Costa Foundation respects your data and your privacy is important to us.
This Privacy Notice explains what personal data we collect and how it is used. This notice also explains what rights you have over your personal data and how you can use those rights.
You have the right to object to some of the processing which Costa Foundation carries out. More information about your rights and how to exercise these is set out in the “Your rights” section of this notice.
Costa Foundation’s registered office is Whitbread Court Houghton Hall, Business Park Porz Avenue, Dunstable, Bedfordshire, LU5 5XE.
- Summary of how we use your data and your rights
- Information we collect from you
- Information we receive from third parties
- How we use information and the legal basis
- Data sharing
- International transfers
- Cookies and similar technologies
- Data retention
- Your rights
- Contact details
- Which Costa entity is the controller?
Summary of how we use your data and your rights
We use your data to enable us to keep in touch with our communities and advise you of our events, including for research, feedback and enquiries, and for safety and security purposes.
We will use your data to comply with laws and regulations. We may use your data to prevent and detect crime, such as fraud.
You have the right to object to some of the processing Costa Foundation carries out. More information about your rights and how to exercise these is set out in the “Your rights” section of this notice.
When you give consent, you are able to withdraw that consent at any time, for instance by emailing [email protected]. You can also email [email protected] to exercise any other data rights, such as obtaining a copy of your data, correcting, deleting or restricting how we use your data. Please see “Your rights” for more information.
Costa Foundation is a charity supported by Costa Limited who are part of the Whitbread group of companies. For details of the group see “Data sharing”. Data is shared within the Whitbread group when Whitbread Group plc provides services including IT and legal support services to Costa Foundation.
Information we collect from you
We collect information when you, make enquiries to us or visit our website. This includes using our websites, joining our list of subscribers, or corresponding with us.
- We keep information you give us directly such as contact details (including name, email, address and telephone number), comments, date of birth, region, feedback, and opinions.
- We record and analyse web visits, and details of your E-learning (where applicable).
- If you engage with us online via our website our cookies and similar technologies will capture your IP address, your location, and record how you use the site to help improve it and improve your user experience, where your browser settings or permission allows for this.
- If you post information online about us or provide feedback, we may keep a record.
- If you contact us directly and complain or give feedback, we will record details and all related information such as emails, letters and phone calls.
Information we receive from third parties
We may receive your information from other people. This can happen when:
- You participate in social media exchanges, such as on Facebook, Twitter and Instagram
- We receive your information from Eventbrite UK Limited in relation to a charity event.
How we use information and the legal basis
We are allowed to use your data only if we have a proper reason to do so such as:
- When it is in our legitimate interest;
- When you consent to it; or
- To comply with the law.
A legitimate interest is when we have a business or commercial reason to use your data. This involves us making an assessment of when we can rely on our legitimate interests. For more information on this assessment please contact [email protected]
We have set out below how and why we may use your personal information and the legal basis we rely on. This is also where we tell you what our legitimate interests are.
To run our charitable activities and pursue our legitimate interests, we use your information.
Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, improving our site developing new initiatives to engage with our supporters, and telling you about them.
Further details of our legitimate interests:
To run and promote our charity, we use your information:
- To provide and improve our charitable endeavours, including fundraising activities, and to respond to you if you contact us.
- When we monitor our website, social media platforms such as Facebook, Twitter and Instagram and responses to email circulars. If you post comments online or in other media we may capture this information, contact you, and use it to improve our initiatives.
- To understand you better as a supporter by analysing information you provide to us or which we learn through your interactions with us.
We may, if you give us consent
- Send you electronic communications, in relation to our charitable endeavours and initiatives and inform you of how we have enhanced the communities we help across the world.
- Use data for other purposes where we explain that purpose when we ask for your consent.
When you give consent, you are able to withdraw that consent at any time by contacting us, for instance by emailing [email protected]. If you do so we can continue to use your data if another legal basis applies, such as when we’re required to do something by law.
When the law requires us to process your data we will do so. This can include
- Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
- When you exercise your rights under data protection legislation,
Costa Foundation shares data within the Whitbread group when Whitbread Group plc provide us with support, IT and other services.
For some activities Costa Foundation uses third party service providers, such as Graphite Digital Limited for website hosting and management. When these service providers ask for customer data for you we may share information with them,
We use third party providers for the following services:
- IT, support, maintenance and hosting, including the provision of website hosting; and
- Charities Trust for payments’ processing to enable you to provide donations by credit or debit card.
Personal data may be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
Personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes
We will not send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’).
Cookies and similar technologies
We keep your data to enable us to fulfil our contract with you or to provide services, whilst you are an active user of our site, where required by law, to respond to a question or complaint or to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or in our legitimate interests.
We always look to keep your data for the minimum time in line with data protection principles and our processes. For example, we keep:
- Records of donation information in line with tax law and audit requirements.
- Supporter feedback and correspondence with us, depending on the nature of the interaction and any applicable law, such as health and safety. This enables us to respond to any questions or complaints.
- Information to maintain records according to rules that apply to us.
Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes. We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons.
You have rights over your personal data.
- ask for a copy of your information;
- ask for information to be corrected;
- ask for information to be erased or deleted;
- ask for us to limit or restrict processing;
- object to us processing your data, in particular where we use the data for direct promotional purposes in relation to the Foundation. The right to object does not apply if we must process the data to meet a contractual or legal requirement;
- ask us to send you a copy in a structured digital format or ask for us to send it to another party.
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please see ‘Contact details’ below. To process a request from you, we may need to confirm your identity to ensure we’re accessing the right data.
You have a right to complain to an EU data protection authority. This can be where you live, work or where the matter occurred. In the UK, the authority is the Information Commissioner’s Office (the “ICO”).
To exercise any of your rights or to withdraw consent you can email: [email protected]
For any queries relating to data protection please contact [email protected] or by writing to them at Privacy Officer, Porz Avenue, Whitbread Court, Dunstable, Beds LU5 5XE.
If we make any changes or updates to this notice we will communicate these.
Which Costa entity is the controller?
The controller for your information is Costa Foundation, Whitbread Court Houghton Hall, Business Park Porz Avenue, Dunstable, Bedfordshire, LU5 5XE.
Thanks to you we've built 587 classrooms in 10 countries giving 78 coffee growing communities access to education
Your donations go towards funding projects in the
coffee-growing communities we are supporting.
To improve the life chances of boys and girls in coffee growing communities
by providing the opportunity of a safe, quality education.
You can increase the value of your donation by a whopping 25% by opting for Gift-Aid.