ask you for the following:
  • Bank details – to process salary payments.
  • Emergency contact details – so we know who to contact in case you have an emergency at work.
  • Information for your inclusion in our pension scheme. We use a data processor for this scheme.
  • Information for your optional inclusion in our private healthcare scheme, where you fit the eligibility criteria. We use a data processor for this scheme.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of 24 months.  If you say yes, we would proactively contact you should any further suitable vacancies arise.

We will process this data because the processing is necessary for the performance of our mutually agreed contract.

In relation to the special category data we hold about you we will process this in accordance with Article 9(2)(b) of the GDPR, i.e. that the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Youngest or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.

Where employment information is kept

  • HR data is kept securely in electronic and hard copy files.

How long is the information retained for?

  • If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment/engagement plus 6 years following the end of your employment/engagement. This includes your criminal records declaration, fitness to work, records of any security checks and references.
  • Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
  • Use of data processors
  • Data processors are third parties who necessarily provide elements of our internal practices. We have contracts in place with our data processors.  This means that they cannot do anything with your personal information unless we have instructed them to do it.  They will not share your personal information with any organisation apart from us.  They will hold it securely and retain it for the period we instruct.

Use of other third parties

Some third parties with whom we share your data are data controllers in their own right in which case they will have their own retention periods.

We have contracts with all third parties to ensure the security of your data that we share with them. 

Using our website

Usage Data

We may collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Ecoffee Cup will retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

Behavioural Remarketing

Ecoffee Cup (First person Ltd.)  uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google AdWords: Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

Facebook: Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

Others

There may be other individuals with whom we do business and for whom we hold personal data, such as those who work for supplier companies.  We process this information in accordance with our contracts with those organisations.

Updating your personal information

You can update your personal information at any time, and change your marketing preferences.  To do this please email us at web.customercare@ecoffeecup.eco.

Your Rights

Under current UK data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.

Individuals have the right to see the personal data held by Ecoffee Cup (a subject access request).  Once the person requesting the information has been identified the request will be carried out within one calendar month in a clear and easy to read way.  There are numerous and various exemptions to this right and each request will be dealt with on a case by case basis.

Individuals have the right to have their data rectified where it is incorrect or out of date.  Where a request for data rectification is made it will be dealt with in a similar way to a subject access request (SAR), i.e. within a strict time frame.

You also have the rights to (i) erasure and (ii) restriction and you can request that we remove your data or restrict the processing of it.

Your right to object to the processing of your data is an absolute right which will be dealt with immediately unless there are compelling grounds for us to continue the processing where appropriate.

You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Customers

If you are a customer, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors privacy policy and we ensure the protection of your data by having processing contracts in place with these organisations.  These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.  PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Links To Other Sites

Our  website may contain links to other sites that are not operated by us.  If you click on a third party link, you will be directed to that third party’s site.  We strongly advise you to review the Privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18.  If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us.  If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

This privacy policy was updated on 25th May 2018.  We reserve the right to update and alter this policy.

Contact Us

If you have any questions about this privacy policy, how we handle your data or wish to make a change to it, please contact us by email: web.customercare@ecoffeecup.eco